Linux System Find command detailed

Find Command

– Purpose: Used to find files or directories

– format: Find [ look in ] [ find Criteria ]

Common search criteria

– -name : Find by file name

– -size : Find by File size

– -user : Search by file owner

– -type : Find by File type

– -print : To \ n Print a file (path) for a newline character

Advanced Find Criteria

– -perm : Search by Permissions

– - CTime ( - Cmin ): Find by File creation time (in days)

– - ( - ): Find by Access time

– - Mtime ( - Mmin ): Modify Time Lookup

– -newer : Find files that are newer than the specified file

– -delete : Delete a file that satisfies the search criteria

– ! : Take counter action

– -exec : Find and then perform an action

Operation Combat:

Look for the file named Core in the/tmp directory and delete it.
A core file is a temporary file generated by some applications that consumes storage space for a long time.
In addition, the malicious hacker may use this file to cause damage to the system. The command is as follows:
Find/tmp-name Core-type F-print |xargs/bin/rm-f

There are such commands in the system that the normal user is replaced with root at run time.
This type of command should be effectively managed to prevent hackers from adding such commands to certain dangerous commands.
Our approach is to find these commands and save them to the/root/suid.txt file, and check them regularly.
The command is as follows:
Find/\ (-perm-4000-fprintf/root/suid.txt '% #m%u%p\n ' \)

Find files larger than 100M in the entire system and save them in the/root/big.txt file.
The command is as follows:
Find/\ (-size +100m-fprintf/root/big.txt ' $-10s%p\n ' \)

In the current directory, look for files that have write permissions for users and their groups, with the following command:
Find. -perm-g+w,u+w

Find directories with Write permissions for users and groups throughout the system and save the name, user, and permissions of the directory to the Wdir file.
The command is as follows:
Find/\ (-perm-u+w,g+w-type d-fprintf/root/wdir '%m%u%p\n ' \)

Find a directory that can be written by anyone in the entire system, and save the name, user, and permissions of the directory to the Wdir file in a newline style. The command is as follows:
Find/\ (-perm-o+w-type d-fprintf/root/wdir '%m%u%p\n ' \)

Finds all files and directories in the current directory that read and write permissions but do not have permission to execute. The command is as follows:
Find. -perm-a+r-perm/a+w! -perm/a+x

Find supports variables that look for files that have been modified within 24 hours of the $home variable directory. The command is as follows:
Find $HOME-mtime 0

Find files in the current directory and view their file types. The command is as follows:
Find. -type f-exec file ' {} ';

This article is from the blog, "to work well with the good system", make sure to keep this source http://stlong.blog.51cto.com/5144113/1426544