How to Display Files Modified Today

Monitoring the security and stability of a Linux server can become a full time job, so a smart system administrator will welcome any task that can simplify the process. We have covered a few different methods of searching that can take the pain out of trying to find things. All of these commands: locate, slocate, grep, and find have their place and are very useful for troubleshooting and general searching.

One method you can use find is to search for any files that have been modified within the current day. Why would you want to do this? There are numerous possibilities, but one is that you might have a security hole, and finding out which files have been altered may lead you to the source. Another reason could be that you want to troubleshoot a server problem, and finding the log files that have been modified might narrow down the search for the error.

At any rate, the command is quick and simple. Log in as root and type the following from the command line:

find -maxdepth 1 -type f -mtime -1

The command output will look like:

./syslog
./lastlog
./user.log
./auth.log
./daemon.log
./mail.info
./syslog.1

If you want to find directories instead of files, change the “f” flag to “d”:

find -maxdepth 1 -type d -mtime -1

If the output is long, you can always save it to a file for download or later viewing:

find -maxdepth 1 -type f -mtime -1 > last-modified-files.txt

When you are finished, logout and exit.











Comments: