Grep commands and examples for daily use

Grep commands and examples for daily use

The grep command is one of the oldest tools for Linux and other platforms. Actually, it is much older than Linux, as is written by Ken Thompson more than 40 years ago. The name grep stands for “globally regular expression print”. This name comes from its predecessor ed and the specific mode in which you would globally search, using a regular expression, and print the output. The related command was “g/re/p”. Enough history, let’s dig through some grep examples, to maximize its full potential.


One of the reasons to create this blog post is that there are a lot of examples available for the grep command. But with all information scattered, most people don’t take the time to really learn the most basic commands. We want to leverage the full potential of the grep command, as it can be used in many work related or personal related activities. It is common to use it for checking configuration files and searching through log files.

Why learn the grep command and regular expressions?

As with every tool, it is often easy to start using it, but hard to really master it. The man page is very extensive, so is the online help documentation. Although a good reference, we will be showing the grep command by example, with specific use-cases which are common for system administrators and security professionals. Especially if you have to deal often with data, investing some time in doing things efficiently will pay off.

Before you continue

If you are using grep on another platform than Linux, you may not have the GNU version of grep. Some things in this guide may not be working, or need specific tailoring. You can easily find out what version you have with grep --version.

Need a particular job to be done with the grep command and can’t get it to work? Use the comments and share what you have tried. Let’s start with the basics and become a ‘grep master’.

Basic usage

Simple use of grep command

The grep utility does not need much to starts doing its work. If you would like to find the root user in your /etc/passwd file, just tell it to search for ‘root’ and the file name itself.

grep root /etc/passwd

Using grep to search for root user in /etc/passwd

Using colored grep output

If the command above did not show colored output on your system, you might want to enable that. It can be done with --color auto. As this would mean you have to type it in each time, using an alias would save you from a lot of typing.

alias grep=’grep –color=auto’

You can add this alias to your .bashrc file if you are using bash. Otherwise, add it to the respective profile file.

Ignore case sensitivity

Now that we have performed a basic grep command, we can start change search behavior. Often we might already know the word or words we are looking for. What we don’t always know is if one or more occurrences of the word are using capitals. By default the grep command will be case-sensitive: only the right match will be displayed. We can tell grep to ignore case-sensitive searches with the -ioption.

grep -i root /etc/passwd

Show line numbers

Depending on your search, you may have many occurrences of the text you were searching for. Use the -n option to have grep show the related line numbers.

grep -n root /etc/passwd

Recursive search through directories and files

To search in one directory, there are the -r and -R options to achieve this. Depending on the target and the existence of symlinks, you might want to use the first one if you know there aren’t any. Use the capitalized option if you want to include any possible symlinked file to be searched as well. This may take much longer if many files are included.

grep -r password /etc

Tip: if you don’t want the filenames in the output, add the -h option.

Using regular expressions

The grep utility is a powerful tool and can use regular expressions. Regular expressions can be considered ‘logic rules’ for matching text strings. Think of something like “I know the word should be starting with the letter ‘a’, but after that everything is fine”. By using a regular expression we can expres this in short notation (e.g. "a.*").

Example: Match on words only

You may be searching for a very short, yet specific word. In this case, grep will return way too many results. By using more specific statements we can limit the output.

grep “\bbin\b” /etc/passwd

The \btells grep to use word boundaries.

Grep command with a match by word boundary

Although you could use grep " bin " /etc/passwd to search for a full word, that often won’t give you the right result. It will show some hits, but might be missing a few as well. Occurrences at the begin or end of the file will be missed. There will also be no match if any special characters are followed by it, or even a simple character like a comma.

Tip: the -woption does the same as this regular expression and is easier to remember.

Combining grep with other tools

Using pipes

The grep command is a great utility to use in combination and filter the output of other commands. This way the screen only shows that data you are interested in. To achieve this we use the pipe sign (|) to tell the shell to send any output to the next command in line.

Example: Search in dmesg output

By dmesg command gives a lot of lines as output. If we are just interested in information regarding our storage, we can easily do by searching for “sd”.

dmesg | grep sd

Search with grep command in output of dmesg

If we just would like to find AppArmor related events, it would make sense to ignore case due to the capitals in the name. By smart combining the right tools, we can form a powerful data filter.

dmesg | grep -i apparmor


The grep command is a very powerful tool and easy to work with. To truly master it, one should be learning more about regular expressions. This area will truly let the grep tool shine. Regular expressions also will come in handy for other tools, like sed and awk.


Got a question, or do you have a particular one-liner you often use with grep? Let it know in the comments.

Lynis Enterprise

Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series and the mission to get Linux and Unix-based systems more secure.

Does system hardening take a lot of time, or do you have any compliance in your company? Have a look at Lynis Enterprise.

Or start today with the open source security scanner Lynis (GitHub)

Leave a Reply

Your email address will not be published. Required fields are marked *