Linux Beginner’s Guide Part 4

3 minutes read

Filtering Input

grep command is a text filter that searches for the input and returns the text lines by a given pattern.


In order to start the example, use the following command to get to the /Documents/ folder: cd ~/Documents and then copy the file on which we will make tests, to the current directory: cp /etc/passwd . (note the dot, it’s important!) next, run the grep command line this: grep sysadmin passwd

The line that will be returned from the passwd file contains the pattern sysadmin.

Edit passwd file, add more lines that will contain the word sysadmin, then run the grep command and see what happens.

Regular Expressions

Regular expressions have two forms: basic and extended,

Basic regular expressions:

. = any one single character

[ ] = any one specified character

[^ ] = not the specified character

* = zero or more of the previous character

^ = if the first character in a pattern, the pattern must be at the beginning of the line to match

$ = if the last character in a pattern, the pattern must be at the end of the line to match

Extended regular expressions (must be used with grep command or grep -E command):

+ = one or more of the previous pattern

? = the preceding pattern is optional

{ } = specify minimum, maximum or exact matches of a previous pattern

| = alteration, a logical “or”

( ) = used to create groups

Basic patterns

Regular expressions can be improved in order to match certain sequences of characters in a text.

Anchor characters

Anchor characters are used to mark and filter search result. To prevent the shell from wrong interpretation of the commands the word to be searched for must be placed between ‘ ‘, like in the example below:

grep ‘root’ passwd

How many times the root word is displayed in the output? Correct answer is 4 times.

Run the following command: grep ‘^root’ passwd ( ^ character ensures that the pattern appears at the beginning of each line)

In the next example run cat command to see the contents of passwd file: cat passwd

Run: grep ‘n$’ passwd command and see what will be displayed. $ character ensures that the patterns appears at end of each line.

For example you can run: grep ‘n…..n’ passwd. It will mark all words that starts with n character have any 5 letters inside and ends with n character. You can also try: grep ‘…’ passwd or grep ‘.a..’ passwd and see what will be displayed.

Let’s try to filter numbers: grep ‘[0-9]’ passwd. This command will mark all numbers from 0 to 9.

To negate all numbers from 0 to 9 use the following command: grep ‘[^0-9]’ passwd

Mark special characters: grep ‘[.]’ passwd

To mark 0(zero) or more occurrences of a character: grep ‘s*’ passwd

grep ‘n[bs]s*’ passwd

As we will see later in this tutorial, grep is a very important command and will ease your work a lot if used properly. Using grep with firewall logs: grep -iE ‘(|DROP|DPT=443|)’ firewall.log This command will search in firewall.log and will mark the ip or DROP or DPT=443 (destination port 443, port 443 is used by https).

tail or cat commands can be combined with grep or egrep. This way will be outputted only the lines with the requested keywords:

cat | grep -iE ‘(|DROP|DPT=443|)’ firewall.log
tail | grep -iE ‘(|DROP|DPT=443|)’ firewall.log

On other linux distributions might work as well the following commands, for multiple grep commands combined with cat, tac or tail:

cat firewall.log | egrep -iE “|DROP|DPT=443” 
tac firewall.log | egrep -iE “|DROP|DPT=443” 
tail firewall.log | egrep -iE “|DROP|DPT=443” 
Facebook Twitter LinkedIn Telegram Whatsapp Pocket

Related Posts:

Many Linux commands deal with sensitive data like system hardware, passwords or operate under exceptional circumstances. Prevents regular users from executing these commands by mistakes and helps to protect data and system integrity. By logging in as root enab...
To install Golang in Kali Linux, you can follow these steps:Open the terminal on your Kali Linux system. Download the latest stable version of Golang from the official website. You can use the wget command to download it directly from the terminal. For example...
The touch command is used to create files of any type, for example you can create test.txt, test.jpg, test.doc but only specialized software can read and create content in these file types.
Installing Packages/Applications/Software The yum (apt-get or apt in Ubuntu) command is used to install new packages and to update/upgrade the operating system, it requires administrative access, so it must be used with sudo. yum [OPTIONS] [COMMAND] apt-get [O...
The ifconfig command is used to view the current network configuration for ethernet cards and iwconfig displays the network configuration for wireless cards. Because this is the output from a Virtual Machine the ethernet is called enp0s3, on hardware machines ...
Linux Fedora, often referred to simply as Fedora, is a popular open-source Linux-based operating system that is known for its focus on innovation, community-driven development, and cutting-edge features. Fedora is a free and open-source operating system that i...