正则:一串有规律的字符串
grep命令
grep可以实现的,egrep都可以实现。
grep [-cinvrABC] 'word' filename【自带color选项】
#无任何选项 [root@chy002 tmp]# grep 'root' passwd.txt root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin
-c 行数
[root@chy002 tmp]# grep -c 'root' passwd.txt 2
-i 不区分大小写
[root@chy002 tmp]# grep -i 'root' passwd.txt ROOt ROOT root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin
-n 显示行号
[root@chy002 tmp]# grep -in 'root' passwd.txt 1:ROOt 2:ROOT 3:root:x:0:0:root:/root:/bin/bash 12:operator:x:11:0:operator:/root:/sbin/nologin
-v 取反
#不带nologin行过滤 [root@chy002 tmp]# grep -vni 'nologin' passwd.txt 1:ROOt 2:ROOT 3:root:x:0:0:root:/root:/bin/bash 8:sync:x:5:0:sync:/sbin:/bin/sync 9:shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown 10:halt:x:7:0:halt:/sbin:/sbin/halt 22:chy002:x:1000:1000::/home/chy002:/bin/bash 23:user:x:1001:1001::/home/user:/bin/bash 24:user1:x:1002:1006::/home/user1:/bin/bash 25:user2:x:1004:1002::/home/user2:/bin/bash 26:user3:x:1005:1002::/tmp/user3:/bin/bash 27:user4:x:1009:1006::/home/user5:/bin/bash
-r 遍历所有子目录
[root@chy002 tmp]# grep -in 'root' /tmp/ grep: /tmp/: 是一个目录 [root@chy002 tmp]# grep -rin 'root' /tmp/ /tmp/123.txt:1:root:x:0:0:root:/root:/bin/bash /tmp/123.txt:10:operator:x:11:0:operator:/root:/sbin/nologin /tmp/321.txt:1:root:x:0:0:root:/root:/bin/bash /tmp/321.txt:10:operator:x:11:0:operator:/root:/sbin/nologin /tmp/passwd.txt:1:ROOt /tmp/passwd.txt:2:ROOT /tmp/passwd.txt:3:root:x:0:0:root:/root:/bin/bash /tmp/passwd.txt:12:operator:x:11:0:operator:/root:/sbin/nologin ... ...
-A 后面跟数字过滤出符合要求的行以及下面n行
[root@chy002 tmp]# grep -nA2 'root' passwd.txt 3:root:x:0:0:root:/root:/bin/bash 4-bin:x:1:1:bin:/bin:/sbin/nologin 5-daemon:x:2:2:daemon:/sbin:/sbin/nologin -- 12:operator:x:11:0:operator:/root:/sbin/nologin 13-games:x:12:100:games:/usr/games:/sbin/nologin 14-ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
-B 过滤出符合要求的行及上面的n行
-C 同时过滤出符合要求的行及上下各n行
[0-9a-zA-Z]
[root@chy002 tmp]# grep -nv '[0-9]' passwd.txt 1:ROOt 2:ROOT
[^] 非的意思
#匹配非小写字母开头的行 [root@chy002 tmp]# grep -n '^[^a-z]' passwd.txt 1:ROOt 2:ROOT
[^$] 空行
#去除文本中的空行 [root@chy002 tmp]# grep -nv '^$' 1.txt 1:sadf 2:123 4:qwe123 6:Q2
o*o 表示*号左边的字符重复0-n次,一定匹配右边一个字符o
[root@chy002 tmp]# grep -n 'r*o' passwd.txt 2:roooooo 3:ro 8:root:x:0:0:root:/root:/bin/bash 9:bin:x:1:1:bin:/bin:/sbin/nologin 10:daemon:x:2:2:daemon:/sbin:/sbin/nologin ... ...
