Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to find files created on a date range in linux?

Posted on 2013-11-19
6
Medium Priority
?
726 Views
Last Modified: 2013-11-19
Hi,

I try to find a way to find files by creation time. Not accesses or modified but created.
Basically I like to find files that were uploaded or created in the last 7 days. It seems someone uploaded a hostile program that auto sends messages. I need to find it. I found some commands but nothing that only shows files created in a specific date range or lest say in the last 7 days.

I would appreciate if anyo0ne has a solution for me that allows me to find files on creation time.

Best wishes,
Thomas
0
Comment
Question by:Thomanji
  • 3
  • 2
6 Comments
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39661456
Try?
find /path -type f -ctime +7 

Open in new window

0
 

Author Comment

by:Thomanji
ID: 39661465
Hi,
Thanks but does not work, it shows me thousands of files even the ones on some locations that were not modified or accessed.

Any other ideas?

Best wishes,
Thom
0
 
LVL 21

Accepted Solution

by:
Mazdajai earned 2000 total points
ID: 39661498
Interesting. Give this a shot.
touch -t `date -d '7 day ago' +%Y%m%d%H%M` /tmp/7dayago
find / -type f -newer /tmp/7dayago

Open in new window

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 80

Expert Comment

by:arnold
ID: 39661513
You need to use -ctime n -ctime m to specify a range.


The example deals with files created more than 7 days ago. (Mazdajai may, as I had to reread what you were asking)


You need to specify where you want to look.  

find /path/to/where/you/want/to/search -ctime -7

-ctime -7 -ctime -4 will list files created between 4 and 7 days ago.

Note that a malicious program may have altered the tine stamp on the file so that it might not be found.

LOOK AT /var/log/maillog to see if the mailing is going through your system

You could modify /etc/php.ini  to configure sendmail for pgp to pass through a wrapper that could help detect/prevent this issue.

Configuring a proxy/firewall settings could be an approach to quickly lock the system down until you can determine ...

I.e is the local mailserver is not being used, you can configure it to route emails to another mail server by a special port, you can then configure iptables to deny outgoing SMTP port 25 traffic and possibly depending on the load on the system, other options exist.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39661524
Arnold has some good suggestions.

More digging through -  I don't think ctime can be used reliably measure creation time as it means recent time that inode was changed?
0
 

Author Closing Comment

by:Thomanji
ID: 39661628
Hi Mazdajai,

This works fine, thank you very much.
I did find my hostile file and it saved me a lot of time.
Thank you very much, I do appreciate the help on this.

Best wishes,
Thom
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
The viewer will learn how to dynamically set the form action using jQuery.
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question