Question

How can I find all of the files that have been modified in the past 24 hours?

Posted September 20, 2019 214 views
Linux Basics Linux Commands

Hello,

I think that my website has been compromised and I want to find out if there were any files modified in the past 24 hours or so. Is there an easy way to do that?

Thanks!

Add a comment
devdojo
By:
devdojo
Add a comment
1 comment
  • tykkz September 20, 2019
    Reply Report

    I would suggest you to take regular backups of your code to another server and compare the changes in the contents of all files at every backup iteration.

    Hacker might have changed the modification time with the following command and you will not see it by just looking at the modification time..

    touch -d "4 days ago" filename

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer
bobbyiliev September 20, 2019

Hello,

Yes, you can use the find command with the -mtime argument. Here’s an example:

find /var/www/html/ -mtime -1 -type f -print

What you could do is also put this in a small script and run it as a cronjob. That way you would be alerted in case that some of the files of your site have been modified and you would be able to take action on time.

Regards,
Bobby

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help