Find: Difference between revisions

From Network Security Wiki
Content added Content deleted
m (move)
 
(20 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:Linux]]
[[Category:Linux]]
__TOC__

{| class="wikitable"
|-
! Task !! Command
|-
| Created within 2 days || find ~/test -ctime -2 -print
|-
| Modified within 24 hours || find ~/test -mtime -1 -print
|-
| Find Text Files || find ~/test -name *.txt
|-
| Find empty folders || find ~/test -type d -empty
|-
| Delete empty folders || find ~/test -type d -empty -exec rmdir {} \;<br />find ~/ -type d -empty -delete
|-
| Find and Delete .ini & .db files || find ~/test -name *.ini<br />find ~/test -name *.ini -delete<br />find ~/test -name *.db<br />find ~/test -name *.db -delete
|-
| Search all jpg images in the system and archive it || find ~/test -name *.jpg -type f -print | xargs tar -cvzf images.tar.gz
|-
| Find Files Using Name || find -name "MyCProgram.c"
|-
| Find Files Using Name and Ignoring Case || find -iname "MyCProgram.c"
|-
| Limit Search To Specific Directory || find / -name passwd
|-
| Find the passwd file under root and one level down || find -maxdepth 2 -name passwd
|- Find the password file between sub-directory level 2 and 4 || find -mindepth 3 -maxdepth 5 -name passwd
|-
| Executing Commands on the Files Found by the Find Command || find -iname "MyCProgram.c" -exec md5sum {} \;
|-
| Inverting the match || find -maxdepth 1 -not -iname "MyCProgram.c"
|-
| Find files which has read permission to group || find . -perm -g=r -type f -exec ls -l {} \;
|-
|Find files which has read permission only to group || find . -perm g=r -type f -exec ls -l {} \;
|-
| Find all empty files (zero byte file) || find ~ -empty
|-
| List all the empty files only in your home directory || find . -maxdepth 1 -empty
|-
| List only the non-hidden empty files only in the current directory || find . -maxdepth 1 -empty -not -name ".*"
|-
| Finding the Top 5 Big Files || find . -type f -exec ls -s {} \; | sort -n -r | head -5
|-
| Finding the Top 5 Small Files || find . -type f -exec ls -s {} \; | sort -n | head -5
|-
| List the smaller files other than the ZERO byte files || find . -not -empty -type f -exec ls -s {} \; | sort -n | head -5
|-
| Find only the socket files || find . -type s
|-
| Find all directories || find . -type d
|-
| Find only the normal files || find . -type f
|-
| Find all the hidden files || find . -type f -name ".*"
|-
| Find all the hidden directories || find -type d -name ".*"
|-
| Show files which are modified after the specified file || find -newer ordinary_file
|-
| Find files bigger than the given size || find ~ -size +100M
|-
| Find files smaller than the given size || find ~ -size -100M
|-
| Find files that matches the exact given size || find ~ -size 100M
|-
| Remove the files named a.out frequently || alias rmao="find . -iname a.out -exec rm {} \;"<br /># rmao
|-
| Remove the core files generated by c program || alias rmc="find . -iname core -exec rm {} \;"<br />
# rmc
|-
| Removes *.zip files that are over 100M || find / -type f -name *.zip -size +100M -exec rm -i {} \;"
|-
| List only files recursively without Directory name || find . -maxdepth 10 -type f -printf '%f\n' > fileslist.txt
|-
| Find files in directory and sub-directories updated within 60 min || find . -mmin -60
|-
| Finds all the files updated within 1 day || find / -mtime -1
|-
| Find files which got accessed within 60 minutes || find -amin -60<br />find / -atime -1
|-
| Find files which changed within 60 minutes || find . -cmin -60<br />find / -ctime -1
|-
| Restricting the find output only to files || find /etc/sysconfig -amin -30 -type f
|-
| Do not display hidden files in find output || find . -mmin -15 \( ! -regex ".*/\..*" \)
|-
| Displays all files which are modified after the /etc/passwd files was modified || find -newer /etc/passwd
|-
| Displays all files which are accessed after modifying /etc/hosts || find -anewer /etc/hosts
|-
| Displays all files whose status got changed after modifying the /etc/fstab || find -cnewer /etc/fstab
|-
| Long list the files which are edited within the last 1 hour || find -mmin -60 -exec ls -l {} \;
|-
| If multiple partitions mounted under /, this command will NOT search all mounted partitions || find / -xdev -name "*.log"
|-
| If you don’t want to see the errors and would like to redirect it to null || find -name "*.txt" 2>>/dev/null
|-
| Replaces space in all the *.mp3 files with _ || find . -type f -iname “*.mp3″ -exec rename “s/ /_/g” {} \;
|-
| Delete 100 days old file || find * -mtime +100 -exec rm {} \;
|-
| Move Specific files to another location || find ./* -name *.jpg -exec mv {} ~/Public/ \;
|}
<br />
<br />



= General Usage =

Find Text Files
find ~ -name *.txt

Find empty files/folders
find ~ -type f -empty
find ~ -type d -empty

Find all empty files (zero byte file)
find ~ -empty

List all the empty files only in your home directory
find . -maxdepth 1 -empty

List only the non-hidden empty files only in the current directory
find . -maxdepth 1 -empty -not -name ".*"

Find Files Using Name and Ignoring Case
find -iname "MyCProgram.c"

Find the passwd file under root and one level down
find -maxdepth 2 -name passwd

Find all directories
find ~ -type d

Find only the normal files
find . -type f

Find all the hidden files/directories
find ~ -type f -name ".*"
find ~ -type d -name ".*"

= Time based Sort =

Created within 2 days
find ~/test -ctime -2 -print

Modified within 24 hours
find ~/test -mtime -1 -print

Find files in directory and sub-directories updated within 60 min
find . -mmin -60

Finds all the files updated within 1 day
find / -mtime -1

search files which are modified between last 10 to 20 days
find / -mtime -20 -mtime +10
Find files which got accessed within 60 minutes
find / -amin -60
find / -atime -1

Search files which are accessed between last 10 to 20 days
find /tmp -atime -20 -atime +10

Find files which changed within 60 minutes
find . -cmin -60
find / -ctime -1

Displays all files which are modified after the /etc/passwd files was modified
find -newer /etc/passwd

Displays all files which are accessed after modifying /etc/hosts
find -anewer /etc/hosts

Displays all files whose status got changed after modifying the /etc/fstab
find -cnewer /etc/fstab

Long list the files which are edited within the last 1 hour
find -mmin -60 -exec ls -l {} \;

Restricting the find output only to files
find /etc/sysconfig -amin -30 -type f

Do not display hidden files in find output
find . -mmin -15 \( ! -regex ".*/\..*" \)

= Delete Files =

Delete empty folders
find ~/test -type d -empty -exec rmdir {} \;
find ~/ -type d -empty -delete

Find and Delete .ini & .db files
find ~/test -name *.ini
find ~/test -name *.ini -delete
find ~/test -name *.db
find ~/test -name *.db -delete

Replaces space in all the *.mp3 files with _
find . -type f -iname “*.mp3″ -exec rename “s/ /_/g” {} \;

Delete 100 days old file
find * -mtime +100 -exec rm {} \;

Move Specific files to another location
find ./* -name *.jpg -exec mv {} ~/Public/ \;





= Size based Sort =

Find files that matches the exact given size
find ~ -size 100M

Find files bigger than the given size
find ~ -size +100M

Find files smaller than the given size
find ~ -size -100M

Search files whose size is greater than 10MB and less than 20MB
find /tmp -size +10M -size -20M

Remove the files named a.out frequently
alias rmao="find . -iname a.out -exec rm {} \;"
$ rmao

Remove the core files generated by c program
alias rmc="find . -iname core -exec rm {} \;"
$ rmc

Removes *.zip files that are over 100M
find / -type f -name *.zip -size +100M -exec rm -i {} \;

= Exec Commands =
*Perform Any Operation on Files Found From Find Command
*Perform Any Operation on Files Found From Find Command
find <CONDITION to Find files> -exec <OPERATION> \;
find <CONDITION to Find files> -exec <OPERATION> \;

m : remove the files found by find command.
Execute any Unix shell command/custom shell script/command on find command output files:
mv : rename the files found.
ls -l : get details of the find command output files.
rm : remove the files found by find command.
md5sum : find command output files
mv : rename the files found.
wc : count the total number of words on find command output files.
ls -l : get details of the find command output files.
Execute any Unix shell command/custom shell script/command on find command output files.
md5sum : find command output files
wc : count the total number of words on find command output files.
<br />
<br />



