Difference between revisions of "Find: 10 Useful Examples of Find"

From Brian Nelson Ramblings
Jump to: navigation, search
(8.a) Convert all files to lower case)
(6) Find the top 5 largest files on a clients account)
 
(One intermediate revision by the same user not shown)
Line 46: Line 46:
  
 
  find /var/www/ -type f -exec ls -s {} \; | sort -n -r | head -5
 
  find /var/www/ -type f -exec ls -s {} \; | sort -n -r | head -5
 +
 +
===6a) Find files larger than 1 GB ===
 +
 +
find /var/www/ -type f -size +1024M -exec ls -lh {} \; | awk '{ print $NF ": " $5 }'
  
 
===7) Find the top 5 smallest files on a clients account===
 
===7) Find the top 5 smallest files on a clients account===
Line 80: Line 84:
 
  find /var/www/ -mtime -2 > ~/hacked-files.txt
 
  find /var/www/ -mtime -2 > ~/hacked-files.txt
  
===10b) Find files modified between specific days===
+
===10a) Find files modified between specific days===
  
 
Say you know about what day the files were hacked, but files were change over days, you can run
 
Say you know about what day the files were hacked, but files were change over days, you can run

Latest revision as of 01:24, 10 May 2018

Useful Examples of the Find Command

1) Finding Files with a specific name

The basic usage of the find command, Finds all files named wp-config.php. Example, find all the wp-config.php files showing all wordpress installations.

find . -name "wp-config.php"

2) Finding files with specific permissons

When running a webserver, one of the worst things you can have is a file with 777 permissions. Lets use the find command to check for files/directories with the 777 permissions

find /var/www/ -perm 777

3 Executing Commands on the Files Found by the Find Command

This is a command I use all the time, to adjust the permissions on someones web files. First command will find all files and change them to have 664 permissions

find /var/www/ -type f -exec chmod 644 {} \;

Now we will want to change all the Directories to 2755

find /var/www/ -type d -exec chmod 2755 {} \;

Now we can combine them to make them a one liner

find /var/www/ -type f -exec chmod 644 {} \; && find /var/www/ -type d -exec chmod 2755 {} \;

4) Find all empty files (zero byte file)

We have clients that run wget commands in their cron without dumping it into the /dev/null, so this leave zero byte files

find . -empty -exec ls -l {} \;

and now if you want to remove all those files

find . -empty -exec rm {} \;

5) List only the files found within the current directory

This very useful when you only want to find files in the parent directory. Lets find all the php files in a specific directory.

find /var/www/ -maxdepth 1 -type f -iname *.php 

6) Find the top 5 largest files on a clients account

Every now and then a client will get close or go over their quota and you need to find the largest files.

find /var/www/ -type f -exec ls -s {} \; | sort -n -r | head -5

6a) Find files larger than 1 GB

find /var/www/ -type f -size +1024M -exec ls -lh {} \; | awk '{ print $NF ": " $5 }'

7) Find the top 5 smallest files on a clients account

This command is basically the same as the above command just changing the sort order

find /var/www/ -type f -exec ls -s {} \; | sort -n  | head -5

8) Replace the space in pdf files with an underscore

We have clients that sometimes need to remove the space in pdf files and replace them with underscores

find /var/www/ -type f -iname “*.pdf″ -exec rename “s/ /_/g” {} \;

8.a) Convert all files to lower case

I hate files with upper case in them, lets convert all to lower case

find . -depth -exec rename 's/(.*)\/([^\/]*)/$1\/\L$2/' {} \;

9) Find files Changed in the last Hour

When clients get hacked we can run a find command to identify potental files that could have been hacked around that time. Say the files were hacked with in the last hour, we could run:

find /var/www/ -mmin -60

10) Find files Changed in the last (n) Days

Sometimes, you don't notice the hack right away and you need to search all files modified in the 2 days

find /var/www/ -mtime -2
  • tip, you can output them to a text file to provide the client so they can review the files
find /var/www/ -mtime -2 > ~/hacked-files.txt

10a) Find files modified between specific days

Say you know about what day the files were hacked, but files were change over days, you can run

find /var/www/ -type f -mtime -20 ! -mtime -10

That will find the files changed in the 20 days old and 10 days old.