r.o r和o中间任意一个字符,必须有一个
[root@chy002 tmp]# grep -n 'r.o' passwd.txt 2:roooooo 8:root:x:0:0:root:/root:/bin/bash 17:operator:x:11:0:operator:/root:/sbin/nologin
.* 匹配全部,包含所有字符及空行
{ } 花括号,使用egrep或者 -E 可以不使用脱义符号
[root@chy002 tmp]# grep 'o{2}' passwd.txt o{2} [root@chy002 tmp]# grep 'o{2}' passwd.txt roooooo root:x:0:0:root:/root:/bin/bash lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin
o+b b前面1次或者多次o,必须b紧挨着o,加号还是需要脱义,可以使用egrep 或 -E
[root@chy002 tmp]# grep 'o+t' passwd.txt root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin
o?b b前面o重复次数0或者1,只要有一个b就能匹配
[root@chyuanliu-01 tmp]# grep 'o?b' 123.txt robt ro123bt roobt roobbt robobt rbt orbt
| 或者符号
[root@chyuanliu-01 tmp]# grep 'root|nologin' passwd.txt root:x:0:0:root:/root:/bin/bash lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin
sed命令
sed关键在于替换,与grep匹配最主要的区别在于能对匹配的字符进行删除更改等操作,无color选项。
匹配打印指定行,-n 只打印符合规则,p打印
[root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -n '10'p text.txt operator:x:11:0:operator:/root:/sbin/nologin [root@izbp1gcpbwpui5pfbnjbhyz awk]# wc -l text.txt 28 text.txt [root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -n '10,14'p text.txt operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologin [root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -n '/root/'p text.txt root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin
不区分大小写进行打印,I 不区分大小写
[root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -n '/root/'Ip text.txt root:x:0:0:root:/root:/bin/bash ROOT: operator:x:11:0:operator:/root:/sbin/nologin
|或者
[root@localhost tmp]# sed -nr '/root|home/'p passwd #root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin mysql:x:1000:1000::/home/mysql:/bin/bash php-fpm:x:1001:1001::/home/php-fpm:/sbin/nologin user:x:1002:1002::/home/user:/bin/bash
同时执行多个任务,-e 同时执行
[root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -e '/root/'Ip -e'/ftp/'p -n text.txt root:x:0:0:root:/root:/bin/bash ROOT: operator:x:11:0:operator:/root:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
[root@localhost tmp]# sed -e '1'p -e '/home/'p -n passwd #root:x:0:0:root:/root:/bin/bash mysql:x:1000:1000::/home/mysql:/bin/bash php-fpm:x:1001:1001::/home/php-fpm:/sbin/nologin user:x:1002:1002::/home/user:/bin/bash [root@localhost tmp]# sed -e '1'p -e '/root/'p -n passwd #root:x:0:0:root:/root:/bin/bash #root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin
打印全部,1,$
[root@localhost tmp]# sed -n '1,$'p passwd #root:x:0:0:root:/root:/bin/bash #bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sb .......
脱意 -r 不识别 +|{}()
[root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -n '/ro+/'p text.txt root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin systemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin chrony:x:997:995::/var/lib/chrony:/sbin/nologin
[root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -n '/ro+/'p text.txt [root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -nr '/ro+/'p text.txt root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin systemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin chrony:x:997:995::/var/lib/chrony:/sbin/nologin
打印某行到某行之间
[root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -n '/mysql/,/admin/'p text.txt mysql:x:1001:1001::/home/mysql:/sbin/nologin www:x:1002:1002::/home/www:/bin/bash admin:x:1003:1003::/home/admin:/bin/bash