*List only Directories
Finding the Top 5 Big Files
<pre style="width: 97%; overflow-x: scroll;">
find . -type f -exec ls -s {} \; | sort -n -r | head -5
find ~/test ! -name *.jpg ! -name *.gif ! -name *.png ! -name *.jpeg ! -name *.JPG ! -name *.bmp ! -name *.html ! -name *.htm ! -type d </pre>

Finding the Top 5 Small Files
find . -type f -exec ls -s {} \; | sort -n | head -5

List the smaller files other than the ZERO byte files
find . -not -empty -type f -exec ls -s {} \; | sort -n | head -5

Find files which has read permission to group
find . -perm -g=r -type f -exec ls -l {} \;

Find files which has read permission only to group
find . -perm g=r -type f -exec ls -l {} \;

Executing Commands on the Files Found by the Find Command
find -iname "MyCProgram.c" -exec md5sum {} \;


= Advanced Options =

List and Export only files recursively without Directory name
find . -maxdepth 10 -type f -printf '%f\n' > fileslist.txt

If you don’t want to see the errors and would like to redirect it to null
find -name "*.txt" 2>>/dev/null

Search all jpg images in the system and archive it
find ~/test -name *.jpg -type f -print | xargs tar -cvzf images.tar.gz

Inverting the match
find -maxdepth 1 -not -iname "MyCProgram.c"

Find files of specific Extensions:
find . -name '*.jpg' -name '*.gif' -name '*.png' -name '*.jpeg' -name '*.JPG' -name '*.bmp' -name '*.html' -name '*.htm'

Find all files except for specific Extensions:
find . ! -name '*.jpg' ! -name '*.gif' ! -name '*.png' ! -name '*.jpeg' ! -name '*.JPG' ! -name '*.bmp' ! -name '*.html' ! -name '*.htm'

Searching all files with 777 permission
find / -type f -perm 0777

Search world readable files - everyone has only read access on that file (444 or -r–r–r– permission); numeric as well as u-g-o (user, group, others) format can be used with -perm switch
find / -type f -perm 444
find / -type f -perm /u=r -perm /g=r -perm /o=r
If you are suspecting some user is spamming files on server, you can search files with his ownership:
find / -type f -user aman
Similarly, files owned by specific group can be searched
find / -type f -group dba

<br />
<br />
;References
<references/>
<br />
<br />
<br />



{{DISQUS}}
{{DISQUS}}

Latest revision as of 12:25, 27 April 2018



General Usage

Find Text Files 

find ~ -name *.txt

Find empty files/folders 

find ~ -type f -empty
find ~ -type d -empty

Find all empty files (zero byte file) 

find ~ -empty

List all the empty files only in your home directory 

find . -maxdepth 1 -empty

List only the non-hidden empty files only in the current directory 

find . -maxdepth 1 -empty -not -name ".*"

Find Files Using Name and Ignoring Case 

find -iname "MyCProgram.c"

Find the passwd file under root and one level down 

find -maxdepth 2 -name passwd

Find all directories 

find ~ -type d

Find only the normal files 

find . -type f

Find all the hidden files/directories 

find ~ -type f -name ".*"
find ~ -type d -name ".*"

Time based Sort

Created within 2 days 

find ~/test -ctime -2 -print

Modified within 24 hours 

find ~/test -mtime -1 -print

Find files in directory and sub-directories updated within 60 min 

find . -mmin -60

Finds all the files updated within 1 day 

find / -mtime -1

search files which are modified between last 10 to 20 days 

find / -mtime -20 -mtime +10

Find files which got accessed within 60 minutes 

find / -amin -60
find / -atime -1

Search files which are accessed between last 10 to 20 days 

find /tmp -atime -20 -atime +10

Find files which changed within 60 minutes 

find . -cmin -60
find / -ctime -1

Displays all files which are modified after the /etc/passwd files was modified 

find -newer /etc/passwd

Displays all files which are accessed after modifying /etc/hosts 

find -anewer /etc/hosts

Displays all files whose status got changed after modifying the /etc/fstab 

find -cnewer /etc/fstab

Long list the files which are edited within the last 1 hour 

find -mmin -60 -exec ls -l {} \;

