On Thu, 26 Feb 2015 at 12:02:52 -0600, Mark Felder wrote:> On Wed, Feb 25, 2015, at 14:19, Walter Hop wrote: > > > > Example: > > # touch -t 201501010000 foo > > # find / -user www -newer foo > > Thanks for posting this trick -- I've never considered it before and > will certainly put it in my toolbox!While Walter is correct to give the universal form, if you know your system supports the -newerXY option you can skip the temporary file and use: # find / -user www -newermt 2015-01-01 Find is fun program to get to grips with to spot odd things going on. There's a tendency to assume you need to know what your looking for in the first place, but you can also tell it to show you things you don't know about: Files with an unknown user or group (tidying up after restoring partially from a backup, or spotting hacks that weren't quite elegant enough): # find / -nouser -o -nogroup I know my $PATH will have executables in it, and some other directories are almost certain to contain executables as well. But where are there executables that aren't in the usual places (maybe hacks, maybe users riding roughshod across the system installing things in strange places to trip people up later when they don't get patched)? # find -E / -type d -regex "`echo $PATH | sed -e \"s/:/\|/g\"`|/usr/libexec|/boot|/usr/src|/usr/local/etc/rc.d|/usr/local/lib|/usr/local/libexec|/usr/ports/.*/work|/usr/obj|/rescue|/etc/rc.d|/etc/periodic|/libexec" -prune -o -type f -perm +111 -print And you can combine them, of course: modified since 1st Jan 2015, a regular file and executable: # find / -newermt 2015-01-01 -type f -perm +111 Glyn. (Something of a fan of find :-)
On Thu, Feb 26, 2015, at 14:12, Glyn Grinstead wrote:> On Thu, 26 Feb 2015 at 12:02:52 -0600, Mark Felder wrote: > > On Wed, Feb 25, 2015, at 14:19, Walter Hop wrote: > > > > > > Example: > > > # touch -t 201501010000 foo > > > # find / -user www -newer foo > > > > Thanks for posting this trick -- I've never considered it before and > > will certainly put it in my toolbox! > > While Walter is correct to give the universal form, if you know your > system > supports the -newerXY option you can skip the temporary file and use: > > # find / -user www -newermt 2015-01-01 > > Find is fun program to get to grips with to spot odd things going on. > There's a tendency to assume you need to know what your looking for in > the first place, but you can also tell it to show you things you don't > know about: > > Files with an unknown user or group (tidying up after restoring partially > from a backup, or spotting hacks that weren't quite elegant enough): > > # find / -nouser -o -nogroup > > I know my $PATH will have executables in it, and some other directories > are > almost certain to contain executables as well. But where are there > executables that aren't in the usual places (maybe hacks, maybe users > riding > roughshod across the system installing things in strange places to trip > people up later when they don't get patched)? > > # find -E / -type d -regex "`echo $PATH | sed -e > \"s/:/\|/g\"`|/usr/libexec|/boot|/usr/src|/usr/local/etc/rc.d|/usr/local/lib|/usr/local/libexec|/usr/ports/.*/work|/usr/obj|/rescue|/etc/rc.d|/etc/periodic|/libexec" > -prune -o -type f -perm +111 -print > > And you can combine them, of course: modified since 1st Jan 2015, a > regular > file and executable: > > # find / -newermt 2015-01-01 -type f -perm +111 > > Glyn. > (Something of a fan of find :-)Please partner with MW Lucas and write a "find mastery" to document all of these clever uses of find. (I'd read it.)
I'd also suggest you take a look at using mtree for tripwire-like functionality into the future - its primary purpose is to be able to take the specification for a directory tree and either report differences or make the filesystem conform to the specification. not sure whether it is used in the base FreeBSD system but it's definitely part of NetBSD where it is used to confirm the permissions and other metadata information for files from each of the release tarballs and (iirc) runs once a week as part of normal system cron mtree can also be turned on a directory tree to capture a specification that matches it ... it is better than find in this instance for comparing the state of a filesystem over time as it can be set to calculate file digests by a variety of algorithms and produce output that can be parsed and compared against later (which can be difficult with the -ls output from find) I also found a copy of it to run on Solaris to confirm that changes we were making to our source only had the desired impacts to large application data sets as part of our upgrade process plus until I mentioned it here, it might have been obscure enough for it not to be trojanned by a rootkit ... :) Hope that helps, Malcolm -- Malcolm Herbert mjch at mjch.net