| |
Find command
- Uses: used to find a file or directory
- Format: find [Look] [search condition]
Common search criteria
--name: by file name lookup
--size: Find by file size
--user: Find by file owner
--type: Find by file type
--print: to \ n newline print out the file (path)
Advanced search criteria
--perm: Press the permission lookup
--ctime (-cmin): Press file creation time (in days) to find
--atime (-amin): Access time to find
--mtime (-mmin): Find modification time
--newer: Find updates than the specified file
--delete: delete files that meet the search criteria
-! : Take the inverse operation
--exec: Find and then perform the operation
Operation combat:
Find / tmp directory under the file name and remove core.
core files are temporary files generated by certain applications, a long time will be very consuming storage space,
Further hacker with ulterior motives may make use of the file system damage. Command is as follows:
find / tmp -name core -type f -print | xargs / bin / rm -f
Such commands in the system, the average user at runtime identity is replaced by root,
Should command the class effectively prevent hackers managed to increase some dangerous commands such orders.
Our approach is to find these commands /root/suid.txt and saved to a file, and regular inspection.
Command is as follows:
find / \ (-perm -4000 -fprintf /root/suid.txt '% # m% u% p \ n' \)
Find more than 100M of files throughout the system and saved to /root/big.txt file.
Command is as follows:
find / \ (-size + 100M -fprintf /root/big.txt '$ -10s% p \ n' \)
Find in the current directory and its user group has write access to the file, the command is as follows:
find. -perm -g + w, u + w
Find the name of the system user and group has write access to the directory and the directory to save the user permissions to wdir file.
Command is as follows:
find / \ (-perm -u + w, g + w -type d -fprintf / root / wdir '% m% u% p \ n' \)
Find the entire system and any writable directory, and save the name of the directory, users, permissions to wrap manner to wdir file. Command is as follows:
find / \ (-perm -o + w -type d -fprintf / root / wdir '% m% u% p \ n' \)
Find all the current read and write permissions, but no execute permissions to the directory of files and directories. Command is as follows:
find. -perm -a + r -perm / a + w! -perm / a + x
find support variables, find the $ HOME directory variable, within 24 hours of changed files. Command is as follows:
find $ HOME -mtime 0
Find the file in the current directory and view its file type. Command is as follows:
. Find -type f -exec file '{}' \; |
|
|
|