List files above a given threshold

find . -type f -size +25000k -exec ls -lh {} \; | awk '{ print $8 ": " $5 }'
List files above a given size threshold.
Sample Output
./tapestry/tapestry-project-4.1.5-full.zip: 46M
./tapestry/tapestry-bin-5.1.0.1.zip: 29M
./tapestry/tapestry-bin-5.1.0.2.tar.bz2: 29M
./tapestry/tapestry-bin-5.1.0.0.zip: 29M
./tapestry/tapestry-project-4.1.3-full.tar.bz2: 27M
./tapestry/tapestry-bin-5.1.0.0.tar.gz: 29M

5
By: benajnim
2009-04-02 15:01:17

These Might Interest You

  • Good for one off jobs that you want to run at a quiet time. The default threshold is a load average of 0.8 but this can be set using atrun. Show Sample Output


    41
    echo "rm -rf /unwanted-but-large/folder" | batch
    root · 2009-02-04 19:07:52 3
  • I have found that base64 encoded webshells and the like contain lots of data but hardly any newlines due to the formatting of their payloads. Checking the "width" will not catch everything, but then again, this is a fuzzy problem that relies on broad generalizations and heuristics that are never going to be perfect. What I have done is set an arbitrary threshold (200 for example) and compare the values that are produced by this script, only displaying those above the threshold. One webshell I tested this on scored 5000+ so I know it works for at least one piece of malware.


    0
    for ii in $(find /path/to/docroot -type f -name \*.php); do echo $ii; wc -lc $ii | awk '{ nr=$2/($1 + 1); printf("%d\n",nr); }'; done
    faceinthecrowd · 2013-04-05 19:06:17 0
  • I find it very handy to be able to quickly see the most recently modified/created files in a directory. Note that the "q" option will reveal any files with non-printable characters in their filename. Show Sample Output


    7
    ls -qaltr # list directory in chronological order, most recent files at end of list
    mpb · 2013-02-25 14:14:44 1
  • A quick find command to identify all TAR files in a given path, extract a list of files contained within the tar, then search for a given string in the filelist. Returns to the user as a list of TAR files found (enclosed in []) followed by any matching files that exist in that archive. TAR can easily be swapped for JAR if required. Show Sample Output


    1
    find . -type f -name "*.tar" -printf [%f]\\n -exec tar -tf {} \; | grep -iE "[\[]|<filename>"
    andrewtayloruk · 2011-01-06 13:01:38 0

What Others Think

Or you could do this... find . -type f -size +25000k -exec ls -1sh {} \; And skip using awk all together.
TheMightyBuzzard · 477 weeks and 2 days ago
I prefer find . -type f -size +25000k -exec ls -lh {} \; | awk '{ print $NF ": " $5 }'
rauhmaru · 477 weeks and 1 day ago
for OS X sudo du -x -h -d 1 /
benajnim · 477 weeks and 1 day ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: