Finding recently Modified/Created files in root file system

Technical issues/questions of an intermediate or advanced nature.
Testuser
Samurai
Samurai
Posts: 137
Joined: 26 May 2021, 15:11
Distribution: Porteus-v5.0-64-LXDE

Finding recently Modified/Created files in root file system

Post#1 by Testuser » 07 Dec 2021, 19:21

Hi Team,

Does anyone have a better version of recent file changes script.

Currently, I am using the below script and assume it missed some files. :(

Thanks in advance. :)

#!/bin/bash
#find /`path of folder`/ -iname "*" -mmin -5 -size +100M
# -mmin - minutes, -mtime - days
#"+" changes happened more than 5 minutes ago
#"-" changes happened less than 5 minutes
# -size +100M - shows file size more than 100 Mb

#find /mnt/live/memory/changes -iname "*" -mmin -5 (5 minutes)
#find /mnt/live/memory/changes -iname "*" -mmin -5 -o -iname "*" -cmin -5 --- (I assume this command will find modified and created files)


DIR="$(cd "$(dirname "$0")" && pwd)"

if [ `whoami` != "root" ]; then
echo "Enter sudo pass"
sudo su - -c "$DIR/Find-Changed-Files.sh"
exit
fi

echo
echo -e "Please enter time in Minutes to see Changes happened till that Time" | fmt -w 80
echo
read -e min

echo "Running find /mnt/live/memory/changes - Modified and Created, Sorted in Modification time"
time find /mnt/live/memory/changes -iname "*" -mmin -$min -printf '%Td-%Tm-%TY %.8TT %p\n' -o -iname "*" -cmin -$min -printf '%Td-%Tm-%TY %.8TT %p\n' | sort -n

echo

Find-Changed-Files.sh

User avatar
Ed_P
Contributor
Contributor
Posts: 8341
Joined: 06 Feb 2013, 22:12
Distribution: Cinnamon 5.01 ISO
Location: Western NY, USA

Finding recently Modified/Created files in root file system

Post#2 by Ed_P » 07 Dec 2021, 20:54

This is what I use.

changes.sh

Code: Select all

#!/bin/sh
# https://forum.porteus.org/viewtopic.php?f=81&t=3776#p27204

#if [ `whoami` != "root" ]; then
##    echo -e "Enter root's password"
##    su -c "sh $0 $1"
#    echo guest | sudo -S sh $0 $1
#    exit
#fi

PSWD=toor    # password for root access
  
X=1          # default search time in minutes
if [ ! "$1" == "" ]; then
   X=$1
fi  

echo " mmin = "$X

echo $PSWD | sudo -S  echo "******" 
if [ "$2" == "" ]; then
   sudo -S find /mnt/live/memory/changes  -iname "*" -mmin -$X
else
#  https://forum.porteus.org/viewtopic.php?p=86214#p86214 
   sudo -S find /mnt/live/memory/changes  -not -path "*/.cache/*" -iname "*" -mmin -$X  
fi

read
exit
This is a good link also. Find Files in -specific- folders...
Last edited by Ed_P on 20 Dec 2021, 06:07, edited 1 time in total.
Ed

Testuser
Samurai
Samurai
Posts: 137
Joined: 26 May 2021, 15:11
Distribution: Porteus-v5.0-64-LXDE

Finding recently Modified/Created files in root file system

Post#3 by Testuser » 08 Dec 2021, 17:45

Hi Ed_P,

Thanks much for the info. :) :)

User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Finding recently Modified/Created files in root file system

Post#4 by Rava » 12 Dec 2021, 15:50

I use a one-liner. The initial "find ." part means you have to be in the folder that should be searched.
You can replace "." with a folder name of your choice, e.g. "find / " or "find /guest/users/ "
When searching folders only root can access e.g. /root/ you have to execute the one-liner as root.

This version omits all hits that are only the current folder "." or the folder ".." or any file name or folder name containing "cache".

Code: Select all

find . -mtime 0 2>/dev/null | xargs ls -oad --color=auto --time-style=long-iso 2>&1 |grep -vE "cache| .$| ..$"|grep "2021-12-12 08:00"
"2021-12-12 08:00" means the change had to be exactly at that time and date to be reported.

