Linux之三剑客
LINUX之三剑客
本篇主要介绍linux下常用的增删改查工具:
- grep
- sed
- awk
grep是linux下一个强大的搜索工具,几乎操作linux的用户每天都会或多或少的用到grep命令,单一个功能再强大,也存在短板,grep最明显的短板就是不能对已知结果进行更改,因此sed和awk工具就弥补了grep的短板,有人习惯称grep,sed和awk并称为linux下三剑客,是体现了三个工具一个计算机工作者不可缺少的必备技能之一
♣grep的语法:
grep [-abcEFGhHilLnqrsvVwxy][-A<显示列数>][-B<显示列数>][-C<显示列数>][-d<进行动作>][-e<范本样式>][-f<范本文件>][--help][范本样式][文件或目录...]
grep参数使用:
因参数过多,个人将列举部分常用的参数
[root@aly-centos7 /]# ps -ef | grep nginx root 14475 14272 0 13:21 pts/0 00:00:00 grep --color=auto nginx [root@aly-centos7 /]# ps -ef | grep -c nginx 1
文件内容: [root@aly-centos7 /]# cat passwd1 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:998:997:User for polkitd:/:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin [root@aly-centos7 /]# cat passwd2 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin [root@aly-centos7 /]#cat passwd3 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin 过滤结果: [root@aly-centos7 /]# cat passwd1 | grep -f passwd2 | grep -f passwd3 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin [root@aly-centos7 /]# 最后结果显示三个文件相同的部分
[root@aly-centos7 /]# cat passwd2 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin [root@aly-centos7 /]# cat passwd3 bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin root,root root123 [root@aly-centos7 /]# grep -n "root" passwd2 1:root:x:0:0:root:/root:/bin/bash 10:operator:x:11:0:operator:/root:/sbin/nologin [root@aly-centos7 /]# grep -n "root" passwd2 passwd3 passwd2:1:root:x:0:0:root:/root:/bin/bash passwd2:10:operator:x:11:0:operator:/root:/sbin/nologin passwd3:1:root:x:0:0:root:/root:/bin/bash passwd3:5:operator:x:11:0:operator:/root:/sbin/nologin passwd3:6:root,root passwd3:7:root123 [root@aly-centos7 /]#
[root@aly-centos7 /]# grep "^r" passwd3 #查找指定字符开头 root:x:0:0:root:/root:/bin/bash root,root root123 [root@aly-centos7 /]# grep "^[^r]" passwd3 #查找非指定字符开头 bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin [root@aly-centos7 /]# grep "n$" passwd3 #查找指定结尾 bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin [root@aly-centos7 /]#
[root@aly-centos7 /]#cat qq.log | grep -c "[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" 130205
[root@aly-centos7 /]# grep -r -n "root" /etc/ /etc/logrotate.d/ppp:9: create 0600 root root /etc/logrotate.d/mysql:9:# In case the root user has a password, then you /etc/logrotate.d/mysql:10:# have to create a /root/.my.cnf configuration file /etc/logrotate.d/mysql:15:# user= root /etc/logrotate.d/mysql:19:# ATTENTION: The /root/.my.cnf file should be readable /etc/logrotate.d/mysql:20:# _ONLY_ by root ! /etc/logrotate.d/mysql-mmm:8: create 640 root adm /etc/logrotate.d/wpa_supplicant:5: create 0600 root root /etc/logrotate.d/yum:6: create 0600 root root /etc/rsyncd.conf:9:# use chroot = yes /etc/statetab:5:# See $STATE_LABEL in /etc/sysconfig/readonly-root /etc/statetab:9:# /root /etc/group:1:root:x:0: /etc/group:49:dockerroot:x:991: /etc/passwd-:1:root:x:0:0:root:/root:/bin/bash /etc/passwd-:10:operator:x:11:0:operator:/root:/sbin/nologin Binary file /etc/aliases.db matches /etc/mime.types:351:application/vnd.cyan.dean.root+xml /etc/mime.types:382:application/vnd.dvb.notif-aggregate-root+xml
grep用于常规的查询操作固然方便,但是最大的弊端就是查出来不能增删改,导致如果是写一些脚本就会很不方便,这个时候就需要sed和awk这样的工具来实现。
♣sed的使用:
因参数过多,个人将列举部分常用的参数
- a :新增, a 的后面可以接字串,而这些字串会在新的一行出现(目前的下一行)~
- c :取代, c 的后面可以接字串,这些字串可以取代 n1,n2 之间的行!
