1、查找/var目录下属主为root,且属组为mail的所有文件 [root@wzc ~]# find /var/ -user root -a -group mail /var/spool/mail /var/spool/mail/root
2、查找/var目录下不属于root、lp、gdm的所有文件 [root@wzc ~]# find /var -not \( -user root -o -user lp -o -user gdm \) /var/lib/unbound /var/lib/unbound/root.key /var/lib/tpm /var/lib/colord /var/lib/colord/icc /var/lib/colord/mapping.db /var/lib/colord/storage.db /var/lib/geoclue /var/lib/rpcbind ...........
3、查找/var目录下最近一周内其内容修改过,同时属主不为root,也不是postfix的文件 [root@wzc ~]# find /var -mtime -7 -a -not \( -user root -o -user postfix \) /var/spool/mail/bash /var/spool/mail/testbash /var/spool/mail/basher /var/spool/mail/nologin
4、查找当前系统上没有属主或属组,且最近一个周内曾被访问过的文件 [root@wzc ~]# find / \( -nouser -o -nogroup \) -a -atime -7 find: ‘/proc/83796/task/83796/fd/6’: No such file or directory find: ‘/proc/83796/task/83796/fdinfo/6’: No such file or directory find: ‘/proc/83796/fd/6’: No such file or directory find: ‘/proc/83796/fdinfo/6’: No such file or directory
5、查找/etc目录下大于1M且类型为普通文件的所有文件 [root@wzc ~]# find /etc -size +1M -type f /etc/selinux/targeted/policy/policy.29 /etc/udev/hwdb.bin /etc/brltty/zh-tw.ctb
6、查找/etc目录下所有用户都没有写权限的文件 [root@wzc ~]# find /etc/ -not -perm /222 /etc/pki/ca-trust/extracted/java/cacerts /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem /etc/openldap/certs/password /etc/lvm/profile/cache-mq.profile ..........................
7、查找/etc目录下至少有一类用户没有执行权限的文件 [root@wzc ~]# find /etc/ -not -perm -222 /etc/sudoers.d /etc/enscript.cfg /etc/trusted-key.key /etc/pinforc /etc/wgetrc /etc/nanorc /etc/pbm2ppa.conf /etc/pnm2ppa.conf /etc/vconsole.conf /etc/locale.conf /etc/hostname /etc/.updated /etc/aliases.db ....................
8、查找/etc/init.d目录下,所有用户都有执行权限,且其它用户有写权限的文件 [root@wzc ~]# find /etc/init.d/ -perm -113 [root@wzc ~]#
原创文章,作者:RecallWzc,如若转载,请注明出处:http://www.178linux.com/35695
