• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 763
  • Last Modified:

How to find files created on a date range in linux?

Hi,

I try to find a way to find files by creation time. Not accesses or modified but created.
Basically I like to find files that were uploaded or created in the last 7 days. It seems someone uploaded a hostile program that auto sends messages. I need to find it. I found some commands but nothing that only shows files created in a specific date range or lest say in the last 7 days.

I would appreciate if anyo0ne has a solution for me that allows me to find files on creation time.

Best wishes,
Thomas
0
Thomanji
Asked:
Thomanji
  • 3
  • 2
1 Solution
 
MazdajaiCommented:
Try?
find /path -type f -ctime +7 

Open in new window

0
 
ThomanjiAuthor Commented:
Hi,
Thanks but does not work, it shows me thousands of files even the ones on some locations that were not modified or accessed.

Any other ideas?

Best wishes,
Thom
0
 
MazdajaiCommented:
Interesting. Give this a shot.
touch -t `date -d '7 day ago' +%Y%m%d%H%M` /tmp/7dayago
find / -type f -newer /tmp/7dayago

Open in new window

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
arnoldCommented:
You need to use -ctime n -ctime m to specify a range.


The example deals with files created more than 7 days ago. (Mazdajai may, as I had to reread what you were asking)


You need to specify where you want to look.  

find /path/to/where/you/want/to/search -ctime -7

-ctime -7 -ctime -4 will list files created between 4 and 7 days ago.

Note that a malicious program may have altered the tine stamp on the file so that it might not be found.

LOOK AT /var/log/maillog to see if the mailing is going through your system

You could modify /etc/php.ini  to configure sendmail for pgp to pass through a wrapper that could help detect/prevent this issue.

Configuring a proxy/firewall settings could be an approach to quickly lock the system down until you can determine ...

I.e is the local mailserver is not being used, you can configure it to route emails to another mail server by a special port, you can then configure iptables to deny outgoing SMTP port 25 traffic and possibly depending on the load on the system, other options exist.
0
 
MazdajaiCommented:
Arnold has some good suggestions.

More digging through -  I don't think ctime can be used reliably measure creation time as it means recent time that inode was changed?
0
 
ThomanjiAuthor Commented:
Hi Mazdajai,

This works fine, thank you very much.
I did find my hostile file and it saved me a lot of time.
Thank you very much, I do appreciate the help on this.

Best wishes,
Thom
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now