Find: Difference between revisions

From Network Security Wiki
Content added Content deleted
No edit summary
 
(17 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:Linux]]
[[Category:Linux]]
__TOC__
<br />


Created within 2 days
find ~/test -ctime -2 -print


= General Usage =
Modified within 24 hours
find ~/test -mtime -1 -print


Find Text Files
Find Text Files
find ~/test -name *.txt
find ~ -name *.txt


Find empty folders
Find empty files/folders
find ~/test -type d -empty
find ~ -type f -empty
find ~ -type d -empty

Delete empty folders
find ~/test -type d -empty -exec rmdir {} \;
find ~/ -type d -empty -delete

Find and Delete .ini & .db files
find ~/test -name *.ini
find ~/test -name *.ini -delete
find ~/test -name *.db
find ~/test -name *.db -delete

Search all jpg images in the system and archive it
xargs tar -cvzf images.tar.gz

Find Files Using Name
find -name "MyCProgram.c"

Find Files Using Name and Ignoring Case
find -iname "MyCProgram.c"

Limit Search To Specific Directory
find / -name passwd

Find the passwd file under root and one level down
find -maxdepth 2 -name passwd

Executing Commands on the Files Found by the Find Command
find -iname "MyCProgram.c" -exec md5sum {} \;

Inverting the match
find -maxdepth 1 -not -iname "MyCProgram.c"

Find files which has read permission to group
find . -perm -g=r -type f -exec ls -l {} \;

Find files which has read permission only to group
find . -perm g=r -type f -exec ls -l {} \;


Find all empty files (zero byte file)
Find all empty files (zero byte file)
Line 59: Line 22:
find . -maxdepth 1 -empty -not -name ".*"
find . -maxdepth 1 -empty -not -name ".*"


Find Files Using Name and Ignoring Case
Finding the Top 5 Big Files
find -iname "MyCProgram.c"
sort -n -r | head -5


Find the passwd file under root and one level down
Finding the Top 5 Small Files
find -maxdepth 2 -name passwd
sort -n | head -5

List the smaller files other than the ZERO byte files
sort -n | head -5

Find only the socket files
find . -type s


Find all directories
Find all directories
find . -type d
find ~ -type d


Find only the normal files
Find only the normal files
find . -type f
find . -type f


Find all the hidden files
Find all the hidden files/directories
find . -type f -name ".*"
find ~ -type f -name ".*"
find ~ -type d -name ".*"


= Time based Sort =
Find all the hidden directories
find -type d -name ".*"


Created within 2 days
Show files which are modified after the specified file
find -newer ordinary_file
find ~/test -ctime -2 -print


Modified within 24 hours
Find files bigger than the given size
find ~ -size +100M
find ~/test -mtime -1 -print

Find files smaller than the given size
find ~ -size -100M

Find files that matches the exact given size
find ~ -size 100M

Remove the files named a.out frequently
alias rmao="find . -iname a.out -exec rm {} \;"
$ rmao

Remove the core files generated by c program
alias rmc="find . -iname core -exec rm {} \;"
$ rmc

Removes *.zip files that are over 100M
find / -type f -name *.zip -size +100M -exec rm -i {} \;"

List only files recursively without Directory name
find . -maxdepth 10 -type f -printf '%f\n' > fileslist.txt


Find files in directory and sub-directories updated within 60 min
Find files in directory and sub-directories updated within 60 min
Line 115: Line 52:
find / -mtime -1
find / -mtime -1


search files which are modified between last 10 to 20 days
find / -mtime -20 -mtime +10
Find files which got accessed within 60 minutes
Find files which got accessed within 60 minutes
find -amin -60
find / -amin -60
find / -atime -1
find / -atime -1

Search files which are accessed between last 10 to 20 days
find /tmp -atime -20 -atime +10


Find files which changed within 60 minutes
Find files which changed within 60 minutes
find . -cmin -60
find . -cmin -60
find / -ctime -1
find / -ctime -1

Restricting the find output only to files
find /etc/sysconfig -amin -30 -type f

Do not display hidden files in find output
find . -mmin -15 \( ! -regex ".*/\..*" \)


Displays all files which are modified after the /etc/passwd files was modified
Displays all files which are modified after the /etc/passwd files was modified
Line 141: Line 78:
find -mmin -60 -exec ls -l {} \;
find -mmin -60 -exec ls -l {} \;


Restricting the find output only to files
If multiple partitions mounted under /, this command will NOT search all mounted partitions
find / -xdev -name "*.log"
find /etc/sysconfig -amin -30 -type f


Do not display hidden files in find output
If you don’t want to see the errors and would like to redirect it to null
find -name "*.txt" 2>>/dev/null
find . -mmin -15 \( ! -regex ".*/\..*" \)

= Delete Files =

Delete empty folders
find ~/test -type d -empty -exec rmdir {} \;
find ~/ -type d -empty -delete

