1. Understand and Use Essential Tools
πRed Hat Certified System Administrator (RHCSA β EX200)
1. Introduction to grep
grep is a Linux command-line tool used to search for patterns in files or output. It is extremely useful when working with logs, configuration files, or any text data.
Basic syntax:
grep [options] "pattern" filename
patternβ the text or regular expression you want to search for.filenameβ the file to search in (can be multiple files).
You can also pipe output to grep:
dmesg | grep "error"
Here, dmesg shows system messages, and grep "error" filters only the lines containing “error”.
2. Basic grep Options
These options are commonly tested in RHCSA:
| Option | Meaning | Example |
|---|---|---|
-i | Case-insensitive search | grep -i "network" /var/log/messages |
-v | Invert match (show lines not matching) | grep -v "INFO" /var/log/syslog |
-r or -R | Recursive search in directories | grep -r "ssh" /etc/ |
-c | Count the number of matching lines | grep -c "Failed" /var/log/secure |
-n | Show line numbers with matches | grep -n "error" /var/log/messages |
-l | List filenames containing the match | grep -l "PermitRootLogin" /etc/ssh/* |
-w | Match whole words only | grep -w "root" /etc/passwd |
-A n | Show n lines after a match | grep -A 2 "error" logfile |
-B n | Show n lines before a match | grep -B 3 "Failed" logfile |
-C n | Show n lines before and after | grep -C 2 "timeout" logfile |
3. Regular Expressions (Regex) Basics
Regular expressions are patterns used to match text. grep can use basic regex (BRE) by default and extended regex (ERE) with -E (or egrep).
Common Regex Symbols
| Symbol | Meaning | Example |
|---|---|---|
. | Matches any single character | gr.p matches grep, grip |
* | Matches 0 or more of the previous character | lo*g matches lg, log, loog |
^ | Start of the line | ^root matches lines starting with root |
$ | End of the line | admin$ matches lines ending with admin |
[ ] | Matches any one character inside brackets | [0-9] matches any digit |
[^ ] | Matches any character NOT inside brackets | [^0-9] matches non-digit |
| | OR (in extended regex) | error|fail matches “error” or “fail” |
\? | 0 or 1 occurrence (ERE) | colou?r matches “color” or “colour” |
\+ | 1 or more occurrence (ERE) | go+gle matches gogle, google |
() | Grouping (ERE) | `(root |
4. Examples of grep with Regex in IT Context
- Find users with UID 0 (root) in
/etc/passwd:
grep '^root:' /etc/passwd
^root:ensures only lines starting with “root” are matched.
- Search for failed SSH login attempts in logs:
grep 'Failed password' /var/log/secure
- Filters lines showing failed login attempts.
- Match all IP addresses in a log file:
grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}' /var/log/messages
[0-9]{1,3}matches 1 to 3 digits.\.matches a literal dot.{3}repeats the pattern 3 times for full IPv4 address.
- Find lines that do NOT contain the word “INFO”:
grep -v 'INFO' /var/log/messages
- Shows all lines except those containing “INFO”.
- Search recursively in
/etcfor SSH config entries:
grep -r 'PermitRootLogin' /etc/ssh/
5. Extended grep Variants
egrepβ same asgrep -Efor extended regex.fgrepβ same asgrep -Ffor fixed strings (no regex, faster).
Example:
egrep 'error|fail|critical' /var/log/messages
- Matches lines with “error”, “fail”, or “critical”.
6. Tips for the RHCSA Exam
- Always know the difference between basic grep and extended grep (
-E). - Understand line start
^and line end$anchors. - Use
-nand-Coptions to show line numbers and contextβoften useful in troubleshooting tasks. - Be comfortable with character classes
[ ]and ranges[a-z],[0-9]. - Combine
grepwith other commands using pipes (|). Example:
journalctl -u sshd | grep 'Failed'
β Summary
grepis essential for searching text in files or command outputs.- Use options like
-i,-v,-r,-c,-nfor practical filtering. - Regular expressions allow pattern matching for more complex searches.
- Extended regex (
-E) gives more flexibility like+,?, and|. - Mastery of
grepis important for exam tasks like troubleshooting logs, filtering user accounts, and analyzing configuration files.
