How to find files within daterange in Ubuntu

Recommended Ubuntu book

I got a virus that hit all php files on one of my servers and had to find all the files that got affected withing the date of the attack. There are a few methods that you can use:

1) To find the files modified within the last day, type:

find /directory_path -mtime -1 -print

where -1 is 24 hours, -2 – 48, and so on.

2) To find the files within modified date range is trickier. You have to create 2 files with start and end dates like listed below, just replace 20111110 and 20111120 with needed dates.

touch -t 201111101059 /tmp/file1
touch -t 201111201200 /tmp/file2
find . -newer /tmp/file1 -a ! -newer /tmp/file2

That’s it.


Comments are closed.