How to find recently modified files on your website server linux

Sometimes, your website is down because somebody changed some files. But you don’t know those files. They are not available to let you know the files that they changed. Or your server is hacked by some hacker and they changed those files.
In this case, you can find recently modified files by using the command line:

find /etc -type f -printf '%TY-%Tm-%Td %TT %p\n' | sort -r

It will shows the files like this

2016-12-01 07:35:58.4517621170 /etc/passwd
2016-12-01 07:35:49.0478855030 /etc/shadow
2016-12-01 07:35:35.6120617910 /etc/subgid
2016-12-01 07:35:35.6080618430 /etc/subuid
2016-12-01 07:35:35.5800622100 /etc/gshadow
2016-12-01 07:35:35.5600624730 /etc/group
2016-12-01 07:35:35.0000000000 /etc/passwd-

you also search for files in folder /public_html and all its sub folder, that have been modified in the last 60 minutes by using the command line:

find /public_html -type f -mmin -60

you also search for files in folder /public_html and all its sub folder, that have been modified in the last 2 days by using the command line:

find /public_html -type f -mtime -2

you also search for files in folder /public_html and all its sub folder, that have been modified in the last 5 days but not in the last 3 days by using the command line:

find /public_html -type f -mtime -5 ! -mtime -3

You also use “-exec” option as follow to see details those files:

find /public_html -type f -mtime -2 -exec ls -al {} \;

Add Comment

Required fields are marked *. Your email address will not be published.