How To Use grep, awk, And sed In Bash Scripts

Introduction

The grep, awk, and sed commands are powerful text-processing tools in Linux. They are commonly used in Bash scripts to search, filter, extract, and modify text. If you are learning Bash scripting, these three commands are very important because many real-world scripts work with log files, configuration files, command output, and reports.

For Linux administration and cybersecurity tasks, grep, awk, and sed are extremely useful. You can use them to find failed login attempts, extract IP addresses, filter scan results, replace text in files, and analyze system logs.

What Is grep In Bash?

The grep command is used to search for text patterns inside files or command output.

Basic syntax:

grep "pattern" filename

Example:

grep "root" /etc/passwd

This searches for the word root inside the /etc/passwd file.

You can also use grep with command output:

ps aux | grep apache

This searches running processes for apache.

grep Example In Bash Script

Create a script:

nano grep-example.sh

Add this code:

#!/bin/bashlog_file="/var/log/auth.log"echo "Checking failed SSH logins..."grep "Failed password" "$log_file"

Run it:

chmod +x grep-example.sh./grep-example.sh

This script searches the authentication log for failed SSH login attempts.

What Is awk In Bash?

The awk command is used to process columns and fields from text. It is very useful when working with structured output.

Basic syntax:

awk '{print $1}' filename

Example:

awk '{print $1}' /etc/passwd

This prints the first field from each line. By default, awk separates fields using spaces.

To use a custom separator, use -F.

awk -F: '{print $1}' /etc/passwd

This prints usernames from /etc/passwd.

awk Example In Bash Script

#!/bin/bashecho "System users:"awk -F: '{print $1}' /etc/passwd

This script lists all local usernames from the system password file.

What Is sed In Bash?

The sed command is used to edit text automatically. It is commonly used to replace words, delete lines, or modify file content.

Basic syntax:

sed 's/old/new/' filename

Example:

echo "I like Linux" | sed 's/Linux/Bash/'

Output:

I like Bash

sed Example In Bash Script

#!/bin/bashecho "server=old-domain.com" > config.txtsed 's/old-domain.com/new-domain.com/' config.txt

This replaces old-domain.com with new-domain.com in the output.

To edit the file directly, use:

sed -i 's/old-domain.com/new-domain.com/' config.txt

Cybersecurity Example: Extract IP Addresses From Logs

#!/bin/bashlog_file="/var/log/auth.log"echo "Extracting IP addresses from failed SSH logins..."grep "Failed password" "$log_file" | awk '{print $(NF-3)}' | sort | uniq

This script searches failed SSH login lines, extracts possible IP addresses, sorts them, and removes duplicates.

Conclusion

The grep, awk, and sed commands are essential for Bash scripting. grep searches text, awk extracts fields, and sed edits text. Together, they help you process logs, files, command output, and reports efficiently.

For beginners, learning these tools will improve your Bash scripting skills and help you build practical Linux automation and cybersecurity scripts