Question

How can I find all of the files that have been modified in the past 24 hours?

Posted September 20, 2019 449 views
Linux BasicsLinux Commands

Hello,

I think that my website has been compromised and I want to find out if there were any files modified in the past 24 hours or so. Is there an easy way to do that?

Thanks!

1 comment
  • I would suggest you to take regular backups of your code to another server and compare the changes in the contents of all files at every backup iteration.

    Hacker might have changed the modification time with the following command and you will not see it by just looking at the modification time..

    touch -d "4 days ago" filename
    

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hello,

Yes, you can use the find command with the -mtime argument. Here’s an example:

find /var/www/html/ -mtime -1 -type f -print

What you could do is also put this in a small script and run it as a cronjob. That way you would be alerted in case that some of the files of your site have been modified and you would be able to take action on time.

Regards,
Bobby

Submit an Answer