Find all files in subdirectories modiffied in time frame

P

postcd

Guest
Hello,

someone bad php scripts was inserted in my websites various folders, i want to ask You for help what is the command which will find all files created/modiffied between July 13 and 14 or even between certain hours in this date timeframe. The infected directory and subdirectories is: /home/myusername/www/
 


There are probably several ways, but here's one way off the top of my head:
1. Create two temporary, empty files with timestamps of the start and end dates you want to check for:
Code:
touch /tmp/startdate -t 201407130000
touch /tmp/enddate -t 201407142359

This creates two files in /tmp/ called startdate and enddate. The time-stamp on startdate is midnight (00:00 hrs) on 13th July 2014 and the timestamp of enddate is 23:59 hrs on 14th July 2014.

2. Next use find to find all files created/modified between the two dates:
Code:
find /home/myusername/www/ -cnewer /tmp/startdate -and ! -cnewer /tmp/enddate

That should list all files in www (and subfolders) that were modified between midnight on July 13th and 23:59 on July 14th.
 
Another way would be

Code:
find . -type f -newermt "2014-07-13 18:53:00" ! -newermt "2014-07-14 20:35:00"

Adjust the date/time as necessary

Good luck ;)
 
I didn't know about the -newermt option. That's much easier than my way.

Just had a look at the man pages for find on my system and there is no mention of it in there! So at least I'm not going mad.

That said, a search for newermt in the info page for find does show the option. Looks like an RTFM failure on my part! Never really needed to use the info page for find though. Kinda assumed that all of the relevant options would be listed in the man page, so perhaps the -newermt option should be listed in the man page. In which case, perhaps it is a documentation fail! Heh heh!
 
I think you'll find it with

Code:
man find|grep -A13 'newerXY reference'

The 'mt' is interchangeable
 

Members online


Top