Get all files modified in last 30 days in a directory

Buttle Butkus picture Buttle Butkus · Apr 14, 2014 · Viewed 159.2k times · Source

CentOS. Need to find files modified in last 30 days to see if any of them have been infected with malware.

I tried this:

root@server [/home/someuser/public_html/]# find . -mtime +30
 -exec ls -l {} > last30days.txt \;

But instead of the last 30 days, it seems to have found everything. 22,000 files.

Answer

Reinstate Monica Please picture Reinstate Monica Please · Apr 14, 2014

A couple of issues

  • You're not limiting it to files, so when it finds a matching directory it will list every file within it.
  • You can't use > in -exec without something like bash -c '... > ...'. Though the > will overwrite the file, so you want to redirect the entire find anyway rather than each -exec.
  • +30 is older than 30 days, -30 would be modified in last 30 days.
  • -exec really isn't needed, you could list everything with various -printf options.

Something like below should work

find . -type f -mtime -30 -exec ls -l {} \; > last30days.txt

Example with -printf

find . -type f -mtime -30 -printf "%M %u %g %TR %TD %p\n" > last30days.txt

This will list files in format "permissions owner group time date filename". -printf is generally preferable to -exec in cases where you don't have to do anything complicated. This is because it will run faster as a result of not having to execute subshells for each -exec. Depending on the version of find, you may also be able to use -ls, which has a similar format to above.