[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 463
  • Last Modified:

I need bash commands to investigate a 1 gig addition to our systems.

We manage systems and have customers.   Many of our systems have used an extra gig of space today and I can not figure out what the customer has done.

I need Linux commands to:
1) find all directories created in the last week
2) all files that were installed in the last week
3) the size of each directory and subdirectory so in the future I can compare the growth.
4) hair because at this point I have it pulled out


I did check the rpm's and none were installed in the last 2 months.

Redhat 5 and above, bash, and I can not install any software.
0
TIMFOX123
Asked:
TIMFOX123
  • 2
  • 2
  • 2
  • +2
3 Solutions
 
Seth SimmonsSr. Systems AdministratorCommented:
find all directories created in the last week

find -type d -mtime -7 (mtime is modification time)

all files that were installed in the last week

find -type f -mtime -7

the size of each directory and subdirectory so in the future I can compare the growth

du -hsc */ (replace */ with any folder name if not the current)

hair because at this point I have it pulled out

linux can't help with hair loss restoration
0
 
arnoldCommented:
Lsof /var if that is the filesystemwherethe extra space is.

Likely issue is that you have a process that is writing to a log file that could have been deleted.
I.e. If you restart the correct service, the space will be released.

I.e. Process writing into /var/log/testfile, you then issue an rm /var/log/testfile
The filehandle/inode will continue to be used by the writing process, even though nothing on the filesystemi.e. Du, find, ls etc. will not be able to see it.
Lsof can be used to scan the running processes and the partition to identify the resource.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
lsof is for currently open files
if the extra file system space is used by a file that isn't currently in use, lsof is useless
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
SurranoCommented:
Sometimes open files are deleted but still open and occupying space so yes that is a viable explanation.

Best is to check the directory space used by files against space free on filesystem
# fs free space
df -k
# for each mount point, e.g. /, /home, /var
du -xsk / /home /var

Open in new window

The -x flag will prevent du from crossing mount-point borders, i.e. "du -xsk /" won't include the rest.
If you see that for one of the filesystems there is a significant difference between used space reported by df and by du (df shows more space used), then it is an open file deleted. In that case you can use lsof to find it:
lsof -X <filesystem> | grep deleted

Open in new window


If there are no (significant amount of) deleted open files, then you may use find to identify single large files like this, e.g. for files greater than 10m:
find / -type f -mtime -7 -size +10240k

Open in new window

0
 
SurranoCommented:
4) hair restoration is best done by:
http://www.vargacseppek.hu/
been there, done that. Honest.
0
 
gheistCommented:
You should be using some system integrity checking solution.

# rpm -Va
will verify if all rpm-installed files are intact and with good permissions *no binaries should have been changed, sure it is ok that config files are adapted

I suggest you install some rootkit check like rkhunter from EPEL (you can run download from sf.net, but epel is configured to not give false positives on default RHEL system)
0
 
TIMFOX123Author Commented:
Thank you all
0
 
gheistCommented:
I would say that you forgot one comment that addressed 4th part of question...
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now