Objective
One of the basic features of Linux is that all files, in the system management process will inevitably encounter the need to find various types of files, then how to prepare a quick Find location, this article will be on the Linux System File Finder Tool and usage of detailed;
Common tool Comparisons
Common file Finder tools include locate (non-real-time lookup) and find (real-time lookup). Locate lookup depends on the index, and the index is built quite a few resources, the index is created when the system is idle by the system automatic (daily Task), manually created can use the UpdateDB command, Find Fast but the results are not accurate, that is, Fuzzy Lookup. and find relative to locate, is to traverse all the files to match the condition, the lookup speed is slow but the result is accurate, that is, accurate search. In short, find (real-time lookup) is unintentionally more efficient for a real-world production environment.
Common Find class commands
Name: Whereis
Function: Locate the directory where the file is located
Usage: Whereis shell command
Note: Whereis is based on the environment variable path to find the file, and path is usually set to the path that holds the command, such as/bin,/sbin,/usr/bin, and so on. Therefore, the use of Whereis is limited to locating the location of the shell command.
[Email protected] ~]# Whereis ifconfigifconfig:/sbin/ifconfig/usr/share/man/man8/ifconfig.8.gz
Name: Locate
Function: Locate file name or directory name
Note: Locate is not installed by default and its package name is:mlocate can be installed directly with Yum. Locate is also a common way to find files in the system, but it is not directly from the disk to find files in real-time, but by the UpdateDB command generated by the repository to find the appropriate files and directories.
Note: If locate cannot find a command, but determines that the file exists, because the updatedb generated repository has expired, you only need to execute the updatedb command as root and re-establish the repository for all files and directories throughout the system. However, the UpdateDB command compares take-up resources and is generally not recommended for manual updates.
Use of the Find command
Command format:
find [options] [Find path] [find condition] [processing action]
Find path: Default to Current path
Search criteria: Default to the specified directory so the file
Handling actions: Default to display to screen
Condition Lookup
-name "file name": Supports the use of globbing characters *: Any character of any length?: any single character []: any character in the range [^]: Any character outside the range-iname "file name": Ignore character case when looking up-user US Ername: Based on the owner of the file find-group GRPNAME: Find-uid uid based on the genus Group of the file: Find-gid gid based on user uid: Find-nouser based on user gid: Find a file without a master-nogroup: Find files that are not owned by a group
Combination condition Lookup
-A: With, while satisfying the-o: Or, satisfying one can-not:! Non, conditional inversion
File Type Lookup
-type Type: Search by file type F: normal file D: Directory file L: Symbolic link B: Block device C: Character device s: Socket file P: Named pipe-size [+|-] #UNIT: According to File size find common units: K,m,g #UNIT: #-1<x<=#-#UNIT: X<=#-1 + #UNIT: x># (x is the file size to match to)
Time Stamp Lookup
-atime (Access time) in "Days" [+|-]# +#:x>=#+1-#:x<# #:#<=x<#+1 (x is the file time matched to)-mtime (modified time)-ctime (change time)-atime-mtime-ctime "minutes" (IBID.)
Permission Lookup
-perm [+|-]mode mode: Exact match to mode +mode: The permissions of any class of user can be-mode by including any one of the permissions assigned to it: Each user-specified check permission matches
Handling actions
-print: Default processing action, display-ls: Similar to ls-l-exec command {} \;-ok command {} \; #find一次性查找符合条件的所有文件, and passed to the command specified later in-exec or-OK, but some commands cannot accept too long arguments, use another way: Find | Xargs COMMAND
Find combat
1. Look for the files in the/etc/init.d/directory that contain E and end with S and copy them to/tmp [[email protected] ~]# ls /etc/init.d/auditd ip6tables mdmonitor network ntpdate rsyslog sshdcrond iptables messagebus nginx postfix sandbox svnservefunctions kdump netconsole nginx-debug rdisc saslauthd udev-posthalt killall netfs ntpd restorecond single[[email protected] ~]# find /etc/init.d/ -name&nBSP; " *e*s " -exec cp {} /tmp \; [[email protected] ~]# ls /tmpip6tables iptables messagebus &NBSP;NETFS&NBSP;&NBSP;2, find/var/directory belongs to the owner of the root and belongs to the group mail so file [[email protected] ~]# find /var/ &NBSP;-USER&NBSP;ROOT&NBSP;-GROUP&NBSP;MAIL/VAR/SPOOL/MAIL/VAR/SPOOL/MAIL/ROOT3, find/usr/directory does not belong to the root, All files of bin or bjwf [[[Email protected] ~]# find /usr/ -not \ ( -user root -o -user bin -o -user bjwf \)/usr/local/nginx/usr/local/nginx/sbin/usr/ Local/nginx/sbin/nginx4, find files that have been modified in the/TMP directory for the last 7 days and that are not root and bjwf and display attribute information [[Email protected] ~]# find /tmp -mtime -7 -not \ ( -user root -o -user bjwf \) -ls262152 0 -rw-r--r-- 1 nginx Nginx 0 5 Month 23 14:58 /tmp/sum.sh5, find files that are not owned by the master or group on the current system and have been accessed in the last 1 months [[Email protected] ~]# find / \ ( -nouser -o -nogroup \) -a -atime -306, find all files that are larger than 1M in the/etc/directory and are of the normal file type [[email protected] ~]# find /etc/ -type f -size +1m/etc/pki/tls/certs/ ca-bundle.trust.crt/etc/selinux/targeted/modules/active/policy.kern/etc/selinux/targeted/policy/policy.247, Find/ etc/directory All users do not have write permission to the file [[email protected] ~]# find /etc/ -not -perm +222/etc/ Openldap/certs/password/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt/etc/pki/ca-trust/extracted/java /cacerts/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem/ etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem/etc/ld.so.conf.d/kernel-2.6.32-573.el6.x86_64.conf/etc/ SHADOW/ETC/GSHADOW/ETC/SHADOW-/ETC/SUDOERS8, find at least one class of users in the/etc/directory does not have write access [[Email protected] ~]# find /etc/ -not -perm -222 > /tmp/perm[[email protected] ~]# wc -l /tmp/perm #文件太多, so append to/tmp/perm under 1019 /tmp/perm 9, find/etc/rc.d/directory, all users have execute permission and other users have write permission files [[email protected] ~]# find /etc/rc.d -perm -113 > /tmp/perm.113 [[email protected] ~]# wc -l /tmp/perm.113163 /tmp/perm.11310, in/apps/ In the audit directory, look for files with read, write, and execute permissions for all users, and reclaim the appropriate write permissions # find /apps/audit -perm -7 -print | Xargs chmod o-w
This article is from the "Ask Heaven" blog, please make sure to keep this source http://79076431.blog.51cto.com/8977042/1782119
Linux file Lookup