Difference between revisions of "Find: 10 Useful Examples of Find"
(→2) Finding files with specific permissons) |
(→10) Find files Changed in the last (n) Days) |
||
Line 73: | Line 73: | ||
find /var/www/ -mtime -2 > ~/hacked-files.txt | find /var/www/ -mtime -2 > ~/hacked-files.txt | ||
+ | |||
+ | ===10b) Find files modified between specific days=== | ||
+ | |||
+ | Say you know about what day the files were hacked, but files were change over days, you can run | ||
+ | |||
+ | find /var/www/ -type f -mtime -20 ! -mtime -10 | ||
+ | |||
+ | That will find the files changed in the 20 days old and 10 days old. |
Revision as of 02:28, 2 January 2014
Contents
- 1 Useful Examples of the Find Command
- 1.1 1) Finding Files with a specific name
- 1.2 2) Finding files with specific permissons
- 1.3 3 Executing Commands on the Files Found by the Find Command
- 1.4 4) Find all empty files (zero byte file)
- 1.5 5) List only the files found within the current directory
- 1.6 6) Find the top 5 largest files on a clients account
- 1.7 7) Find the top 5 smalles files on a clients account
- 1.8 8) Replace the space in pdf files with an underscore
- 1.9 9) Find files Changed in the last Hour
- 1.10 10) Find files Changed in the last (n) Days
- 1.11 10b) Find files modified between specific days
Useful Examples of the Find Command
1) Finding Files with a specific name
The basic usage of the find command, Finds all files named wp-config.php. Example, find all the wp-config.php files showing all wordpress installations.
find . -name "wp-config.php"
2) Finding files with specific permissons
When running a webserver, one of the worst things you can have is a file with 777 permissions. Lets use the find command to check for files/directories with the 777 permissions
find /var/www/ -perm 777
3 Executing Commands on the Files Found by the Find Command
This is a command I use all the time, to adjust the permissions on someones web files. First command will find all files and change them to have 664 permissions
find /var/www/ -type f -exec chmod 644 {} \;
Now we will want to change all the Directories to 2755
find /var/www/ -type d -exec chmod 2755 {} \;
Now we can combine them to make them a one liner
find /var/www/ -type f -exec chmod 644 {} \; && find /var/www/ -type d -exec chmod 2755 {} \;
4) Find all empty files (zero byte file)
We have clients that run wget commands in their cron without dumping it into the /dev/null, so this leave zero byte files
find . -empty -exec ls -l {} \;
and now if you want to remove all those files
find . -empty -exec rm {} \;
5) List only the files found within the current directory
This very useful when you only want to find files in the parent directory. Lets find all the php files in a specific directory.
find /var/www/ -maxdepth 1 -type f -iname *.php
6) Find the top 5 largest files on a clients account
Every now and then a client will get close or go over their quota and you need to find the largest files.
find /var/www/ -type f -exec ls -s {} \; | sort -n -r | head -5
7) Find the top 5 smalles files on a clients account
This command is basically the same as the above command just changing the sort order
find /var/www/ -type f -exec ls -s {} \; | sort -n | head -5
8) Replace the space in pdf files with an underscore
We have clients that sometimes need to remove the space in pdf files and replace them with underscores
find /var/www/ -type f -iname “*.mp3″ -exec rename “s/ /_/g” {} \;
9) Find files Changed in the last Hour
When clients get hacked we can run a find command to identify potental files that could have been hacked around that time. Say the files were hacked with in the last hour, we could run:
find /var/www/ -mmin -60
10) Find files Changed in the last (n) Days
Sometimes, you don't notice the hack right away and you need to search all files modified in the 2 days
find /var/www/ -mtime -2
- tip, you can output them to a text file to provide the client so they can review the files
find /var/www/ -mtime -2 > ~/hacked-files.txt
10b) Find files modified between specific days
Say you know about what day the files were hacked, but files were change over days, you can run
find /var/www/ -type f -mtime -20 ! -mtime -10
That will find the files changed in the 20 days old and 10 days old.