Using GREP to Search for Data
Learn to quickly locate terms in file and command output through the Using GREP to Search for Data virtual lab, by IT PRO Challenges. Skills learned in the lab pertain to Law Enforcement/Counterintelligence Forensics and Cyber Defense Forensic Analysis in identifying, modifying, and manipulating components faster at a batch level.
This 45 minutes guided lab introduces learners to a search for data in a UNIX/Linux system using the grep command.
The lab begins at the console. Hands-on exercises unleash the power of grep command in searching through file contents containing Linux commands formatting the display so that it shows code line numbers. Then the learner broadens grep's usage by looping through the files to locate terms and ignoring the letter cases. Lastly, learners, in one command line, specify multiple parameters in a single line of grep code, honing the Linux search filter.
Completing this virtual challenge gives those in security roles a valuable string and character search tool as well as essential UNIX/Linux helpful for Exploitation Analyst and Cyber Operator roles.
Search for a String by Using GREP:
Learners get hands-on experience with grep's usefulness by seeing and reviewing a long line of code. From there, learners enter the grep command to highlight sed and awk commands in the code. Then the lab shows how to display the line numbers with the highlighted command. At the end of this section, learners gain a powerful tool for finding code to fix in a batch process, for reviewers to spot check code and for scriptwriters to identify and modify any terms that need to be changed.
Refine Results of a Search by Using the GREP Command:
Learners refine the grep commands by searching through adding parameters to search files and their contents recursively (-lr) as well as to eliminate case sensitivity in a search (-i).
Administrators that loop the grep command can configure multiple users by seeking a command to be changed for multiple files. For example, administrators use Pluggable Authentication Models (PAM) to customize how computers allow access for a set of users. The lab demonstrates that making changes to this authentication configuration, at once, would become much more comfortable using the grep command to locate all the files throughout the directory.
By specifying a case-insensitive grep search, learners see, not only script commands and details about what it does, but also filenames and various variables. For example, a grep's search of "kernel" reveals the variables, commands, and file strings containing either "kernel" or "Kernel. Overlooking the distinction of capitalization becomes important when "Kernel" indicates a particular release to be protected.
Perform Multiple GREP Searches in a Single Command:
The grep search command has a -v parameter that filters out specific strings. Through this section, learners search for the string "the" without any additional grep parameters. Results will not only display "the" but also any characters following the string to be searched (e.g. "then")
To eliminate irrelevant values, such as "then" when searching for a "the" string, adding the -v to an excluded string narrows down the results, making it easier to search.
Upon completion of this lab, LINUX beginners grasp the effectiveness and usefulness of grep. They know how to hone a grep search to be more efficient after completing the lab parts.
- Finding content within a file to reveal specific strings.
- Customizing the output from a grep search, so line numbers of code are displayed.
- Removing case-sensitivity within a grep search command.
- Locating multiple files, through a recursive grep search, for potentially batch processing.
- Doing multiple grep searches in one line to filter strings to locate and omit at the same time.
Learners benefit from other challenges enhancing UNIX/Linux knowledge and grep's power.
- GUIDED CHALLENGE: Sort Files
- ADVANCED CHALLENGE: Can you use the grep and sort commands together?