find | foxpa.ws

Posts Tagged ‘find’

Find Files Which Have Been Recently Modified or Created

April 23rd, 2013
By كارما
Write comment

Has your outdated wordpress or other shrinkwrapware been compromised? (Yes >.>)

After taking steps to shut down the site you should probably use the find command to check to see if there are any unusual files which have been uploaded recently. If you scramble to close the hole and do updates before this step you will likely end up drowning any suspects in the results.

If you don’t remove, for example, a phishing page before plugging the hole you:

May never find out it’s there
Are contributing to phishing
One day your ISP will probably forward you a sternly worded letter from the victimized institution and threaten to drop your service if the page is not removed in 24 hours

Use your imagination if it’s something worse, like a rootkit or webshell.

It is necessary to determine the earliest possible time the attack could have taken place. It won’t kill you to add a day or two for safety.

# find /var/www/localhost/htdocs/ -type f -ctime -X

Where X is the number of days to look back.

attack . attacker . automated . cms . compromise . compromised . exploit . exploited . find . fraud . hack . hacker . hacking . hole . insecure . isp . malicious software . open source . phishing . rootkit . Security . shrinkwrapware . upload . vector . vulnerability . webshell . wordpress
Write comment

/bin/rm: Argument list too long

June 27th, 2012
By كارما
Write comment

You may encounter this error when deleting all the files in a given directory:

/bin/rm: Argument list too long

This happens because you can only pass 128K of command line and environment data; doing an rm * first fills that buffer with all of the filenames in the given directory.

The solution is to feed the contents of the directory to rm one-by-one:

find ./path/ -print0 | xargs -0 rm

argument list . bash . buffer . command line . environment . find . rm . variable . variables . xargs
2 comments

Find and Delete the Largest Files on a File System

April 17th, 2012
By كارما
Write comment

The fastest way to find large or run-away files on a whole filesystem or specific directory is to run:

find / -type f -follow | xargs ls -l | sort -r -n -k 5,5 | head -20

Where / is the target and 20 is the number of results you would like to see (sparing yourself a flooded terminal buffer). The output looks something like:

-rw-r--r-- 1 karma  karma  358826880 Jan 22  2011 dist/clear-trollup.tar.lzma
-rw-r--r-- 1 karma  karma  273621974 Oct 20  2010 dist/clear-foxpaws.hvm.hdd.tar.lzma
-rw-r--r-- 1 karma  karma  273399504 Oct 20  2010 dist/clear-foxpaws.tar.lzma
-rw-r--r-- 1 karma  karma   22299432 Dec  9 19:21 dist/megaupload.mp4
-rw-r--r-- 1 root   root     2815800 Nov 27 19:45 dist/kernel-domU-2.6.38
-rw-r--r-- 1 root   root     2569440 Apr 17 19:13 dist/kernel-domU-3.2.12
...

There is a much cooler but equally less efficient way: the “File Size View” graphical file manager for KDE’s Konqueror. You may need to install the konqueror-plugins package if it is not already available.

File Size View does not work over kio abstractions (ssh/sftp/fish/ftp etc) but works fine (excruciatingly slowly) over NFS.

LiteStar says:

$ find . -type f -size +30M

This will give you a list of all the files over 30MB.

UPDATE Your woes may not be over. Even after deleting files they can stick around until every process that is using them has terminated. Please continue reading Find the Largest Open Files and Their Owner(s) on Linux with lsof if you are experiencing problems with “ghost files.”