You can use "2021-12-12 08:0" to mean 08:00 - 08:09

You can also use e.g. at the end some regex (replacing the grep "2021-12-12 08:00" part of the above example) like so:

Code: Select all

grep -E "2021-12-12 07:5[89]|2021-12-12 08:0[0-3]"
meaning:
changed date: all 2021-12-12
changed time: 07:58
07:59
08:00
08:01
08:02
08:03

etcetera.

Knowing a bit about regex helps with the flexibility of that one-liner.
Cheers!
Yours Rava

Testuser
Samurai
Samurai
Posts: 137
Joined: 26 May 2021, 15:11
Distribution: Porteus-v5.0-64-LXDE

Finding recently Modified/Created files in root file system

Post#5 by Testuser » 16 Dec 2021, 17:42

Hi Rava,

Thanks much for that one liner. But again we need to provide the date and time here everytime, right?

The script I am using will show when we put just the minutes 1, 2 evey time to show latest changes in minutes.

The flaw in that is it sometimes shows old date files as well.

That is enough, just digging to improve it better.

That all.

Thanks guys again for the all support.

beny
Full of knowledge
Full of knowledge
Posts: 2086
Joined: 02 Jan 2011, 11:33
Location: italy

Finding recently Modified/Created files in root file system

Post#6 by beny » 16 Dec 2021, 18:52

hi Testuser if you like not a console use, you can try catfish that have a section to search modified files:today.week and so on,well maybe too simple but for me work.

User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Finding recently Modified/Created files in root file system

Post#7 by Rava » 17 Dec 2021, 06:25

Testuser wrote:
16 Dec 2021, 17:42
Thanks much for that one liner. But again we need to provide the date and time here everytime, right?
Since it is a simple one liner, that is needed.
When you expand it into a script, you can make it so that it inserts the date by itself - try

Code: Select all

echo $(date +%d.%m.%Y\ %H:%M)
to see what can be done automatically.
You can also do calculations, but better convert the current time into Unix time (seconds since 1.1.1970) or else you get errors, like subtracting 2 minutes from a minute value of ":01" would result in ":-1" and that would create errors along the way.

By using the seconds since 1.1.1970 you can do calculations all you want (subtract 60 = minus one minute, subtract 120 = minus 2 minutes etcetera) and then re-convert the number back to date/time format.
The issue: the usual simple way way "time" calculates Unix Time into a human readyable date/time info is not very programming-friendly and may even change with the settings of your displayed time and day format.
In my case

Code: Select all

# show UNIX date:
date -d @1000000000
displays the example of "1000000000" as seconds since 1.1.1970 as:

Code: Select all

guest@porteus:~$ date -d @1000000000
Sun Sep  9 03:46:40 CEST 2001
instead of the much more programming-friendly

Code: Select all

2001-09-09 03:46:40
(as in: YYYY-MM-DD)

As you can see in the code of /opt/porteus-scripts/changes-time the one who coded that simply uses find -mmin to get the wanted minute(s) back from the current time (e.g. $time = 2 means 2 minutes from now including 1 minute from now and also now)

Code: Select all

file=`find $changes -mmin -$time ! -type d | egrep -v "$changes/dev|$changes/mnt|$changes/tmp"`
from man find:

Code: Select all

       -mmin n
              File's  data was last modified less than, more than or exactly n
              minutes ago.
… or at least that is how my less-than-fully-awake brain interprets "-n" in the used code.
Sadly, like the quote of the man page shows, it is not really explained what syntax to use to get either
less than n minutes
more than n minutes
exactly n minutes
:crazy:

I presume that means:
as example: 1 minute
less than 1 minute -1
more than 1 minute +1
exactly 1 minute 1

Someone who knows better please correct me if I am wrong on that!
Cheers!
Yours Rava

Testuser
Samurai
Samurai
Posts: 137
Joined: 26 May 2021, 15:11
Distribution: Porteus-v5.0-64-LXDE

Finding recently Modified/Created files in root file system

Post#8 by Testuser » 17 Dec 2021, 18:31

Hi Rava,

Thanks for the detailed explanation.

Really appreciate it.

"/opt/porteus-scripts/changes-time" this one was what I really needed.

Thanks for letting me know.

