Solved

How to find files created on a date range in linux?

Posted on 2013-11-19
6
531 Views
Last Modified: 2013-11-19
Hi,

I try to find a way to find files by creation time. Not accesses or modified but created.
Basically I like to find files that were uploaded or created in the last 7 days. It seems someone uploaded a hostile program that auto sends messages. I need to find it. I found some commands but nothing that only shows files created in a specific date range or lest say in the last 7 days.

I would appreciate if anyo0ne has a solution for me that allows me to find files on creation time.

Best wishes,
Thomas
0
Comment
Question by:Thomanji
  • 3
  • 2
6 Comments
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39661456
Try?
find /path -type f -ctime +7 

Open in new window

0
 

Author Comment

by:Thomanji
ID: 39661465
Hi,
Thanks but does not work, it shows me thousands of files even the ones on some locations that were not modified or accessed.

Any other ideas?

Best wishes,
Thom
0
 
LVL 21

Accepted Solution

by:
Mazdajai earned 500 total points
ID: 39661498
Interesting. Give this a shot.
touch -t `date -d '7 day ago' +%Y%m%d%H%M` /tmp/7dayago
find / -type f -newer /tmp/7dayago

Open in new window

0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 76

Expert Comment

by:arnold
ID: 39661513
You need to use -ctime n -ctime m to specify a range.


The example deals with files created more than 7 days ago. (Mazdajai may, as I had to reread what you were asking)


You need to specify where you want to look.  

find /path/to/where/you/want/to/search -ctime -7

-ctime -7 -ctime -4 will list files created between 4 and 7 days ago.

Note that a malicious program may have altered the tine stamp on the file so that it might not be found.

LOOK AT /var/log/maillog to see if the mailing is going through your system

You could modify /etc/php.ini  to configure sendmail for pgp to pass through a wrapper that could help detect/prevent this issue.

Configuring a proxy/firewall settings could be an approach to quickly lock the system down until you can determine ...

I.e is the local mailserver is not being used, you can configure it to route emails to another mail server by a special port, you can then configure iptables to deny outgoing SMTP port 25 traffic and possibly depending on the load on the system, other options exist.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39661524
Arnold has some good suggestions.

More digging through -  I don't think ctime can be used reliably measure creation time as it means recent time that inode was changed?
0
 

Author Closing Comment

by:Thomanji
ID: 39661628
Hi Mazdajai,

This works fine, thank you very much.
I did find my hostile file and it saved me a lot of time.
Thank you very much, I do appreciate the help on this.

Best wishes,
Thom
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now