Using the find command:

Find man page

Form of command: find path operators

Examples:

Search and list all files from current directory and down for the string ABC:
find ./ -name “*” -exec grep -H ABC {} \;
find ./ -type f -print | xargs grep -H “ABC” /dev/null
egrep -r ABC *
Find all files of a given type from current directory on down:
find ./ -name “*.conf” -print
Find all user files larger than 5Mb:
find /home -size +5000000c -print
Find all files owned by a user (defined by user id number. see /etc/passwd) on the system: (could take a very long time)
find / -user 501 -print
Find all files created or updated in the last five minutes: (Great for finding effects of make install)
find / -cmin -5
Find all users in group 20 and change them to group 102: (execute as root)
find / -group 20 -exec chown :102 {} \;
Find all suid and setgid executables:
find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -ldb {} \;
find / -type f -perm +6000 -ls
Note: suid executable binaries are programs which switch to root privileges to perform their tasks. These are created by applying a “sticky” bit: chmod +s. These programs should be watched as they are often the first point of entry for hackers. Thus it is prudent to run this command and remove the “sticky” bits from executables which either won’t be used or are not required by users. chmod -s filename

Find all world writable directories:
find / -perm -0002 -type d -print
Find all world writable files:
find / -perm -0002 -type f -print
find / -perm -2 ! -type l -ls
Find files with no user:
find / -nouser -o -nogroup -print
Find files modified in the last two days:
find / -mtime 2 -o -ctime 2
Compare two drives to see if all files are identical:
find / -path /proc -prune -o -path /new-disk -prune -o -xtype f -exec cmp {} /new-disk{} \;
Partial list of find directives:

Directive Description
-name Find files whose name matches given pattern
-print Display path of matching files
-user Searches for files belonging to a specific user
-exec command {} \; Execute Unix/Linux command for each matching file.
-atime (+t,-t,t) Find files accessed more that +t days ago, less than -t or precisely t days ago.
-ctime (+t,-t,t) Find files changed …
-perm Find files set with specified permissions.
-type Locate files of a specified type:
c: character device files
b: blocked device
d: directories
p: pipes
l: symbolic links
s: sockets
f: regular files
-size n Find file size is larger than “n” 512-byte blocks (default) or specify a different measurement by using the specified letter following “n”:
nb: bytes
nc: bytes
nk: kilobytes
nw: 2-byte words

Advertisements
Leave a comment

Leave your opinion

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: