记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

[原]linux找出最近或者今天被修改的文件

2017-01-09 08:55

0x01 列出某个目录下今天创建或者修改的文件

cd /home/ym

1 显示目录home/ym下,今天创建或者修改的文件

ls  -al --time-style=+%D | grep 'date +%D'

参数解释:

-a - 列出所有文件,包括隐藏文件
-l - 启用长列表格式
--time-style=FORMAT - 显示指定 FORMAT 的时间
+%D - 以 %m/%d/%y (月/日/年)格式显示或使用日期-a - 列出所有文件,包括隐藏文件
-l - 启用长列表格式
--time-style=FORMAT - 显示指定 FORMAT 的时间
+%D - 以 %m/%d/%y (月/日/年)格式显示或使用日期

2 按字母顺序对结果排序显示

ls -alX --time-style=+%D | grep 'date +%D'

3 按文件大小从大到小对结果排序显示

ls -alS --time-style=+%D | grep 'date +%D'

0x02 列出某天所有被修改文件

1 列出当前目录今天被修改的文件

find . -maxdepth 1 -newermt "2017-1-8"

find . -maxdepth 1 -newermt "1/8/2017"

2 列出系统中今天被修改的所有文件

find .  -newermt "2017-1-8"

find . -newermt "1/8/2017"

0x03  查找被访问过的文件

1 今天被访问的文件

 find /home -atime 0 #查看home 目录下今天被访问的文件

2 查看几天之内被访问的文件

find . -atime +2 # -atime n,   File  was last accessed n*24 hours ago.;查看当前目录三天之内被访问的文件

0x04 查看被修改过的文件

1 今天被访问的文件

 find /home -ctime 0 #查看home 目录下今天被修改过的文件

2 查看几天之内被访问的文件

find . -ctime +2 # -ctime n,   File  was last changed n*24 hours ago.;查看当前目录三天之内被修改过的文件

0x05 更多查看文件的用法

man find

find /tmp -name core -type f -print | xargs /bin/rm -f
       Find files named core in or below the directory /tmp and delete them.  Note that this will work incor‐
       rectly if there are any filenames containing newlines, single or double quotes, or spaces.

find /tmp -name core -type f -print0 | xargs -0 /bin/rm -f

       Find files named core in or below the directory /tmp and delete them, processing filenames in  such  a
       way  that file or directory names containing single or double quotes, spaces or newlines are correctly
       handled.  The -name test comes before the -type test in order to avoid having to call stat(2) on every
       file.

find . -type f -exec file '{}' \;
       Runs  `file'  on every file in or below the current directory.  Notice that the braces are enclosed in
       single quote marks to protect them from interpretation as shell script punctuation.  The semicolon  is
       similarly  protected by the use of a backslash, though single quotes could have been used in that case
       also.

 find / \
       \( -perm -4000 -fprintf /root/suid.txt %#m %u %p\n \) , \
       \( -size +100M -fprintf /root/big.txt %-10s %p\n \)
       Traverse the filesystem just once, listing setuid files and directories into /root/suid.txt and  large
       files into /root/big.txt.

find $HOME -mtime 0
       Search  for files in your home directory which have been modified in the last twenty-four hours.  This
       command works this way because the time since each file was last modified is divided by 24  hours  and
       any  remainder  is discarded.  That means that to match -mtime 0, a file will have to have a modifica‐
       tion in the past which is less than 24 hours ago.

find /sbin /usr/sbin -executable \! -readable -print
       Search for files which are executable but not readable.

find . -perm 664
       Search for files which have read and write permission for their owner,  and  group,  but  which  other
       users  can read but not write to.  Files which meet these criteria but have other permissions bits set
       (for example if someone can execute the file) will not be matched.

 find . -perm -664
       Search for files which have read and write permission for their owner and group, and which other users
       can  read,  without  regard  to  the presence of any extra permission bits (for example the executable
       bit).  This will match a file which has mode 0777, for example.

find . -perm /222
       Search for files which are writable by somebody (their owner, or their group, or anybody else).


find . -perm /220
find . -perm /u+w,g+w
find . -perm /u=w,g=w
find . -perm 664
       Search for files which have read and write permission for their owner,  and  group,  but  which  other
       users  can read but not write to.  Files which meet these criteria but have other permissions bits set
       (for example if someone can execute the file) will not be matched.

find . -perm -664
       Search for files which have read and write permission for their owner and group, and which other users
       can  read,  without  regard  to  the presence of any extra permission bits (for example the executable
       bit).  This will match a file which has mode 0777, for example.

       All three of these commands do the same thing, but the first one uses the octal representation of  the
       file  mode,  and  the  other two use the symbolic form.  These commands all search for files which are
       writable by either their owner or their group.  The files don't have to be writable by both the  owner
       and group to be matched; either will do.

find . -perm -220
find . -perm -g+w,u+w
       Both  these  commands  do  the same thing; search for files which are writable by both their owner and
       their group.

find . -perm -444 -perm /222 ! -perm /111
find . -perm -a+r -perm /a+w ! -perm /a+x
       These two commands both search for files that are readable for everybody ( -perm -444 or -perm  -a+r),
       have  at  least  one  write bit set ( -perm /222 or -perm /a+w) but are not executable for anybody ( !
       -perm /111 and ! -perm /a+x respectively).

cd /source-dir
find . -name .snapshot -prune -o \( \! -name *~ -print0 \)| cpio -pmd0 /dest-dir
       This command copies the contents of /source-dir to /dest-dir, but omits files  and  directories  named
       .snapshot  (and  anything  in them).  It also omits files or directories whose name ends in ~, but not
       their contents.  The construct -prune -o \( ... -print0 \) is quite common.  The idea here is that the
       expression  before  -prune  matches  things which are to be pruned.  However, the -prune action itself
       returns true, so the following -o ensures that the right hand side is evaluated only for those  direc‐
       tories  which didn't get pruned (the contents of the pruned directories are not even visited, so their
       contents are irrelevant).  The expression on the right hand side of the -o is in parentheses only  for
       clarity.   It  emphasises  that the -print0 action takes place only for things that didn't have -prune
       applied to them.  Because the default `and' condition between tests binds more tightly than  -o,  this
       is the default anyway, but the parentheses help to show what is going on.

欢迎大家分享更好的思路,热切期待^^_^^ !

作者:qq_29277155 发表于2017/1/8 21:23:39 原文链接
阅读:13 评论:0 查看评论

知识来源: blog.csdn.net/qq_29277155/article/details/54236586

阅读:276650 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“[原]linux找出最近或者今天被修改的文件”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

❤人人都能成为掌握黑客技术的英雄❤

ADS

标签云