Unix
last 2 days or newer than file
find /bin /boot /etc /home /li* /m[en]* /opt /root /s[bnr]* /usr /var /tmp -daystart -mtime -2
find /bin /boot /etc /home /li* /m[en]* /opt /root /s[bnr]* /usr /var -cnewer /etc/mailcap
find /bin /boot /etc /home /li* /m[en]* /opt /root /s[bnr]* /usr /var -anewer /etc/shadow
execute permission or setuid or/and setgid
find /bin /boot /etc /home /li* /m[en]* /opt /root /s[bnr]* /usr /var /tmp -perm -u+x -type f
find /bin /boot /etc /home /li* /m[en]* /opt /root /s[bnr]* /usr /var /tmp -perm -4000 -o -perm -2000
find /bin /boot /etc /home /li* /m[en]* /opt /root /s[bnr]* /usr /var /tmp -perm -6000
last 7 days and execute permission
find /bin /boot /etc /home /li* /m[en]* /opt /root /s[bnr]* /usr /var /tmp -daystart -mtime -7 -perm -u+x -type f
find / -daystart -mtime -7 -perm -u+x -type f
Windows Powershell
last 7 days recursive
Get-ChildItem -Path c:\*.* -Recurse| ? {$_.LastWriteTime -gt (Get-Date<).AddDays(-7)}
last 7 days recursive and filter on extension (.exe, .dll, .bat)
Get-ChildItem -Path c:\*.* -Filter *.exe -Recurse|? {$_.LastWriteTime -gt (Get-Date<).AddDays(-7)}
Get-ChildItem -Path c:\*.* -Filter *.dll -Recurse|? {$_.LastWriteTime -gt (Get-Date<).AddDays(-7)}
Get-ChildItem -Path c:\*.* -Filter *.bat -Recurse|? {$_.LastWriteTime -gt (Get-Date<).AddDays(-7)}

Keine Kommentare:
Kommentar veröffentlichen