- d :删除,因为是删除啊,所以 d 后面通常不接任何咚咚;
- i :插入, i 的后面可以接字串,而这些字串会在新的一行出现(目前的上一行);
- p :打印,亦即将某个选择的数据印出。通常 p 会与参数 sed -n 一起运行~
- s :取代,可以直接进行取代的工作哩!通常这个 s 的动作可以搭配正规表示法!例如 1,20s/old/new/g
sed的工作流程:
1:sed默认不编辑原文件,而是逐行操作,复制一份到指定内存(pattern space,模式空间)
2:pattern space内进行模式匹配,即和指定条件做匹配
不满足模式:输出到标准输出STDOUT
满足模式:进行指定的模式操作,再输出到STDOUT
3:第二个特殊的内存空间 :保持空间(hold space),临时保存操作在另一处内存
4:当执行pattern space和 hold space相关选项时候会进行之间的数据流编辑操作
5:最后根据操作执行hold space空间操作,选择性显示到STDOUT
查询:
[root@aly-centos7 /]# sed -n '1,5{/^root/p}' passwd2 root:x:0:0:root:/root:/bin/bash [root@aly-centos7 /]#
[root@aly-centos7 /]# cat passwd3 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin root,root root123 [root@aly-centos7 /]# sed -n '/3/,$p' passwd3 #显示第一次匹配到的3到最行一行输出 adm:x:3:4:adm:/var/adm:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin root,root root123 [root@aly-centos7 /]# sed -n '/3/,+1p' passwd3#显示第一次匹配到的3到向下1行输出 adm:x:3:4:adm:/var/adm:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin root123 [root@aly-centos7 /]#
[root@aly-centos7 /]# cat passwd2 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin [root@aly-centos7 /]# sed '1!G;h;$!d' passwd2 #逆向排序 operator:x:11:0:operator:/root:/sbin/nologin mail:x:8:12:mail:/var/spool/mail:/sbin/nologin halt:x:7:0:halt:/sbin:/sbin/halt shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown sync:x:5:0:sync:/sbin:/bin/sync lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin bin:x:1:1:bin:/bin:/sbin/nologin root:x:0:0:root:/root:/bin/bash [root@aly-centos7 /]#
operator:x:11:0:operator:/root:/sbin/nologin [root@aly-centos7 /]# [root@aly-centos7 /]# cat passwd2 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin [root@aly-centos7 /]# sed '=' passwd2 #不屏蔽空行 1 root:x:0:0:root:/root:/bin/bash 2 bin:x:1:1:bin:/bin:/sbin/nologin 3 daemon:x:2:2:daemon:/sbin:/sbin/nologin 4 adm:x:3:4:adm:/var/adm:/sbin/nologin 5 lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin 6 sync:x:5:0:sync:/sbin:/bin/sync 7 shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown 8 halt:x:7:0:halt:/sbin:/sbin/halt 9 mail:x:8:12:mail:/var/spool/mail:/sbin/nologin 10 11 12 operator:x:11:0:operator:/root:/sbin/nologin [root@aly-centos7 /]# sed '/./=' passwd2 #屏蔽空行 1 root:x:0:0:root:/root:/bin/bash 2 bin:x:1:1:bin:/bin:/sbin/nologin 3 daemon:x:2:2:daemon:/sbin:/sbin/nologin 4 adm:x:3:4:adm:/var/adm:/sbin/nologin 5 lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin 6 sync:x:5:0:sync:/sbin:/bin/sync 7 shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown 8 halt:x:7:0:halt:/sbin:/sbin/halt 9 mail:x:8:12:mail:/var/spool/mail:/sbin/nologin 12 operator:x:11:0:operator:/root:/sbin/nologin
[root@aly-centos7 /]# grep -n "" passwd3 1:root:x:0:0:root:/root:/bin/bash 2:bin:x:1:1:bin:/bin:/sbin/nologin 3:daemon:x:2:2:daemon:/sbin:/sbin/nologin 4:adm:x:3:4:adm:/var/adm:/sbin/nologin 5:operator:x:11:0:operator:/root:/sbin/nologin 6:root,root 7:root123 [root@aly-centos7 /]# sed -n '$=' passwd3 7 [root@aly-centos7 /]#