Find and Delete .ini & .db files
find ~/test -name *.ini
find ~/test -name *.ini -delete
find ~/test -name *.db
find ~/test -name *.db -delete


Replaces space in all the *.mp3 files with _
Replaces space in all the *.mp3 files with _
Line 160: Line 109:




= Size based Sort =

Find files that matches the exact given size
find ~ -size 100M

Find files bigger than the given size
find ~ -size +100M

Find files smaller than the given size
find ~ -size -100M

Search files whose size is greater than 10MB and less than 20MB
find /tmp -size +10M -size -20M

Remove the files named a.out frequently
alias rmao="find . -iname a.out -exec rm {} \;"
$ rmao

Remove the core files generated by c program
alias rmc="find . -iname core -exec rm {} \;"
$ rmc

Removes *.zip files that are over 100M
find / -type f -name *.zip -size +100M -exec rm -i {} \;

= Exec Commands =
*Perform Any Operation on Files Found From Find Command
*Perform Any Operation on Files Found From Find Command
find <CONDITION to Find files> -exec <OPERATION> \;
find <CONDITION to Find files> -exec <OPERATION> \;

rm : remove the files found by find command.
Execute any Unix shell command/custom shell script/command on find command output files:
mv : rename the files found.
ls -l : get details of the find command output files.
rm : remove the files found by find command.
md5sum : find command output files
mv : rename the files found.
wc : count the total number of words on find command output files.
ls -l : get details of the find command output files.
Execute any Unix shell command/custom shell script/command on find command output files.
md5sum : find command output files
wc : count the total number of words on find command output files.
<br />
<br />



*List only Directories
Finding the Top 5 Big Files
<pre style="width: 97%; overflow-x: scroll;">
find . -type f -exec ls -s {} \; | sort -n -r | head -5
find ~/test ! -name *.jpg ! -name *.gif ! -name *.png ! -name *.jpeg ! -name *.JPG ! -name *.bmp ! -name *.html ! -name *.htm ! -type d </pre>

Finding the Top 5 Small Files
find . -type f -exec ls -s {} \; | sort -n | head -5

List the smaller files other than the ZERO byte files
find . -not -empty -type f -exec ls -s {} \; | sort -n | head -5

Find files which has read permission to group
find . -perm -g=r -type f -exec ls -l {} \;

Find files which has read permission only to group
find . -perm g=r -type f -exec ls -l {} \;

Executing Commands on the Files Found by the Find Command
find -iname "MyCProgram.c" -exec md5sum {} \;


= Advanced Options =

List and Export only files recursively without Directory name
find . -maxdepth 10 -type f -printf '%f\n' > fileslist.txt

If you don’t want to see the errors and would like to redirect it to null
find -name "*.txt" 2>>/dev/null

Search all jpg images in the system and archive it
find ~/test -name *.jpg -type f -print | xargs tar -cvzf images.tar.gz

Inverting the match
find -maxdepth 1 -not -iname "MyCProgram.c"

Find files of specific Extensions:
find . -name '*.jpg' -name '*.gif' -name '*.png' -name '*.jpeg' -name '*.JPG' -name '*.bmp' -name '*.html' -name '*.htm'

Find all files except for specific Extensions:
find . ! -name '*.jpg' ! -name '*.gif' ! -name '*.png' ! -name '*.jpeg' ! -name '*.JPG' ! -name '*.bmp' ! -name '*.html' ! -name '*.htm'

Searching all files with 777 permission
find / -type f -perm 0777

Search world readable files - everyone has only read access on that file (444 or -r–r–r– permission); numeric as well as u-g-o (user, group, others) format can be used with -perm switch
find / -type f -perm 444
find / -type f -perm /u=r -perm /g=r -perm /o=r
If you are suspecting some user is spamming files on server, you can search files with his ownership:
find / -type f -user aman
Similarly, files owned by specific group can be searched
find / -type f -group dba

<br />
<br />
;References
<references/>
<br />
<br />
<br />



{{DISQUS}}
{{DISQUS}}

Latest revision as of 12:25, 27 April 2018



General Usage

Find Text Files 

find ~ -name *.txt

Find empty files/folders 

find ~ -type f -empty
find ~ -type d -empty

Find all empty files (zero byte file) 

find ~ -empty

List all the empty files only in your home directory 

find . -maxdepth 1 -empty

List only the non-hidden empty files only in the current directory 

find . -maxdepth 1 -empty -not -name ".*"

Find Files Using Name and Ignoring Case 

find -iname "MyCProgram.c"

Find the passwd file under root and one level down 

find -maxdepth 2 -name passwd

Find all directories 

find ~ -type d

Find only the normal files 

find . -type f

Find all the hidden files/directories 

find ~ -type f -name ".*"
find ~ -type d -name ".*"

