Solved

How to find files created on a date range in linux?

Posted on 2013-11-19
6
595 Views
Last Modified: 2013-11-19
Hi,

I try to find a way to find files by creation time. Not accesses or modified but created.
Basically I like to find files that were uploaded or created in the last 7 days. It seems someone uploaded a hostile program that auto sends messages. I need to find it. I found some commands but nothing that only shows files created in a specific date range or lest say in the last 7 days.

I would appreciate if anyo0ne has a solution for me that allows me to find files on creation time.

Best wishes,
Thomas
0
Comment
Question by:Thomanji
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39661456
Try?
find /path -type f -ctime +7 

Open in new window

0
 

Author Comment

by:Thomanji
ID: 39661465
Hi,
Thanks but does not work, it shows me thousands of files even the ones on some locations that were not modified or accessed.

Any other ideas?

Best wishes,
Thom
0
 
LVL 21

Accepted Solution

by:
Mazdajai earned 500 total points
ID: 39661498
Interesting. Give this a shot.
touch -t `date -d '7 day ago' +%Y%m%d%H%M` /tmp/7dayago
find / -type f -newer /tmp/7dayago

Open in new window

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 78

Expert Comment

by:arnold
ID: 39661513
You need to use -ctime n -ctime m to specify a range.


The example deals with files created more than 7 days ago. (Mazdajai may, as I had to reread what you were asking)


You need to specify where you want to look.  

find /path/to/where/you/want/to/search -ctime -7

-ctime -7 -ctime -4 will list files created between 4 and 7 days ago.

Note that a malicious program may have altered the tine stamp on the file so that it might not be found.

LOOK AT /var/log/maillog to see if the mailing is going through your system

You could modify /etc/php.ini  to configure sendmail for pgp to pass through a wrapper that could help detect/prevent this issue.

Configuring a proxy/firewall settings could be an approach to quickly lock the system down until you can determine ...

I.e is the local mailserver is not being used, you can configure it to route emails to another mail server by a special port, you can then configure iptables to deny outgoing SMTP port 25 traffic and possibly depending on the load on the system, other options exist.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39661524
Arnold has some good suggestions.

More digging through -  I don't think ctime can be used reliably measure creation time as it means recent time that inode was changed?
0
 

Author Closing Comment

by:Thomanji
ID: 39661628
Hi Mazdajai,

This works fine, thank you very much.
I did find my hostile file and it saved me a lot of time.
Thank you very much, I do appreciate the help on this.

Best wishes,
Thom
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question