list all files are greater than 10mb

lent from: http://www.tippscout.de/linux-grosze-dateien-finden_tipp_1653.html

Find all .gz files and recompress them to bz2 on the fly. No temp files.

edit: forgot the double quotes! jeez!

This solution is similar to [1] except that it does not have any dependency on GNU Parallel. Also, it tries to minimize the impact on the running system (using ionice and nice).

[1] http://www.commandlinefu.com/commands/view/7009/recompress-all-.gz-files-in-current-directory-using-bzip2-running-1-job-per-cpu-core-in-parallel

The number on the far right is ratio of comments to code, expressed as a percentage. For the rest of the Yardstick documentation see https://github.com/calmh/yardstick/blob/master/README.md#reported-metrics

I have found that base64 encoded webshells and the like contain lots of data but hardly any newlines due to the formatting of their payloads. Checking the "width" will not catch everything, but then again, this is a fuzzy problem that relies on broad generalizations and heuristics that are never going to be perfect.

What I have done is set an arbitrary threshold (200 for example) and compare the values that are produced by this script, only displaying those above the threshold. One webshell I tested this on scored 5000+ so I know it works for at least one piece of malware.

Searched strings:

passthru, shell_exec, system, phpinfo, base64_decode, chmod, mkdir, fopen, fclose, readfile

Since some of the strings may occur in normal text or legitimately you will need to adjust the command or the entire regex to suit your needs.

Uses find, plutil and xpath.

Note: Some applications don't have proper information. system_profiler might be better to use.

It's a bit slow query.

Due to command length limit, I removed -name "*.app" and CFBundleName.

xargs is a more elegant approach to executing a command on find results then -exec as -exec is meant as a filtering flag.

Finds files modified today since 00:00, removes ugly dotslash characters in front of every filename, and sorts them.

*EDITED* with the advices coming from flatcap (thanks!)

This command is more robust because it handles spaces, newlines and control characters in filenames. It uses printf, not ls, to determine file size.

Find top 5 big files

Get the longest match of file extension (Ex. For 'foo.tar.gz', you get '.tar.gz' instead of '.gz')

If you have GNU findutils, you can get only the file name with

instead of

make a bunch of files with the same permissions, owner, group, and content as a template file

(handy if you have much to do w. .php, .html files or alike)

While `echo rm * | batch` might seem to work, it might still raise the load of the system since `rm` will be _started_ when the load is low, but run for a long time. My proposed command executes a new `rm` execution once every minute when the load is small.

Obviously, load could also be lower using `ionice`, but I still think this is a useful example for sequential batch jobs.

su www-apache/ftp user and then

check readable: find ~/ -type d \( -wholename '/dev/*' -o -wholename '/sys/*' -o -wholename '/proc/*' \) -prune -o -exec test -r {} \; -exec echo {} readable \; 2>/dev/null

check writable: find ~/ -type d \( -wholename '/dev/*' -o -wholename '/sys/*' -o -wholename '/proc/*' \) -prune -o -exec test -w {} \; -exec echo {} writable \; 2>/dev/null

the advantage to doing it this way is that you can adjust the max depth to get more recursive results and run it on non GNU systems. It also won't print trailing slashes, which can easily be removed, but can be slightly annoying..

You could run:

# for file in `find * -maxdepth 0 -type d`;do ls -d $file;done

and in the ls -d part of the command you can put in whatever parameters you want to get things like permissions, time stamps, and ownership.

This command is useful to recursively make executable all "*.sh" files in a folder.

This command is useful to apply chmod recursively in a determined kind of file.

Avoids the nested 'find' commands but doesn't seem to run any faster than syssyphus's solution.