Find the last modified files on your server

Posted by FunInformatique 2 minutes of reading
cmd terminal
cmd terminal

Do you want to know if any files on your server have been modified by a hacker? Do you want to see what has been changed on a system after abnormal behavior? Or do you want to check if you are the victim of a hack?

In this tutorial, I will show you how a simple linux command can help you actively monitor access to your files and folders on your server.

The trick is to list all the modified files in a specific directory over the last 2 days using the Linux find command with some arguments.

The find command is always useful for checking, for example, what has been changed on your linux system before abnormal behavior, or if your website is hacked.

So, if you want to display the files modified in the last 48 hours, go to the directory that interests you, and type the command:

find / directory -type f -mtime -2 -print | more
Since number 2 is the number of days, you replace it with whatever you want.

The problem with this command is that you have to check directory by directory. That's why, it is better to search all the server with the following command:

find / -not -path '/sys*' -not -path '/dev*' -not -path '/proc*' -mmin -30

Here, we exclude the / sys / proc and / dev directories then we indicate that we want only the files modified in the last 30 minutes.

Those who liked this article also liked these:


  1. Top 10 Command Prompt (CMD) Commands You Need to Know
  2. How to configure Ticket Tool on your Discord server?
  3. Detect files modified by a hacker on your server
  4. My files are deleted, so how do I get them back?
  5. How to get started on Mastodon: the alternative to Twitter
  6. Where are my downloads on my phone?