Never Ending Security

It starts all here

Grep Commands Cheatsheet

grep Command Examples

Have you ever been confronted with the task of looking for a particular string or pattern in a file, yet have no idea where to start looking? No worries, you probably have grep installed on your system

grep is a powerful file pattern searcher that comes equipped on every distribution of Linux.

Search and Find Files

Let’s say that you have just installed a fresh copy of the new Ubuntu on your machine, and that you are going to give Python scripting a shot. You have been scouring the web looking for tutorials, but you see that there are two different versions of Python in use, and you don’t know which one was installed on your system by the Ubuntu installer, or if it installed any modules. Simply run this command:

# dpkg –l | grep –i python
ii  python2.7                        2.7.3-0ubuntu3.4                    Interactive high-level object-oriented language (version 2.7)
ii  python2.7-minimal                2.7.3-0ubuntu3.4                    Minimal subset of the Python language (version 2.7)
ii  python-openssl                   0.12-1ubuntu2.1                     Python wrapper around the OpenSSL library
ii  python-pam                       0.4.2-12.2ubuntu4                   A Python interface to the PAM library

First, we ran dpkg –l, which lists installed *.deb packages on your system. Second, we piped that output to grep –i python, which simple states “go to grep and filter out and return everything with ‘python’ in it.” The –i option is there to ignore-case, as grep is case-sensitive. Using the –i option is a good habit of getting into, unless of course you are trying to nail down a more specific search.

Search and Filter Files

The grep can also be used to search and filter within individual files or multiple files. Lets take this scenario:

You are having some trouble with your Apache Web Server, and you have reached out to one of the many awesome forums on the net asking for some help. The kind soul who replies to you has asked you to post the contents of your /etc/apache2/sites-available/default-ssl file. Wouldn’t it be easier for you, the guy helping you, and everyone reading it, if you could remove all of the commented lines? Well you can! Just run this:

# grep –v “#”  /etc/apache2/sites-available/default-ssl

The –v option tells grep to invert its output, meaning that instead of printing matching lines, do the opposite and print all of the lines that don’t match the expression, in this case, the #commented lines.

Find all .mp3 Files Only

The grep can be very useful for filtering from stdout. For example, let’s say that you have an entire folder full of music files in a bunch of different formats. You want to find all of the *.mp3files from the artist JayZ, but you don’t want any of the remixed tracks. Using a find commandwith a couple of grep pipes will do the trick:

# find . –name “*.mp3” | grep –i JayZ | grep –vi “remix”

In this example, we are using find to print all of the files with a *.mp3 extension, piping it to grep –ito filter out and prints all files with the name “JayZ” and then another pipe to grep –vi which filters out and does not print all filenames with the string (in any case) “remix”.

Display Number of Lines Before or After Search String

Another couple of options are the –A and –B switches, which displays the matched line and number of lines either that come before or after the search string. While the man page gives a more detailed explanation, I find it easiest to remember the options as –A = after, and –B =before:

# ifconfig | grep –A 4 eth0
# ifconfig | grep  -B 2 UP

Prints Number of Lines Around Match

The grep’s –C option is similar, but instead of printing the lines that come either before or after the string, it prints the lines in either direction:

# ifconfig | grep –C 2 lo

Count Number of Matches

Similar to piping a grep string to word count (wc program) grep’s built-in option can perform the same for you:

# ifconfig | grep –c inet6

Search Files by Given String

The –n option for grep is very useful when debugging files during compile errors. It displays the line number in the file of the given search string:

# grep –n “main”

Search a string Recursively in all Directories

If you would like to search for a string in the current directory along with all of the subdirectories, you can specify the –r option to search recursively:

# grep –r “function” *

Searches for the entire pattern

Passing the –w option to grep searches for the entire pattern that is in the string. For example, using:

# ifconfig | grep –w “RUNNING”

Will print out the line containing the pattern in quotes. On the other hand, if you try:

# ifconfig | grep –w “RUN”

Nothing will be returned as we are not searching for a pattern, but an entire word.

Search a string in Gzipped Files

Deserving some mention are grep’s derivatives. The first is zgrep, which, similar to zcat, is for use on gzipped files. It takes the same options as grep and is used in the same way:

# zgrep –i error /var/log/syslog.2.gz

Match Regular Expression in Files

The egrep is another derivative that stands for “Extended Global Regular Expression”. It recognizes additional expression meta-characters such at + ? | and (). egrep is very useful for searching source files, and other pieces of code, should the need arise. It can be invoked from regular grep by specifying the –E option.

# grep –E

Search a Fixed Pattern String

The fgrep searches a file or list of files for a fixed pattern string. It is the same as grep –F. A common way of using fgrep is to pass a file of patterns to it:

# fgrep –f file_full_of_patterns.txt file_to_search.txt

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s