Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Commands & Shells, Featured

Looking for Recently Changed Files

Submitted by on April 3, 2014 – 2:55 am

Locating most recently-modified files in the current directory is easy: ls -alt | head. However, searching a directory structure for recent changes may prove a little more challenging. The most common approach is to use the “find” command with “-mtime” or “-mmin” option, but there are a few other ways that may prove useful. Here are some examples of locating recently-modified files and doing things to them.

Using “ls” in the current directory: newest files are on top.

[root@host etc]# ls -lt | head -5
total 2988
-rw-r--r--  1 root   root    1484 Apr  2 20:06 mtab
-r--------  1 root   root    3147 Apr  2 18:41 shadow
-rw-r--r--  1 root   root    4104 Apr  1 12:58 passwd
-r--------  1 root   root    3147 Apr  1 12:58 shadow-

Using “find” recursively: newest file are on the bottom. Note: avoid using “sort -rn” with this command.
[root@host etc]# find `pwd` -type f -printf '%T@ %pn' | sort -n | tail -5 | cut -f2- -d" " | while read line ; do ls -als "${line}" ; done | column -t
8  -rw-r--r--  1  root  root  4041  Apr  1  12:02  /etc/passwd-
8  -rw-r--r--  1  root  root  4104  Apr  1  12:58  /etc/passwd
8  -r--------  1  root  root  3147  Apr  1  12:58  /etc/shadow-
4  -r--------  1  root  root  3147  Apr  2  18:41  /etc/shadow
4  -rw-r--r--  1  root  root  1484  Apr  2  20:06  /etc/mtab

Finding files older than two hours but newer than two days:
[root@host etc]# find `pwd` -type f -mmin +120 -mtime -2 -exec ls -als {} ; | column -t
8  -rw-r--r--  1  root  root  4104  Apr  1  12:58  /etc/passwd
4  -rw-r--r--  1  root  root  1484  Apr  2  20:06  /etc/mtab
8  -r--------  1  root  root  3147  Apr  1  12:58  /etc/shadow-
4  -r--------  1  root  root  3147  Apr  2  18:41  /etc/shadow
8  -rw-r--r--  1  root  root  4041  Apr  1  12:02  /etc/passwd-

Finding recently-changed files and displaying access time, inode and file modification timestamps:
[root@host etc]# find `pwd` -type f -printf '%T@ %pn' | sort -n | tail -5 | cut -f2- -d" " | while read line ; do echo "file_access_time: `ls -als ${line}`" ; echo "inode_mod_time: `ls -lacr ${line}`" ; echo "file_mod_time: `ls -latr ${line}`" ; echo "" ; done
file_access_time: 8 -rw-r--r-- 1 root root 4041 Apr  1 12:02 /etc/passwd-
inode_mod_time: -rw-r--r-- 1 root root 4041 Apr  1 20:11 /etc/passwd-
file_mod_time: -rw-r--r-- 1 root root 4041 Apr  1 12:02 /etc/passwd-

file_access_time: 8 -rw-r--r-- 1 root root 4104 Apr  1 12:58 /etc/passwd
inode_mod_time: -rw-r--r-- 1 root root 4104 Apr  1 20:11 /etc/passwd
file_mod_time: -rw-r--r-- 1 root root 4104 Apr  1 12:58 /etc/passwd

file_access_time: 8 -r-------- 1 root root 3147 Apr  1 12:58 /etc/shadow-
inode_mod_time: -r-------- 1 root root 3147 Apr  1 20:11 /etc/shadow-
file_mod_time: -r-------- 1 root root 3147 Apr  1 12:58 /etc/shadow-

file_access_time: 4 -r-------- 1 root root 3147 Apr  2 18:41 /etc/shadow
inode_mod_time: -r-------- 1 root root 3147 Apr  2 20:07 /etc/shadow
file_mod_time: -r-------- 1 root root 3147 Apr  2 18:41 /etc/shadow

file_access_time: 4 -rw-r--r-- 1 root root 1484 Apr  2 20:06 /etc/mtab
inode_mod_time: -rw-r--r-- 1 root root 1484 Apr  2 20:07 /etc/mtab
file_mod_time: -rw-r--r-- 1 root root 1484 Apr  2 20:06 /etc/mtab

Doing the same using “stat” command:
[root@host etc]# find `pwd` -type f -printf '%T@ %pn' | sort -n | tail -5 | cut -f2- -d" " | while read line ; do stat "${line}"; done                                        File: `/etc/passwd-'
  Size: 4041            Blocks: 16         IO Block: 4096   regular file
Device: fd00h/64768d    Inode: 688472      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2014-04-01 12:58:14.000000000 -0400
Modify: 2014-04-01 12:02:48.000000000 -0400
Change: 2014-04-01 20:11:22.000000000 -0400
  File: `/etc/passwd'
  Size: 4104            Blocks: 16         IO Block: 4096   regular file
Device: fd00h/64768d    Inode: 819216      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2014-04-03 02:54:51.000000000 -0400
Modify: 2014-04-01 12:58:14.000000000 -0400
Change: 2014-04-01 20:11:22.000000000 -0400
  File: `/etc/shadow-'
  Size: 3147            Blocks: 16         IO Block: 4096   regular file
Device: fd00h/64768d    Inode: 689470      Links: 1
Access: (0400/-r--------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2014-04-01 13:17:09.000000000 -0400
Modify: 2014-04-01 12:58:14.000000000 -0400
Change: 2014-04-01 20:11:22.000000000 -0400
  File: `/etc/shadow'
  Size: 3147            Blocks: 8          IO Block: 4096   regular file
Device: fd00h/64768d    Inode: 819209      Links: 1
Access: (0400/-r--------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2014-04-03 02:51:01.000000000 -0400
Modify: 2014-04-02 18:41:39.000000000 -0400
Change: 2014-04-02 20:07:58.000000000 -0400
  File: `/etc/mtab'
  Size: 1484            Blocks: 8          IO Block: 4096   regular file
Device: fd00h/64768d    Inode: 819210      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2014-04-03 02:54:41.000000000 -0400
Modify: 2014-04-02 20:06:49.000000000 -0400
Change: 2014-04-02 20:07:58.000000000 -0400

 

Print Friendly, PDF & Email

Leave a Reply