Find

From My Wiki
Jump to navigation Jump to search

Search for bad code (like infected .htaccess) 

find /home/*/public_html -type f -exec grep -H "horriblesite.ru" {} \;

Search for core dumps 

find / -type f -regex ".*/core.[^a-zA-Z]*"

Change ownerships from old user to new user 

find /home/$newuser/public_html -user $olduser -exec chown -v $newuser '{}' \;
find /home/$newuser/public_html -group $olduser -exec chgrp -v $newuser '{}' \;

Find files for a specific date (substitute -l for -f to find symlinks) 

touch --date "2012-11-03" /tmp/start
touch --date "2012-11-04" /tmp/end
find /home/$user/public_html -type f -newer /tmp/start -not -newer /tmp/end

Find biggest individual files on /home, 1G and over 

find /home/ -type f -size +1G -exec ls -lah '{}' \; | grep -v '/home/virtfs' | sort -k5 -rh

Find biggest files on /, 1G and over, skipping /proc because of the way it reports: 

find / -type f -size +1G -not -path "/proc/*" -exec ls -lah '{}' \; | sort -k5 -rh

Find bad permissions/ownerships 

find /home/$user/public_html -not -user $user
find /home/$user/public_html -type d -group $user ! -perm 0000 ! -perm 0755
find /home/$user/public_html -type f -name '*.php'  ! -perm 0000 ! -perm 0644 ! -perm 0755
find /home/$user/public_html -type f -name '*.php' -user nobody
find /home/$user/public_html -type d -user nobody

Change them to safe permissions: 

find /home/$user/public_html -not -user $user -exec chown -v $user '{}' \; 
find /home/$user/public_html -type d -group $user ! -perm 0000 ! -perm 0755 -exec chmod -v 0755 '{}' \;
find /home/$user/public_html -type f -name '*.php' ! -perm 0000 ! -perm 0644 ! -perm 0755 -exec chmod -v 0644 '{}' \;
find /home/$user/public_html -type f -name '*.php' -user nobody -exec chown -v $user. '{}' \;
find /home/$user/public_html -type d -user nobody -exec chown -v $user. '{}' \;

Find symlinks and where they go 

find /home*/*/public_html -type l -exec ls -l {} \; > /root/symlinks

Find total size of older files 

find /home/*/mail/ ! -newer /home/temp/Jan12014 -exec ls -la '{}' \; | awk '{ s+=$5 } END { print s }'

Find and Delete the older e-mails 

find /home/*/mail/ -type f ! -newer /home/temp/Jan12014 -exec ls -lia '{}' \; | grep -iv 'courier\|dovecot\|maildir' > todelete.txt
CHECK FILE FOR MISMATCHES AND DELETE THEM
for i in $(cat todelete.txt | cut -d ' ' -f1); do find /home -inum $i -exec rm -vf '{}' \;; done

Find and Copy files 

find /home/*/mail/ -type f -name 'maildirsize' -exec cp -a {} {}.lwbak.08-22-2017 \;
Retrieved from "https://wiki.whatplanetisthis.net/index.php?title=Find&oldid=133"