删除指定行,不会在原文件上修改,若需要修改要加 -i 选项
[root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -e '/www/'d -e '/mysql/'d text.txt ... ... tcpdump:x:72:72::/:/sbin/nologin admin:x:1003:1003::/home/admin:/bin/bash chyuanliuNJ:x:1004:1004::/home/chyuanliuNJ:/bin/bash #删除含有www 和 mysql的行,如果加上-n不会输出任何东西,因为-n只打印命令中的指令
替换,选项s 为替换 g 为全局。也可以作为删除选项
[root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -n '27,28s/www/WWW/g'p text.txt WWW:x:1002:1002::/home/WWW:/bin/bash [root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -n '27,28s/[0-9]//g'p text.txt www:x::::/home/www:/bin/bash admin:x::::/home/admin:/bin/bash
如果遇到多斜杠替换,可以把sed的斜杠操作符换成#等等
#替换test.txt中 ‘/sbin/nologin’ 为 ‘/bin/login’ [root@chyuanliuNJ awk]# sed -n '5,8s#sbin/nologin#bin/login#g'p text.txt bin:x:1:1:bin:/bin:/bin/login bin:x:1:1:bin:/bin:/bin/login
调换位置,下面的 1可以换成&,&确切含义是前一对/ /内全部内容
[root@localhost tmp]# head -2 passwd |sed -nr 's/(.*)/chyuanliu:&/'p chyuanliu:#root:x:0:0:root:/root:/bin/bash chyuanliu:#bin:x:1:1:bin:/bin:/sbin/nologin
#在每行之前加字符 [root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -nr '1,2s/(.*)/chyuanliu:1/'p text.txt chyuanliu:root:x:0:0:root:/root:/bin/bash chyuanliu:ROOT: #在每行最后加字符 [root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -nr '1,2s/(.*)/1chyuanliu:/'p text.txt root:x:0:0:root:/root:/bin/bashchyuanliu: ROOT:chyuanliu:
#调换第一项和最后一项 [root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -nr '18,20'p text.txt polkitd:x:998:997:User for polkitd:/:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin [root@izbp1gcpbwpui5pfbnjbhyz awk]# sed -nr '18,20s/([^:]+):(.*):([^:]+)/3:2:1/'p text.txt /sbin/nologin:x:998:997:User for polkitd:/:polkitd /sbin/nologin:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:tss /sbin/nologin:x:74:74:Privilege-separated SSH:/var/empty/sshd:sshd
awk命令
可以分段操作,不能更改文件内容。可用正则符号,不用脱意
截取文档中某段,-F指定分隔符
[root@izbp1gcpbwpui5pfbnjbhyz awk]# tail -n5 text.txt | awk -F ':' '{print $1}' tcpdump mysql www admin chyuanliuNJ [root@izbp1gcpbwpui5pfbnjbhyz awk]# tail -n5 text.txt | awk -F ':' '{print $0}' tcpdump:x:72:72::/:/sbin/nologin mysql:x:1001:1001::/home/mysql:/sbin/nologin www:x:1002:1002::/home/www:/bin/bash admin:x:1003:1003::/home/admin:/bin/bash chyuanliuNJ:x:1004:1004::/home/chyuanliuNJ:/bin/bash
截取并自定义输出链接符,定义的链接符写着输出前
[root@izbp1gcpbwpui5pfbnjbhyz awk]# tail -n5 text.txt | awk -F ':' '{print $1,$2,$3}' tcpdump x 72 mysql x 1001 www x 1002 admin x 1003 chyuanliuNJ x 1004 [root@izbp1gcpbwpui5pfbnjbhyz awk]# tail -n5 text.txt | awk -F ':' '{OFS="#"} {print $1,$2,$3}' tcpdump#x#72 mysql#x#1001 www#x#1002 admin#x#1003 chyuanliuNJ#x#1004
[root@chyuanliuNJ awk]# awk -F ":" '{print $1"#"$2}' text.txt root#x root#x ROOT#x ROOT#x ... ...
针对某个字段匹配
#全文匹配 [root@izbp1gcpbwpui5pfbnjbhyz awk]# head -n10 text.txt | awk '/oo+/' root:x:0:0:root:/root:/bin/bash lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin mail:x:8:12:mail:/var/spool/mail:/sbin/nologin #只针对第五段进行匹配 [root@izbp1gcpbwpui5pfbnjbhyz awk]# head -n10 text.txt | awk -F ':' '$5 ~ /oo+/' root:x:0:0:root:/root:/bin/bash
[root@izbp1gcpbwpui5pfbnjbhyz awk]# awk -F ':' '/root/ {print $1,$3}; $1 ~/admin/ {print "Sec!!"$0}; $3 ~/5/ {print "Thri!!"$0}' text.txt root 0 Thri!!sync:x:5:0:sync:/sbin:/bin/sync operator 11 Thri!!tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin Sec!!admin:x:1003:1003::/home/admin:/bin/bash