[root@aly-centos7 /]# grep -n "" passwd3 1:root:x:0:0:root:/root:/bin/bash 2:bin:x:1:1:bin:/bin:/sbin/nologin 3:daemon:x:2:2:daemon:/sbin:/sbin/nologin 4:adm:x:3:4:adm:/var/adm:/sbin/nologin 5:operator:x:11:0:operator:/root:/sbin/nologin 6:root,root 7:root123 [root@aly-centos7 /]# sed -n 'p;n' passwd3 #奇数行 root:x:0:0:root:/root:/bin/bash daemon:x:2:2:daemon:/sbin:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin root123 [root@aly-centos7 /]# sed -n '1~2p' passwd3 #奇数行 root:x:0:0:root:/root:/bin/bash daemon:x:2:2:daemon:/sbin:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin root123 [root@aly-centos7 /]# sed -n 'n;p' passwd3 #偶数行 bin:x:1:1:bin:/bin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin root,root [root@aly-centos7 /]# sed -n '2~2p' passwd3 #偶数行 bin:x:1:1:bin:/bin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin root,root [root@aly-centos7 /]#
[root@aly-centos7 /]# cat passwd2 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync %shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown $halt:x:7:0:halt:/sbin:/sbin/halt #$mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin 1234567890 9876543210 [root@aly-centos7 /]# sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//' passwd2 hsab/nib/:toor/:toor:0:0:x:toor nigolon/nibs/:nib/:nib:1:1:x:nib nigolon/nibs/:nibs/:nomead:2:2:x:nomead nigolon/nibs/:mda/rav/:mda:4:3:x:mda nigolon/nibs/:dpl/loops/rav/:pl:7:4:x:pl cnys/nib/:nibs/:cnys:0:5:x:cnys nwodtuhs/nibs/:nibs/:nwodtuhs:0:6:x:nwodtuhs% tlah/nibs/:nibs/:tlah:0:7:x:tlah$ nigolon/nibs/:liam/loops/rav/:liam:21:8:x:liam$# nigolon/nibs/:toor/:rotarepo:0:11:x:rotarepo 0987654321 0123456789 [root@aly-centos7 /]#
[root@aly-centos7 /]# cat passwd2 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync %shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown $halt:x:7:0:halt:/sbin:/sbin/halt #$mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin 1234567890 9876543210 [root@aly-centos7 /]# sed ':a;s/\B[0-9]\{3\}\>/,&/;ta' passwd2 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync %shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown $halt:x:7:0:halt:/sbin:/sbin/halt #$mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin 1,234,567,890 9,876,543,210 [root@aly-centos7 /]#
删除:
删除1-5行内容 [root@aly-centos7 /]# grep -n "" passwd2 | sed '1,5d' 6:sync:x:5:0:sync:/sbin:/bin/sync 7:%shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown 8:$halt:x:7:0:halt:/sbin:/sbin/halt 9:#$mail:x:8:12:mail:/var/spool/mail:/sbin/nologin 10: 11: 12:operator:x:11:0:operator:/root:/sbin/nologin 13:1234567890 14:9876543210 删除奇数行: [root@aly-centos7 /]# grep -n "" passwd2 | sed '1~2d' 2:bin:x:1:1:bin:/bin:/sbin/nologin 4:adm:x:3:4:adm:/var/adm:/sbin/nologin 6:sync:x:5:0:sync:/sbin:/bin/sync 8:$halt:x:7:0:halt:/sbin:/sbin/halt 10: 12:operator:x:11:0:operator:/root:/sbin/nologin 14:9876543210 删除空行 [root@aly-centos7 /]# grep -n "" passwd2 1:root:x:0:0:root:/root:/bin/bash 2:bin:x:1:1:bin:/bin:/sbin/nologin 3:daemon:x:2:2:daemon:/sbin:/sbin/nologin 4:adm:x:3:4:adm:/var/adm:/sbin/nologin 5:lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin 6:sync:x:5:0:sync:/sbin:/bin/sync 7:%shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown 8:$halt:x:7:0:halt:/sbin:/sbin/halt 9:#$mail:x:8:12:mail:/var/spool/mail:/sbin/nologin 10: 11: 12:operator:x:11:0:operator:/root:/sbin/nologin 13:1234567890 14:9876543210 [root@aly-centos7 /]# grep "" passwd2 | sed '/^$/d' root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync %shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown $halt:x:7:0:halt:/sbin:/sbin/halt #$mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin 1234567890 9876543210 [root@aly-centos7 /]#
修改:
将root全部替换成mysql [root@aly-centos7 /]# grep -n "" passwd3 1:root:x:0:0:root:/root:/bin/bash 2:bin:x:1:1:bin:/bin:/sbin/nologin 3:daemon:x:2:2:daemon:/sbin:/sbin/nologin 4:adm:x:3:4:adm:/var/adm:/sbin/nologin 5:operator:x:11:0:operator:/root:/sbin/nologin 6:root,root 7:root123 [root@aly-centos7 /]# sed 's/root/mysql/g' passwd3 mysql:x:0:0:mysql:/mysql:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin operator:x:11:0:operator:/mysql:/sbin/nologin mysql,mysql mysql123 把数字1全部替换成9 [root@aly-centos7 /]# sed 's/1/9/g' passwd3 root:x:0:0:root:/root:/bin/bash bin:x:9:9:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin operator:x:99:0:operator:/root:/sbin/nologin root,root root923 只替换行中未出现“sbin”字符的时候,将”root“替换成”nginx“ [root@aly-centos7 /]# sed '/sbin/!s/root/nginx/g' passwd3 nginx:x:0:0:nginx:/nginx:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin nginx,nginx nginx123 root:x:11:0:operator:/root:/sbin/nologin root1:x:11:0:operator:/root:/sbin/nologin root2:x:11:0:operator:/root:/sbin/nologin [root@aly-centos7 /]#
awk的使用:
在某些场景下,我们需要过滤方式希望是列来匹配,而不是sed的行来匹配,而且awk还可以嵌套for等循环去使用,拓展性强,当然awk也是最难的。
awk的常用命令选项:
- -F fs fs指定输入分隔符,fs可以是字符串或正则表达式,如-F:
- -v var=value 赋值一个用户定义变量,将外部变量传递给awk
- -f scripfile 从脚本文件中读取awk命令
- -m[fr] val 对val值设置内在限制,-mf选项限制分配给val的最大块数目;-mr选项限制记录的最大数目。这两个功能是Bell实验室版awk的扩展功能,在标准awk中不适用。
awk内置变量:
- FS 保存或设置分隔符,例如FS=",";
- $N 指定分隔符的第N个字段,例如$1,$5代表第一列和第三列;
- $0 当前读入整行的文本内容;
- NF 记录当前处理行的字段个(列)数;
- NR 记录当前处理行的数量;
- FNR 保存当前处理行在原文本内的行号;
- FILENAME 当前处理的文本名;
- ENVIRON 调用shell环境变量。
查询:
[root@aly-centos7 /]# awk '{print $0}' passwd4 #$0代表整列 root x:0:0:root:/root:/bin/bash bin x:1:1:bin:/bin:/sbin/nologin daemon x:2:2:daemon:/sbin:/sbin/nologin adm x:3:4:adm:/var/adm:/sbin/nologin lp x:4:7:lp:/var/spool/lpd:/sbin/nologin sync x:5:0:sync:/sbin:/bin/sync %shutdown x:6:0:shutdown:/sbin:/sbin/shutdown $halt:x:7:0:halt:/sbin:/sbin/halt #$mail x:8:12:mail:/var/spool/mail:/sbin/nologin operator x:11:0:operator:/root:/sbin/nologin 1234 567890 9876 543210 [root@aly-centos7 /]# awk '{print $1}' passwd4 #$1代表第一列 root bin daemon adm lp sync %shutdown $halt:x:7:0:halt:/sbin:/sbin/halt #$mail operator 1234 9876 [root@aly-centos7 /]#