:) :)

User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Finding recently Modified/Created files in root file system

Post#9 by Rava » 18 Dec 2021, 07:05

Testuser wrote:
17 Dec 2021, 18:31
"/opt/porteus-scripts/changes-time" this one was what I really needed.
That should be easily executed from any XTerm by just typing

Code: Select all

changes-time
since there should be a symlink to /opt/porteus-scripts/changes-time in /usr/bin/ - in my case it looks like so:

Code: Select all

root@porteus:/mnt/live/memory/images# find .|grep changes-time
./001-core.xzm/opt/porteus-scripts/changes-time
./001-core.xzm/usr/bin/changes-time
root@porteus:/mnt/live/memory/images# ls -l ./001-core.xzm/usr/bin/changes-time
lrwxrwxrwx 1 root root 33 May 20  2020 ./001-core.xzm/usr/bin/changes-time -> /opt/porteus-scripts/changes-time
:)
Cheers!
Yours Rava

Rapha_
Shogun
Shogun
Posts: 238
Joined: 12 Jun 2021, 21:59
Distribution: Xfce 4.12 - 5.rc3 - x86_64
Location: France

Finding recently Modified/Created files in root file system

Post#10 by Rapha_ » 19 Dec 2021, 18:36

> This command allows me to display the latest files in guest (/home/guest/) as guest.

- excluding the cache folder
- sorting from oldest to newest

Code: Select all

guest@porteus:~$ find . -not -path './.cache*' -type f  -printf '%TY-%Tm-%Td %TT %p\n' |sort


> last changes as root :

- at /mnt/live/memory/changes/
- excluding the cache folders
- sorting from oldest to newest
- in less than 30 minutes

Code: Select all

root@porteus:/home/guest# find /mnt/live/memory/changes -mmin -30 -type f -printf '%TY-%Tm-%Td %TT %p\n' | sort |egrep -v '/.cache'

User avatar
Ed_P
Contributor
Contributor
Posts: 8341
Joined: 06 Feb 2013, 22:12
Distribution: Cinnamon 5.01 ISO
Location: Western NY, USA

Finding recently Modified/Created files in root file system

Post#11 by Ed_P » 20 Dec 2021, 06:03

Rapha_ wrote:
19 Dec 2021, 18:36
- excluding the cache folder
:o I like this idea Rapha_. :happy62: :good:

In my changes.sh script I changed my

Code: Select all

sudo -S find /mnt/live/memory/changes  -iname "*" -mmin -$X
line to be

Code: Select all

sudo -S find /mnt/live/memory/changes  -not -path "*/.cache/*"  -iname "*" -mmin -$X
Makes debugging Firefox upgade changes a whole lot easier to read. :beer:
Ed

Rapha_
Shogun
Shogun
Posts: 238
Joined: 12 Jun 2021, 21:59
Distribution: Xfce 4.12 - 5.rc3 - x86_64
Location: France

Finding recently Modified/Created files in root file system

Post#12 by Rapha_ » 14 Nov 2023, 01:59

^

I created a 'recent' alias in the .bashrc file placed in '/rootcopy/home/guest/' :

Code: Select all

alias recent="find . -not -path './.cache*' -type f -mmin -120 -printf '%Td-%Tm-%TY      %.8TT   %p\n' |sort |egrep -v mozilla "
And after, all I have just to do is to type recent to get the latest files created (or modified) in /home/guest

it works great !
:celebrate14:


An alternative could be :

Code: Select all

alias changes="sudo find /mnt/live/memory/changes -mmin -60 -type f -printf '%TY-%Tm-%Td     %.8TT  %p\n' | sort |egrep -v '/.cache|mozilla' "



PS :
recent="...." work
recent='....' not work in this case

User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Finding recently Modified/Created files in root file system

Post#13 by Rava » 14 Nov 2023, 04:33

Rapha_ wrote:
14 Nov 2023, 01:59
^

I created a 'recent' alias in the .bashrc file placed in '/rootcopy/home/guest/' :

Code: Select all

alias recent="find . -not -path './.cache*' -type f -mmin -120 -printf '%Td-%Tm-%TY      %.8TT   %p\n' |sort |egrep -v mozilla "
And after, all I have just to do is to type recent to get the latest files created (or modified) in /home/guest

it works great !
Not for me, since you not search in folder ~/ but in folder . which is always the current directory aka what $PWD shows you, and guest as most users can move around in the file system as he pleases.

Example: (used as one-liner)

Code: Select all

guest@rava:/mnt/sda8/tmp$ find . -not -path './.cache*' -type f -mmin -120 -printf '%Td-%Tm-%TY      %.8TT   %p\n' |sort |egrep -v mozilla 
guest@rava:/mnt/sda8/tmp$ 
No hits… since there is nothing changed in that time span in /mnt/sda8/tmp
Fixed the one-liner, exchanged path "." with "~/" … this gives me tons of entries from /home/guest/.cache/moonchild productions/pale moon/

Seems at least for me the

Code: Select all

 -not -path './.cache*'
is not working?

