grep [选项] '关键字' 文件名
从 /etc/passwd 文件中查找包含root的行
[root@centos7-1 /]# grep 'root' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
[root@centos7-1 /]#
从 /etc/passwd 文件中查看包含root的行在第几行
[root@centos7-1 /]# grep -n 'root' /etc/passwd
1:root:x:0:0:root:/root:/bin/bash
10:operator:x:11:0:operator:/root:/sbin/nologin
[root@centos7-1 /]#
从 /etc/passwd 文件中找出包含user行并显示行号,忽略大小写
[root@centos7-1 /]# grep -ni 'user' /etc/passwd
12:ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
16:polkitd:x:999:998:User for polkitd:/:/sbin/nologin
24:saslauth:x:994:76:Saslauthd user:/run/saslauthd:/sbin/nologin
25:qemu:x:107:107:qemu user:/:/sbin/nologin
26:radvd:x:75:75:radvd user:/:/sbin/nologin
29:tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
30:usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
32:saned:x:993:987:SANE scanner daemon user:/usr/share/sane:/sbin/nologin
34:colord:x:991:985:User for colord:/var/lib/colord:/sbin/nologin
36:geoclue:x:990:984:User for geoclue:/var/lib/geoclue:/sbin/nologin
38:sssd:x:989:983:User for sssd:/:/sbin/nologin
39:rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
40:nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
[root@centos7-1 /]#
从 /etc/passwd 文件找出以root开头的行
[root@centos7-1 /]# grep '^root' /etc/passwd
root:x:0:0:root:/root:/bin/bash
[root@centos7-1 /]#
从 /etc/passwd 文件中找出以bash结尾的行
[root@centos7-1 /]# grep 'bash$' /etc/passwd
root:x:0:0:root:/root:/bin/bash
redrose2100:x:1000:1000:redrose2100:/home/redrose2100:/bin/bash
[root@centos7-1 /]#
从 /etc/passwd 文件中找出不以root开头的行
[root@centos7-1 /]# grep -v '^root' /etc/passwd
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
gluster:x:997:993:GlusterFS daemons:/run/gluster:/sbin/nologin
libstoragemgmt:x:996:992:daemon account for libstoragemgmt:/var/run/lsm:/sbin/nologin
unbound:x:995:991:Unbound DNS resolver:/etc/unbound:/sbin/nologin
saslauth:x:994:76:Saslauthd user:/run/saslauthd:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
pulse:x:171:171:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
saned:x:993:987:SANE scanner daemon user:/usr/share/sane:/sbin/nologin
setroubleshoot:x:992:986::/var/lib/setroubleshoot:/sbin/nologin
colord:x:991:985:User for colord:/var/lib/colord:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
geoclue:x:990:984:User for geoclue:/var/lib/geoclue:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
sssd:x:989:983:User for sssd:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
gnome-initial-setup:x:988:982::/run/gnome-initial-setup/:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
redrose2100:x:1000:1000:redrose2100:/home/redrose2100:/bin/bash
[root@centos7-1 /]#
从 /etc/passwd 文件中找出以ftp开头的行以及它前面的三行
[root@centos7-1 /]# grep -B 3 '^ftp' /etc/passwd
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
[root@centos7-1 /]#
从 /etc/passwd 文件中找出以ftp开头的行以及它之后的三行
[root@centos7-1 /]# grep -A 3 '^ftp' /etc/passwd
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
[root@centos7-1 /]#
从 /etc/passwd 文件中找出以ftp开头的行以及它前后的三行
[root@centos7-1 /]# grep -C 3 '^ftp' /etc/passwd
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
[root@centos7-1 /]#
从 /etc/passwd 文件中找出带user单词的行,注意必须是user单词,如果是单词中含有user是不符合要求的。
如下,可以看出通过-w参数即可以做到按照单词来筛选。
[root@centos7-1 /]# grep 'user' /etc/passwd
saslauth:x:994:76:Saslauthd user:/run/saslauthd:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
saned:x:993:987:SANE scanner daemon user:/usr/share/sane:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
[root@centos7-1 /]#
[root@centos7-1 /]# grep -w 'user' /etc/passwd
saslauth:x:994:76:Saslauthd user:/run/saslauthd:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
saned:x:993:987:SANE scanner daemon user:/usr/share/sane:/sbin/nologin
[root@centos7-1 /]#
从 /etc/passwd 文件中统计出现root的行数,如下,使用-c参数即可
[root@centos7-1 /]# grep 'root' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
[root@centos7-1 /]#
[root@centos7-1 /]#
[root@centos7-1 /]# grep -c 'root' /etc/passwd
2
[root@centos7-1 /]#
在 /etc 目录下递归的查找所有含有username的文件即所在的行的内容
[root@centos7-1 /]# grep -r 'username' /etc
/etc/security/chroot.conf:# username_regex chroot_dir
/etc/sasl2/qemu-kvm.conf:# Default to a simple username+password mechanism
/etc/sasl2/qemu-kvm.conf:# If using digest-md5 for username/passwds, then this is the file
/etc/sasl2/qemu-kvm.conf:# containing the passwds. Use 'saslpasswd2 -a qemu [username]'
/etc/sasl2/libvirt.conf:# 'scram-sha-1' plugin allows plain username/password authentication
/etc/sasl2/libvirt.conf:# If using scram-sha-1 for username/passwds, then this is the file
/etc/sasl2/libvirt.conf:# containing the passwds. Use 'saslpasswd2 -a libvirt [username]'
/etc/vmware-tools/tools.conf.example:# /var/log/vmware-<servicename>-<username>.log
/etc/postfix/main.cf:# In the left-hand side, specify a bare username, an @domain.tld
/etc/postfix/main.cf:# username->Firstname.Lastname mapping.