Restricting the find output only to files 

find /etc/sysconfig -amin -30 -type f

Do not display hidden files in find output 

find . -mmin -15 \( ! -regex ".*/\..*" \)

Delete Files

Delete empty folders 

find ~/test -type d -empty -exec rmdir {} \;
find ~/ -type d -empty -delete

Find and Delete .ini & .db files
find ~/test -name *.ini
find ~/test -name *.ini -delete
find ~/test -name *.db
find ~/test -name *.db -delete

Replaces space in all the *.mp3 files with _ 

find . -type f -iname “*.mp3″ -exec rename “s/ /_/g” {} \;

Delete 100 days old file 

find * -mtime +100 -exec rm {} \;

Move Specific files to another location 

find ./* -name *.jpg -exec mv {} ~/Public/ \;



Size based Sort

Find files that matches the exact given size 

find ~ -size 100M

Find files bigger than the given size 

find ~ -size +100M

Find files smaller than the given size 

find ~ -size -100M

Search files whose size is greater than 10MB and less than 20MB 

find /tmp -size +10M -size -20M

Remove the files named a.out frequently 

alias rmao="find . -iname a.out -exec rm {} \;"
$ rmao

Remove the core files generated by c program 

alias rmc="find . -iname core -exec rm {} \;"
$ rmc

Removes *.zip files that are over 100M 

find / -type f -name *.zip -size +100M -exec rm -i {} \;

Exec Commands

  • Perform Any Operation on Files Found From Find Command
find <CONDITION to Find files> -exec <OPERATION> \;

Execute any Unix shell command/custom shell script/command on find command output files: 

rm      :  remove the files found by find command.
mv      :  rename the files found.
ls -l   :  get details of the find command output files.
md5sum  :  find command output files
wc      :  count the total number of words on find command output files.



Finding the Top 5 Big Files 

find . -type f -exec ls -s {} \; | sort -n -r | head -5

Finding the Top 5 Small Files 

find . -type f -exec ls -s {} \; | sort -n  | head -5

List the smaller files other than the ZERO byte files 

find . -not -empty -type f -exec ls -s {} \; | sort -n  | head -5

Find files which has read permission to group 

find . -perm -g=r -type f -exec ls -l {} \;

Find files which has read permission only to group 

find . -perm g=r -type f -exec ls -l {} \;

Executing Commands on the Files Found by the Find Command 

find -iname "MyCProgram.c" -exec md5sum {} \;


Advanced Options

List and Export only files recursively without Directory name 

find . -maxdepth 10 -type f -printf '%f\n' > fileslist.txt

If you don’t want to see the errors and would like to redirect it to null 

find -name "*.txt" 2>>/dev/null

Search all jpg images in the system and archive it 

find ~/test -name *.jpg -type f -print | xargs tar -cvzf images.tar.gz

Inverting the match 

find -maxdepth 1 -not -iname "MyCProgram.c"

Find files of specific Extensions: 

find . -name '*.jpg' -name '*.gif' -name '*.png' -name '*.jpeg' -name '*.JPG' -name '*.bmp' -name '*.html' -name '*.htm'

Find all files except for specific Extensions: 

find . ! -name '*.jpg' ! -name '*.gif' ! -name '*.png' ! -name '*.jpeg' ! -name '*.JPG' ! -name '*.bmp' ! -name '*.html' ! -name '*.htm'

Searching all files with 777 permission 

find / -type f -perm 0777

Search world readable files - everyone has only read access on that file (444 or -r–r–r– permission); numeric as well as u-g-o (user, group, others) format can be used with -perm switch 

find / -type f -perm 444
find / -type f -perm /u=r -perm /g=r -perm /o=r

If you are suspecting some user is spamming files on server, you can search files with his ownership: 

find / -type f -user aman

Similarly, files owned by specific group can be searched 

find / -type f -group dba


References





{{#widget:DISQUS |id=networkm |uniqid=Find |url=https://aman.awiki.org/wiki/Find }}

Retrieved from "https://aman.awiki.org/wiki/Find?oldid=2228"