Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Thank you! The files I am looking for (testing purposes) are not showing, but I am getting a good list (which is all that is needed for my usual purpose).
My new question is: How do I get just the last day? I changed the comment to find -mtime -5 -mtime +0 but it still is not showing my test file. Is it possible to get recent results?
-mtime -1 by itself should do the trick. You need to bear in mind that it
will always compare against the current timestamp, and go back 24 hours.
If that's not the granularity you're after have a look into mmin instead,
which will look at the passed minutes.
You're most welcome. And you're right - a deleted file doesn't have any allocated
inodes, and hence doesn't have time-stamps. In other words: with plain OS means
you can't find out whether a file has been deleted.
For that kind of thing you could use programs like AIDE or tripwire, which watch
for changes based on a schedule (e.g. every 30 minutes). You could use samhain
which allows for real-time monitoring (I think it does - been a while that I last
looked into it because it was quite heavy on CPU) or build your own based on e.g.
the dazuko library.
If that's more than you asked for, and you're not really after intrusion detection,
you could use a simple cron-job to take a directory listing every minute, compare
it against the previous run and notify you of changes. The greatest short-coming
of this would be the 1-minute granularity. In other words if something got created
and deleted within the 1-minute time-frame you'd never know about it.