How to find files within daterange in Ubuntu
Wednesday, December 21st, 2011
I got a virus that hit all php files on one of my servers and had to find all the files that got affected withing the date of the attack. There are a few methods that you can use:
1) To find the files modified within the last day, type:
find /directory_path -mtime -1 -print
where -1 is 24 hours, -2 – 48, and so on.
2) To find the files within modified date range is trickier. You have to create 2 files with start and end dates like listed below, just replace 20111110 and 20111120 with needed dates.
touch -t 201111101059 /tmp/file1 touch -t 201111201200 /tmp/file2 find . -newer /tmp/file1 -a ! -newer /tmp/file2
That’s it.