首先要查看剩余内存是那个字段标记,然后标记的这一行用grep取出来,最后用awk把这一行的列取出来在加上一个可读性语句即可 [root@aly-centos7 /]# free | grep Mem | awk '{print"当前剩余内存:\n",$7}' 当前剩余内存: 1408424 [root@aly-centos7 /]#
/var/log/secure是用于记录访问的信息,可以通过这个日志来看出来是否遭受到恶意攻击 [root@aly-centos7 /]# grep "Accepted" /var/log/secure | awk '{print $11}' 101.95.130.134 101.95.130.134 101.95.130.134 101.95.130.134 101.95.130.134 101.95.130.134 101.95.130.134 101.95.130.134 [root@aly-centos7 /]# 通过过滤我就知道那些ip访问了,不过访问的ip数量很多,而生产服务器访问的ip都是固定的,一般都会有一个文件记录,这样可以写一个脚本和你过滤的ip比对,那些没有登记的就可以处理掉。
[root@aly-centos7 /]# awk '{print NF}' passwd4 2 2 2 2 2 2 2 1 2 2 2 2 [root@aly-centos7 /]# cat passwd4 root x:0:0:root:/root:/bin/bash bin x:1:1:bin:/bin:/sbin/nologin daemon x:2:2:daemon:/sbin:/sbin/nologin adm x:3:4:adm:/var/adm:/sbin/nologin lp x:4:7:lp:/var/spool/lpd:/sbin/nologin sync x:5:0:sync:/sbin:/bin/sync %shutdown x:6:0:shutdown:/sbin:/sbin/shutdown $halt:x:7:0:halt:/sbin:/sbin/halt #$mail x:8:12:mail:/var/spool/mail:/sbin/nologin operator x:11:0:operator:/root:/sbin/nologin 1234 567890 9876 543210 [root@aly-centos7 /]#
[root@aly-centos7 /]# awk '{print FNR}' passwd3 passwd4 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 11 12 [root@aly-centos7 /]#
[root@aly-centos7 /]# awk -F: 'BEGIN{i=0;j=0}{if($3<=30){i++}else{j++}}END{print "<=30:"i,"\n",">=30:"j}' /etc/passwd <=30:13 >=30:17 [root@aly-centos7 /]#
[root@aly-centos7 /]# grep --color root /etc/passwd root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin dockerroot:x:993:991:Docker User:/var/lib/docker:/sbin/nologin [root@aly-centos7 /]# awk -F[:/] '{i=1}{while(i<=NF){if($i~/root/){j++};i++}}END{print j}' /etc/passwd 5 [root@aly-centos7 /]#
[root@aly-centos7 httpd]# tail -10 access_log 172.16.163.69 - - [24/Jul/2018:13:39:12 +0800] "GET / HTTP/1.0" 403 4897 "-" "ApacheBench/2.3" 172.16.163.69 - - [24/Jul/2018:13:39:12 +0800] "GET / HTTP/1.0" 403 4897 "-" "ApacheBench/2.3" 172.16.163.69 - - [24/Jul/2018:13:39:12 +0800] "GET / HTTP/1.0" 403 4897 "-" "ApacheBench/2.3" 172.16.163.69 - - [24/Jul/2018:13:39:12 +0800] "GET / HTTP/1.0" 403 4897 "-" "ApacheBench/2.3" 172.16.163.69 - - [24/Jul/2018:13:39:12 +0800] "GET / HTTP/1.0" 403 4897 "-" "ApacheBench/2.3" 172.16.163.69 - - [24/Jul/2018:13:39:12 +0800] "GET / HTTP/1.0" 403 4897 "-" "ApacheBench/2.3" 172.16.163.69 - - [24/Jul/2018:13:39:12 +0800] "GET / HTTP/1.0" 403 4897 "-" "ApacheBench/2.3" 172.16.163.69 - - [24/Jul/2018:13:39:12 +0800] "GET / HTTP/1.0" 403 4897 "-" "ApacheBench/2.3" 172.16.163.69 - - [24/Jul/2018:13:39:12 +0800] "GET / HTTP/1.0" 403 4897 "-" "ApacheBench/2.3" 172.16.163.69 - - [24/Jul/2018:13:39:12 +0800] "GET / HTTP/1.0" 403 4897 "-" "ApacheBench/2.3" [root@aly-centos7 httpd]# awk '{ip[$1]++} END{for(i in ip){print i,ip[i]}}' /var/log/httpd/access_log 172.16.163.69 1000 [root@aly-centos7 httpd]#
后续将不断完善awk使用案例
posted on 2018-07-24 13:57 ppc_server 阅读(3030) 评论(1) 编辑 收藏 举报