Time based Sort

Created within 2 days 

find ~/test -ctime -2 -print

Modified within 24 hours 

find ~/test -mtime -1 -print

Find files in directory and sub-directories updated within 60 min 

find . -mmin -60

Finds all the files updated within 1 day 

find / -mtime -1

search files which are modified between last 10 to 20 days 

find / -mtime -20 -mtime +10

Find files which got accessed within 60 minutes 

find / -amin -60
find / -atime -1

Search files which are accessed between last 10 to 20 days 

find /tmp -atime -20 -atime +10

Find files which changed within 60 minutes 

find . -cmin -60
find / -ctime -1

Displays all files which are modified after the /etc/passwd files was modified 

find -newer /etc/passwd

Displays all files which are accessed after modifying /etc/hosts 

find -anewer /etc/hosts

Displays all files whose status got changed after modifying the /etc/fstab 

find -cnewer /etc/fstab

Long list the files which are edited within the last 1 hour 

find -mmin -60 -exec ls -l {} \;

Restricting the find output only to files 

find /etc/sysconfig -amin -30 -type f

Do not display hidden files in find output 

find . -mmin -15 \( ! -regex ".*/\..*" \)

Delete Files

Delete empty folders 

find ~/test -type d -empty -exec rmdir {} \;
find ~/ -type d -empty -delete

Find and Delete .ini & .db files
find ~/test -name *.ini
find ~/test -name *.ini -delete
find ~/test -name *.db
find ~/test -name *.db -delete

Replaces space in all the *.mp3 files with _ 

find . -type f -iname “*.mp3″ -exec rename “s/ /_/g” {} \;

Delete 100 days old file 

find * -mtime +100 -exec rm {} \;

Move Specific files to another location 

find ./* -name *.jpg -exec mv {} ~/Public/ \;



Size based Sort

Find files that matches the exact given size 

find ~ -size 100M

Find files bigger than the given size 

find ~ -size +100M

Find files smaller than the given size 

find ~ -size -100M

Search files whose size is greater than 10MB and less than 20MB 

find /tmp -size +10M -size -20M

Remove the files named a.out frequently 

alias rmao="find . -iname a.out -exec rm {} \;"
$ rmao

Remove the core files generated by c program 

alias rmc="find . -iname core -exec rm {} \;"
$ rmc

Removes *.zip files that are over 100M 

find / -type f -name *.zip -size +100M -exec rm -i {} \;

Exec Commands

  • Perform Any Operation on Files Found From Find Command
find <CONDITION to Find files> -exec <OPERATION> \;

Execute any Unix shell command/custom shell script/command on find command output files: 

rm      :  remove the files found by find command.
mv      :  rename the files found.
ls -l   :  get details of the find command output files.
md5sum  :  find command output files
wc      :  count the total number of words on find command output files.



Finding the Top 5 Big Files 

find . -type f -exec ls -s {} \; | sort -n -r | head -5

Finding the Top 5 Small Files 

find . -type f -exec ls -s {} \; | sort -n  | head -5

List the smaller files other than the ZERO byte files 

find . -not -empty -type f -exec ls -s {} \; | sort -n  | head -5

Find files which has read permission to group 

find . -perm -g=r -type f -exec ls -l {} \;

Find files which has read permission only to group 

find . -perm g=r -type f -exec ls -l {} \;

Executing Commands on the Files Found by the Find Command 

find -iname "MyCProgram.c" -exec md5sum {} \;


Advanced Options

List and Export only files recursively without Directory name 

find . -maxdepth 10 -type f -printf '%f\n' > fileslist.txt

If you don’t want to see the errors and would like to redirect it to null 

find -name "*.txt" 2>>/dev/null

Search all jpg images in the system and archive it 

find ~/test -name *.jpg -type f -print | xargs tar -cvzf images.tar.gz

Inverting the match 

find -maxdepth 1 -not -iname "MyCProgram.c"

Find files of specific Extensions: 

find . -name '*.jpg' -name '*.gif' -name '*.png' -name '*.jpeg' -name '*.JPG' -name '*.bmp' -name '*.html' -name '*.htm'

Find all files except for specific Extensions: 

find . ! -name '*.jpg' ! -name '*.gif' ! -name '*.png' ! -name '*.jpeg' ! -name '*.JPG' ! -name '*.bmp' ! -name '*.html' ! -name '*.htm'

Searching all files with 777 permission 

find / -type f -perm 0777

Search world readable files - everyone has only read access on that file (444 or -r–r–r– permission); numeric as well as u-g-o (user, group, others) format can be used with -perm switch 

find / -type f -perm 444
find / -type f -perm /u=r -perm /g=r -perm /o=r

If you are suspecting some user is spamming files on server, you can search files with his ownership: 

find / -type f -user aman

Similarly, files owned by specific group can be searched 

find / -type f -group dba


References





{{#widget:DISQUS |id=networkm |uniqid=Find |url=https://aman.awiki.org/wiki/Find }}

Retrieved from "https://aman.awiki.org/wiki/Find?oldid=2228"