In the first part we talked about find command basic usage.
Now let us see how to use find command
(a) To gain lots of useful information about users and their files
(b) Monitor and enhance the security of system using find command
Finding all set user id files
setuid ("suid") and setgid are access right flags that can be assigned to files and directories on a Unix based operating system. They are mostly used to allow users on a computer system to execute binary executables with temporarily elevated privileges in order to perform a specific task.
# find / -perm +u=s
OR
# find / -perm +4000
See also, shell script to find all programs and scripts with setuid set on.
Finding all set group id files
# find / -perm +g=s
OR
# find / -perm +2000
See also, shell script to find all programs and scripts with setgid bit set on.
Finding all large directories
To find all directories taking 50k (kilobytes) blocks of space. This is useful to find out which directories on system taking lot of space.
# find / -type d -size +50k
Output:
/var/lib/dpkg/info /var/log/ksymoops /usr/share/doc/HOWTO/en-html /usr/share/man/man3
Finding all large files on a Linux / UNIX
# find / -type f -size +20000k
Output:
var/log/kern.log /sys/devices/pci0000:00/0000:00:02.0/resource0 /sys/devices/pci0000:00/0000:00:00.0/resource0 /opt/03Jun05/firefox-1.0.4-source.tar.bz2
However my favorite hack to above command is as follows:
# find / -type f -size +20000k -exec ls -lh {} \; | awk '{ print $8 ": " $5 }'
/var/log/kern.log: 22M /sys/devices/pci0000:00/0000:00:02.0/resource0: 128M /sys/devices/pci0000:00/0000:00:00.0/resource0: 256M /opt/03Jun05/firefox-1.0.4-source.tar.bz2: 32M
Above command will find all files block size greater than 20000k and print filename followed by the file size. Output is more informative as compare to normal find command output :D
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- 10 Greatest Open Source Software Of 2009
- My 10 UNIX Command Line Mistakes
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email this to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: Aug/24/2007
{ 1 trackback }
{ 8 comments… read them below or add one }
the last hack there is a nice one .. great having sizes show :)
The last hack for finding large files should be as follows
find / -type f -size +100000k -exec ls -lh {} ; | awk ‘{ print $9 “: ” $5 }’
–
Sharjeel
http://www.sharjeel.net
Thanks a bunch, that command string was just what I was looking for, and I had looked at around 20 other sites with nothing near as good. (As Sharjeel said $9 is the filename, at least on my system.)
To tweak the output and have the file sizes in a column, add this to the end:
| column -t
this just expands the tabs to even the columns out.
Thank you very much for this snip!!! I was looking all over for something this small and simple to tell me what I needed to know in a clear manner!
Thanks Again!
Very nice little piece of info.
Is there a way to escape file name spaces?
Output stops with colon at first win file name space for each file found.
Thanks FnG
In my system I had to remove the k from the size to work.
Valter, you are probably using HP-UX which does not accept (…+20000k) k for the size to work
how to redirect the running log file info to other file