awk
awk 参数:
-F 指定分隔符
-v 修改变量
-F用法(取系统用户UID)
oldboy17:x:507:508::/home/oldboy17:/bin/bash
oldboy18:x:508:509::/home/oldboy18:/bin/bash
oldboy19:x:509:510::/home/oldboy19:/bin/bash
oldboy20:x:510:511::/home/oldboy20:/bin/bash
nginx:x:497:497:Nginx web server:/var/lib/nginx:/sbin/nologin
[root@VM_0_16_centos data]# awk -F'[ :]+' '{print $3}' /etc/passwd
0
1
2
3
4
命令: awk -F’[ :]+’ ‘{print $3}’ /etc/passwd
同时指定空格和:作为分隔符 {print $3} 取第三列
awk取出包含Failed的行
Mar 21 18:45:37 VM_0_16_centos sshd[5800]: Failed password for root from 43.241.50.87 port 38143 ssh2
Mar 21 18:45:39 VM_0_16_centos sshd[5802]: Failed password for root from 43.241.50.87 port 39843 ssh2
Mar 21 18:45:42 VM_0_16_centos sshd[5806]: Failed password for root from 43.241.50.87 port 41004 ssh2
Mar 21 18:50:09 VM_0_16_centos sshd[6172]: Failed password for invalid user weblogic from 222.134.218.166 port 51352 ssh2
[root@VM_0_16_centos /]# awk /Failed/ /var/log/secure
awk的替换
awk '{gsub(/Failed/,"ok")};{print $1}' /var/log/secure
awk的正则使用(以Mar卡头的行)
awk '$1~/^Mar/' secure
sed
-i 修改文件内容
-n 取消默认输出
-r 使用扩展正则
sed 替换
[root@VM_0_16_centos data]# sed -r "s#:#\t#g" /etc/passwd
root x 0 0 root /root /bin/bash
bin x 1 1 bin /bin /sbin/nologin
daemon x 2 2 daemon /sbin /sbin/nologin
adm x 3 4 adm /var/adm /sbin/nologin
lp x 4 7 lp /var/spool/lpd /sbin/nologin
取行
[root@VM_0_16_centos data]# sed -n '1p' /etc/passwd <---取出第一行
root:x:0:0:root:/root:/bin/bash
[root@VM_0_16_centos data]# sed -n '1,5p' /etc/passwd <--一到五行
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sed '2,5d' <----删除2-5行
举例:(假设我们有一文件名为ab)
删除某行
[root@localhost ruby] # sed '1d' ab #删除第一行
[root@localhost ruby] # sed '$d' ab #删除最后一行
[root@localhost ruby] # sed '1,2d' ab #删除第一行到第二行
[root@localhost ruby] # sed '2,$d' ab #删除第二行到最后一行
显示某行
. [root@localhost ruby] # sed -n '1p' ab #显示第一行
[root@localhost ruby] # sed -n '$p' ab #显示最后一行
包含某个单词的一行
[root@VM_0_16_centos data]# sed -n '/root/p' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
sed 在文件第一行追加
[root@VM_0_16_centos data]# sed -i '1i\dkyun' ceshi.txt
[root@VM_0_16_centos data]# cat ceshi.txt
dkyun
aaaaaa
bbbbbb
cccccc
企业面试题:批量添加十个用户,并设置随机密码
用户名:sr 并且将用户名和对应的密码显示出
echo sr{1..3}|xargs -n1|sed 's#.*#useradd &;ASD=`date +%N|md5sum|head -c10`;echo $ASD|passwd --stdin &;echo $ASD &#g'|bash
grep
参数
-v | 取反 |
---|---|
-o | 显示执行过程 |
-n | 显示行号 |
-w | 按单词进行查找 |
-e | 使用正则表达式 |
-i | 不区分大小写 |
用法
过滤/var/log/secure登录日志中的IP地址
[root@VM_0_16_centos /]# grep "222.134.218.166" /var/log/secure
Mar 21 18:50:07 VM_0_16_centos sshd[6172]: Invalid user weblogic from 222.134.218.166
Mar 21 18:50:07 VM_0_16_centos sshd[6172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.134.218.166
Mar 21 18:50:09 VM_0_16_centos sshd[6172]: Failed password for invalid user weblogic from 222.134.218.166 port 51352 ssh2
Mar 21 18:50:09 VM_0_16_centos sshd[6173]: Received disconnect from 222.134.218.166: 11: Normal Shutdown, Thank you for playing
-w 按单词进行查找
[root@VM_0_16_centos /]# grep -w "Failed" /var/log/secure
Mar 21 18:45:34 VM_0_16_centos sshd[5792]: Failed password for root from 43.241.50.87 port 37027 ssh2
Mar 21 18:45:37 VM_0_16_centos sshd[5800]: Failed password for root from 43.241.50.87 port 38143 ssh2
Mar 21 18:45:39 VM_0_16_centos sshd[5802]: Failed password for root from 43.241.50.87 port 39843 ssh2
Mar 21 18:45:42 VM_0_16_centos sshd[5806]: Failed password for root from 43.241.50.87 port 41004 ssh2
Mar 21 18:50:09 VM_0_16_centos sshd[6172]: Failed password for invalid user weblogic from 222.134.218.166 port 51352 ssh2
找出登录失败用户的IP地址
[root@VM_0_16_centos /]# grep -w "Failed" /var/log/secure|awk '{print $(NF-3)}'
43.241.50.87
43.241.50.87
43.241.50.87
43.241.50.87
43.241.50.87
43.241.50.87
43.241.50.87
43.241.50.87
43.241.50.87
222.134.218.166
print $(NF-3) 取出倒数第三行的这一列
[root@VM_0_16_centos /]# grep -w "Failed" /var/log/secure|awk '{print $(NF-3)}'|sort|uniq -c |sort -nr
104 43.241.50.87
1 222.134.218.166
sort 排序
uniq 去重 -c 显示整合的数字