Below are selected solutions for the Chapter 3 workshop questions from Cybersecurity Ops with bash.

**Question 1**

Write a regular expression that matches a floating-point number (a number with a decimal point) such as *3.14*. There can be digits on either side of the decimal point, but there need not be any on one side or the other. Allow the regex to match just a decimal point by itself, too.

**Answer**

Note that this is just one of many possible solutions:

Here is how the regular expression is broken down:

**[0-9]* **Matches the digits 0 through 9 zero or more times

**\. **The backslash is an escape character so the literal period character is matched

**[0-9]*** Matches the digits 0 through 9 zero or more times

**Question 2**

Use a back reference in a regular expression to match a number that appears on both sides of an equals sign. For example, it should match “314 is = to 314” but not “6 = 7.”

**Answer**

Note that this is just one of many possible solutions:

Here is how the regular expression is broken down:

**([0-9]+) **The digits 0 through 9 one or more times, the ( ) are used so the matching pattern can

be used by a back reference

**.*** Any number of any character

**= **The literal equal sign character

**.*** Any number of any character

**\1** A back reference to the pattern matched by the expression in the first set of ( )

**Question 4**

Write a regular expression that uses grouping to match on the following two IP addresses: 10.0.0.25 and 10.0.0.134.

**Answer**

Note that this is just one of many possible solutions:

Here is how the regular expression is broken down:

**10\.0\.0\.** The pattern *10.0.0.* - the \ is used to escape the special meaning of the period

**(25|134)** A group where the only accepted patterns are *25 *or *134*

for Question5:

egrep '(\b[0-9a-fA-F].*\b).*\1.*\1'

What I got for Question 3.

egrep '^[0-9].*[0-9]$'

What I got for Question 4.

egrep '10.0.0.(25|1134)'

How come I was able to match the first part without escaping the periods? Shouldn't the periods represent a single wildcard character so that there must be a character in between the zeros in order to match? What am I misunderstanding?

What I got for Question 5.

egrep '([[:xdigit:]]x[[:xdigit:]][[:xdigit:]]) \1 \1'

What I got for Question 3.

egrep '^[0-9].*[0-9]$'

Chapter3 Question2 and its solution are ambiguous.

With solution ([0-9]+).*=.*\1 For Example

1- “314 is = to 314” results in a match; but at the same time “314 is = to 312” would also result in a match, and so would “11 = 12”

2- “6 = 7.” results in a No Match. But at the same time “2 = 2” also results in a No Match.

The solution provided only checks that there is a number at both sides of = sign. It doesn't really ensure that they are the same number.