Find the last modified files on your server

cmd terminal
cmd terminal

Do you want to know if any files on your server have been modified by a hacker? Do you want to see what has been changed on a system after abnormal behavior? Or do you want to check if you are the victim of a hack?

In this tutorial, I will show you how a simple linux command can help you actively monitor access to your files and folders on your server.

The trick is to list all the modified files in a specific directory over the last 2 days using the Linux find command with some arguments.

The find command is always useful for checking, for example, what has been changed on your linux system before abnormal behavior, or if your website is hacked.

So, if you want to display the files modified in the last 48 hours, go to the directory that interests you, and type the command:

find / directory -type f -mtime -2 -print | more
Since number 2 is the number of days, you replace it with whatever you want.

The problem with this command is that you have to check directory by directory. That's why, it is better to search all the server with the following command:

find / -not -path '/sys*' -not -path '/dev*' -not -path '/proc*' -mmin -30

Here, we exclude the / sys / proc and / dev directories then we indicate that we want only the files modified in the last 30 minutes.