My fix is this one-liner:

Code: Select all

find ~ -type f -mmin -120 -printf '%TY-%Tm-%Td %.8TT %p\n' |sort |egrep -v "[Cc]ache"
since I don't have a browser called mozilla.

But it could be you prefer the initial search folder be "." after all: then you can move into whatever folder you desire and it is up to you to move wherever you want to perform the test. A simple

Code: Select all

cd
gets you to your home folder, after all, and a simple

Code: Select all

cd -
gets you back to the last folder you have been in prior the very last "cd".

When I want to exclude my palemoon and add exclusion for firefox and chrom[ei] based browsers I use this:

Code: Select all

find ~ -type f -mmin -120 -printf '%TY-%Tm-%Td %.8TT %p\n' |sort |egrep -v "[Cc]ache|mozilla|pale moon|basilisk|chrom[ei]"
For now not tested in a browser that uses a setup folder containing "mozilla" or "chrom[ei]" but it should work. (Only tested for basilisk and pale moon)

Thanks for the pointers Rapha_ .

Added in 10 minutes 40 seconds:
And here is another variant: it uses a the very end a search pattern to be even more flexible:

Code: Select all

find ~ -type f -printf '%TY-%Tm-%Td %.8TT %p\n' |sort |egrep -v "[Cc]ache|mozilla|pale moon|basilisk|chrom[ei]"|grep "2023-11-14 05:0"
Cave! In this case you have to manually adjust the very last part to suit your needs, meaning put in the correct date and the correct time span, but you can use regex like so:
|grep "2023-11-14 05:0" -> no regex
|grep "2023-11-14 05:[01]" -> regex, meaning 05:0* and 05:1* times are displayed, but nothing like 05:2* 05:3* 05:4* or 05:5*.

And of course Rapha_'s alias and my one-liner can be adjusted. The "-mmin -120" means from the present up to 120 minutes into the past; you can change that into double the time span: "-mmin -240" or half the time span "-mmin -60" or whatever time span floats your boat.
Cheers!
Yours Rava

Rapha_
Shogun
Shogun
Posts: 238
Joined: 12 Jun 2021, 21:59
Distribution: Xfce 4.12 - 5.rc3 - x86_64
Location: France

Finding recently Modified/Created files in root file system

Post#14 by Rapha_ » 14 Nov 2023, 18:34

Rapha_ wrote:
14 Nov 2023, 01:59

Code: Select all

alias recent="find . -not -path './.cache*' -type f -mmin -120 -printf '%Td-%Tm-%TY      %.8TT   %p\n' |sort |egrep -v mozilla "
An error, |%Td-%Tm-%TY |-----should be ----------------> '%TY-%Tm-%Td

To sort correctly, we need to put the date in the right order: Year > Month > Day !


Rava wrote:
14 Nov 2023, 04:44
And here is another variant: it uses a the very end a search pattern to be even more flexible:


Code: Select all

find ~ -type f -printf '%TY-%Tm-%Td %.8TT %p\n' |sort |egrep -v "[Cc]ache|mozilla|pale moon|basilisk|chrom[ei]"|grep "2023-11-14 05:0"
This one is not flexible enough to be in my alias :D



On the other hand, I can sort very well later from my alias changes, like this:

Code: Select all

changes |grep var
or

Code: Select all

changes |grep guest

Rapha_
Shogun
Shogun
Posts: 238
Joined: 12 Jun 2021, 21:59
Distribution: Xfce 4.12 - 5.rc3 - x86_64
Location: France

Finding recently Modified/Created files in root file system

Post#15 by Rapha_ » 15 Nov 2023, 01:08

Rava wrote:
14 Nov 2023, 04:44
Seems at least for me the

Code: Select all

 -not -path './.cache*'
is not working?
indeed
it only works if you are on
guest@porteus:~$ (where there is a ".cache" subfolder)
and do :

Code: Select all

find . -not -path './.cache*' [...]
but not

Code: Select all

find ~ -not -path './.cache*' [...]

This one work and is is more flexible :

Code: Select all

find ~  -not -path '*/.cache*' [...] 

Post Reply