/etc/postfix/main.cf:# Other environment variables of interest: USER (recipient username),
/etc/postfix/main.cf:# username), $shell (recipient shell), $home (recipient home directory),
/etc/postfix/virtual:# own user name space. Local (i.e. non-virtual) usernames
/etc/iscsi/iscsid.conf:# To set a CHAP username and password for initiator
/etc/iscsi/iscsid.conf:#node.session.auth.username = username
/etc/iscsi/iscsid.conf:# To set a CHAP username and password for target(s)
/etc/iscsi/iscsid.conf:#node.session.auth.username_in = username_in
/etc/iscsi/iscsid.conf:# To set a discovery session CHAP username and password for the initiator
/etc/iscsi/iscsid.conf:#discovery.sendtargets.auth.username = username
/etc/iscsi/iscsid.conf:# To set a discovery session CHAP username and password for target(s)
/etc/iscsi/iscsid.conf:#discovery.sendtargets.auth.username_in = username_in
/etc/wgetrc:#header = From: Your Name <username@site.domain>
/etc/libreport/events.d/abrt_event.conf:# Record username only if uid element is present:
/etc/libreport/events.d/abrt_event.conf: if [ -f uid ]; then getent passwd "`cat uid`" | cut -d: -f1 >username; fi
/etc/libreport/plugins/mantisbt_format.conf: -username,-hostname,-os_release,-os_info,\
/etc/libreport/plugins/mantisbt_format_analyzer_libreport.conf: -username,-hostname,-os_release,-os_info,\
/etc/libreport/plugins/mantisbt_formatdup.conf: -username,-hostname,-os_release,-os_info,\
/etc/libreport/plugins/mantisbt_formatdup_analyzer_libreport.conf: -username,-hostname,-os_release,-os_info,\
/etc/libreport/plugins/bugzilla_format.conf: -username,-hostname,-os_release,-os_info,\
/etc/libreport/plugins/bugzilla_format_libreport.conf: -username,-hostname,-os_release,-os_info,\
/etc/libreport/plugins/bugzilla_formatdup.conf: -username,-hostname,-os_release,-os_info,\
/etc/libreport/plugins/bugzilla_format_anaconda.conf: -username,-hostname,-os_release,-last_occurrence,-ureports_counter,\
/etc/libreport/plugins/bugzilla_formatdup_anaconda.conf: -username,-hostname,-os_release,-last_occurrence,-ureports_counter,\
/etc/libreport/plugins/ureport.conf:# Use username and password:
/etc/libreport/plugins/ureport.conf:# HTTPAuth = username:password
/etc/libreport/forbidden_words.conf:username
/etc/dnsmasq.conf:#dhcp-option=encap:175, 190, user # iSCSI username
/etc/libvirt/libvirtd.conf:# A whitelist of allowed SASL usernames. The format for username
/etc/libvirt/libvirtd.conf:# depends on the SASL authentication mechanism. Kerberos usernames
/etc/libvirt/libvirtd.conf:# look like username@REALM
/etc/libvirt/libvirtd.conf:#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]
/etc/GeoIP.conf:# ProxyUserPassword username:password
[root@centos7-1 /]#
查找 /etc/ 目录下所有含有username的文件
[root@centos7-1 /]# grep -rl 'username' /etc
/etc/security/chroot.conf
/etc/sasl2/qemu-kvm.conf
/etc/sasl2/libvirt.conf
/etc/vmware-tools/tools.conf.example
/etc/postfix/main.cf
/etc/postfix/virtual
/etc/iscsi/iscsid.conf
/etc/wgetrc
/etc/libreport/events.d/abrt_event.conf
/etc/libreport/plugins/mantisbt_format.conf
/etc/libreport/plugins/mantisbt_format_analyzer_libreport.conf
/etc/libreport/plugins/mantisbt_formatdup.conf
/etc/libreport/plugins/mantisbt_formatdup_analyzer_libreport.conf
/etc/libreport/plugins/bugzilla_format.conf
/etc/libreport/plugins/bugzilla_format_libreport.conf
/etc/libreport/plugins/bugzilla_formatdup.conf
/etc/libreport/plugins/bugzilla_format_anaconda.conf
/etc/libreport/plugins/bugzilla_formatdup_anaconda.conf
/etc/libreport/plugins/ureport.conf
/etc/libreport/forbidden_words.conf
/etc/dnsmasq.conf
/etc/libvirt/libvirtd.conf
/etc/GeoIP.conf
[root@centos7-1 /]#
查找 /etc/ 目录下所有不含有username的文件
grep -rL 'username' /etc