Grep Cheat Sheet

Jackbox

Active Member
Joined
Jan 2, 2016
Messages
199
Reaction score
95
Points
74
Age
26
Hello Linux lovers and haters,

grep is most certainly amazing whether you have a headache or get excited about 'er.

Here are some exciting ways to use grep to check for important information within logs.

Who has logged in today?

You may use w | grep "root" or who | grep "root" to find out who is currently in a root session. If you wanted to do something such as send a text message to your phone or email every 10 minutes showing the logged in users you could just create a cron job. If no one is logged in of course then you would be receiving no alerts. Kind of an interesting idea for a low volume sign-in server. Or maybe it could only go off if there are more than 1 root sessions in the event someone shares root credentials and more root sessions are active than normal or within a certain time frame. E.g. 2 root sessions within 1 minute alert.

Checking the security log on CentOS for failed:
grep "failed" /var/log/secure

More coming soon.

With nmap installed you could find open ports locally via:
nmap -O localhost | grep "open"

Who is accessing the website admin panel?
grep "GET /admin" /var/log/httpd/access_log
grep "POST /admin" /var/log/httpd/access_log


Why does SELinux use crystal meth?
grep "SELinux" /var/log/messages
 
Last edited:

Top