条件操作符
#与ASCII字符比较 [root@izbp1gcpbwpui5pfbnjbhyz awk]# head -n10 text.txt | awk -F ':' '$3>"5"' shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin #与数字大小比较 [root@izbp1gcpbwpui5pfbnjbhyz awk]# head -n10 text.txt | awk -F ':' '$3>5' ROOT:x:23 shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
[root@izbp1gcpbwpui5pfbnjbhyz awk]# head -n10 text.txt | awk -F ':' '$3>5 && $3<7' shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown [root@izbp1gcpbwpui5pfbnjbhyz awk]# head -n10 text.txt | awk -F ':' '$3>1 && $7=="/sbin/nologin"' daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
[root@chyuanliuNJ awk]# awk -F ':' '{OFS="#"}{if($3>1000){print $1,$2,$3,$4} }' text.txt mysql#x#1001#1001 mysql#x#1001#1001 www#x#1002#1002 www#x#1002#1002 admin#x#1003#1003 admin#x#1003#1003 chyuanliuNJ#x#1004#1004 chyuanliuNJ#x#1004#1004 [root@chyuanliuNJ awk]# awk -F ':' '{OFS="#"} $3>1000 {print $1,$2,$3,$4}' text.txt mysql#x#1001#1001 mysql#x#1001#1001 www#x#1002#1002 www#x#1002#1002 admin#x#1003#1003 admin#x#1003#1003 chyuanliuNJ#x#1004#1004 chyuanliuNJ#x#1004#1004
#针对数字的比较,加双引号是ASCII码比较,不加是纯数字比较 [root@localhost tmp]# awk -F ':' '{OFS=","} $3>=1000 {print $1,$2,$3}' passwd mysql,x,1000 php-fpm,x,1001 user,x,1002 [root@localhost tmp]# awk -F ':' '{OFS=","} $3>="1000" {print $1,$2,$3}' passwd daemon,x,2 adm,x,3 lp,x,4 sync,x,5 shutdown,x,6 ... ...
[root@localhost tmp]# awk -F ':' ' $7!="/sbin/nologin" {print $0}' passwd 1#root:x:0:0:root:/root:/bin/bash sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt ooooooooooooooo mysql:x:1000:1000::/home/mysql:/bin/bash user:x:1002:1002::/home/user:/bin/bash
awk内置变量 。NF(段数)NR(行数)
[root@izbp1gcpbwpui5pfbnjbhyz awk]# head -n5 text.txt | awk -F ':' '{print NR}' 1 2 3 4 5 [root@izbp1gcpbwpui5pfbnjbhyz awk]# head -n5 text.txt | awk -F ':' '{print $NR,$NF}' root /bin/bash x 23 1 /sbin/nologin 2 /sbin/nologin adm /sbin/nologin [root@izbp1gcpbwpui5pfbnjbhyz awk]# head -n5 text.txt | awk -F ':' '{print NR,NF}' 1 7 2 3 3 7 4 7 5 79 [root@izbp1gcpbwpui5pfbnjbhyz awk]# awk 'NR>26' text.txt www:x:1002:1002::/home/www:/bin/bash admin:x:1003:1003::/home/admin:/bin/bash chyuanliuNJ:x:1004:1004::/home/chyuanliuNJ:/bin/bash [root@izbp1gcpbwpui5pfbnjbhyz awk]# head -n10 text.txt | awk -F ':' 'NR>=6 && NR<=10 {print NR":"$0}' 6:lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin 7:sync:x:5:0:sync:/sbin:/bin/sync 8:shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown 9:halt:x:7:0:halt:/sbin:/sbin/halt 10:mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
计算操作
[root@izbp1gcpbwpui5pfbnjbhyz awk]# head -n5 text.txt | awk -F ':' '$1=10 {print $0}' 10 x 0 0 root /root /bin/bash 10 x 23 10 x 1 1 bin /bin /sbin/nologin 10 x 2 2 daemon /sbin /sbin/nologin 10 x 3 4 adm /var/adm /sbin/nologin [root@izbp1gcpbwpui5pfbnjbhyz awk]# head -n5 text.txt | awk -F ':' '{OFS="##"} {$7=$3+$4} {print $0}' root##x##0##0##root##/root##0 ROOT##x##23########23 bin##x##1##1##bin##/bin##2 daemon##x##2##2##daemon##/sbin##4 adm##x##3##4##adm##/var/adm##7
条件关系
[root@izbp1gcpbwpui5pfbnjbhyz awk]# awk -F ':' '{(tmp=tmp+$3)}; END{print tmp}' text.txt 7832 [root@izbp1gcpbwpui5pfbnjbhyz awk]# awk -F ':' '{if($1=="root") print $0}' text.txt root:x:0:0:root:/root:/bin/bash