000032835 - How to find particular files on Linux, Unix or POSIX operating systems when using RSA products

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Apr 16, 2020
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000032835
Applies ToRSA Product Set: All
O/S: Linux/Unix/POSIX
O/S Version: All
 
IssueSome files on the Linux/Unix/POSIX operating system can have dynamic locations or may have been moved from their expected locations. This can lead to an issue when following instructions which specify static file locations. Sometimes the file contents may be known but the file location or even the name of the file may be unknown. This RSA Knowledge Base Article provides tools for finding files on the Linux/Unix/POSIX operating system.
 
Tasks
  • Use the locate or find commands to locate the files.
  • Use the grep command to locate text files where something is known about the content of the file, but not the file name or location.
Resolution

The locate command (on RHEL)



  • The locate command is used to identify the directory path under which a particular file can be found. Options include control over the case sensitivity or the ability to specify regex matching.
  • This command relies on an internal database which saves location information about each file on the system. This database may not have been built at the time the locate command is used, or be out of date. In the case where the database does not exist, the locate command will either build the database at that time or provide a command which can be used to collect and build the database. In the case where the database is out of date, the updatedb command can be used to update the database. For more information regarding the locate database run man updatedb.
  • Note that changes to the file system since the last database update (updatedb) will not be reflected in locate results until the next database update.
  • You can be any user to use the locate command but the root user has the most access to the file system:

EXAMPLES:



# locate aveksaServer
/home/oracle/wildfly-8.2.0.Final/standalone/log/aveksaServer.log
/home/oracle/wildfly-8.2.0.Final/standalone/log/aveksaServerInfo.log
/home/oracle/wildfly-8.2.0.Final/standalone/tmp/vfs/temp/temp268d38ddf055c690/content-
ae3f673e6908c6fe/contents/aveksa.war/log/aveksaServer.log



# locate locate
/etc/cron.daily/mlocate.cron
/etc/postfix/relocated
/etc/selinux/targeted/modules/active/modules/slocate.pp
(...)


EXAMPLE using updatedb, and if it succeeds (&&), immediately followed by the locate command:



# updatedb && locate WorkPoint.log
/home/oracle/wildfly-8.2.0.Final/standalone/log/WorkPoint.log



The find command



  • The find command is a more traditional search.  The search parameters are specified and the file structure inspected to locate any matches to those criteria. There are a great many options available, including searches based on size or type of file, ownership information, and a large number of other options.
  • The most basic find usage is to search for a particular file name.

EXAMPLES:



# find /home/oracle -iname "aveksaServer*.log"
./wildfly-10.1.0.Final/standalone/log/aveksaServerInfo.log
./wildfly-10.1.0.Final/standalone/log/aveksaServer.log
./wildfly-10.1.0.Final/standalone/tmp/vfs/temp/tempe49cea2f99c3f858/content-
4e831bf4e475b92f/contents/aveksa.war/log/aveksaServer.log



# find / -name grep
/usr/share/doc/packages/grep
/usr/bin/grep
/bin/grep



# find /home/oracle/wildfly-10.1.0.Final/ -name "*.log"
/home/oracle/wildfly-10.1.0.Final/standalone/log/aveksaServerInfo.log
/home/oracle/wildfly-10.1.0.Final/standalone/log/server.log
/home/oracle/wildfly-10.1.0.Final/standalone/log/stdout.log
/home/oracle/wildfly-10.1.0.Final/standalone/log/restoreFiles.log
/home/oracle/wildfly-10.1.0.Final/standalone/log/WorkPoint.log
/home/oracle/wildfly-10.1.0.Final/standalone/log/reporting-user-synonyms.log
/home/oracle/wildfly-10.1.0.Final/standalone/log/aveksaServer.log
/home/oracle/wildfly-10.1.0.Final/standalone/log/wpqmonitor.log
(...)



The grep command



  • The grep command is intended to search text. At its most basic, it will search through text and print lines which match the pattern specified. When a file to search is specified, it will do so, supporting recursive searches of all files at a lower point in the directory hierarchy.
  • In the absence of a specified file, grep will attempt to read from standard input allowing it to be used with Linux/Unix pipes.

EXAMPLE:



# mkdir -p /tmp/to/test/grep/commands/
# echo "this is my grep text to search" >> /tmp/to/test/grep/commands/test1
# echo "this is my OTHER grep text to search" >> /tmp/to/test/grep/commands/test2
# ll /tmp/to/test/grep/commands/
total 12
-rw-r--r-- 1 root root 31 Mar 28 19:28 test1
-rw-r--r-- 1 root root 37 Mar 28 19:28 test2
# grep -r "my grep text" /tmp/to/
/tmp/to/test/grep/commands/test1:this is my grep text to search
# grep -r "my other grep text" /tmp/to/
# grep -r -i "my other grep text" /tmp/to/
/tmp/to/test/grep/commands/test2:this is my OTHER grep text to search
# grep -r "my O* grep text" /tmp/to/
# grep -r "my OTHER grep text" /tmp/to/
/tmp/to/test/grep/commands/test2:this is my OTHER grep text to search
# rm -rf /tmp/to/


The above example creates a directory structure under /tmp/ for testing, echoes some sample text, outputs it to two test files at the end of the temporary directory structure, and then verifies that the files were written. The example then uses several grep commands to show different ways to search for these files based on the content, how to use -r to recursively search the directory structure, and -i to toggle case sensitive/insensitive searches. As a last step, the directories and files that were created while testing (after it is verified that /tmp/to/ was not used by any other files) are deleted.


  • The grep command supports a large number of options and gives quite a bit of flexibility in forming patterns to match against. Some more commonly used options would be recursive searching, case insensitivity, inverting matches, or retrieving match counts. The manual page (man grep) is the best resource for customizing grep searches.

 
NotesEach Linux command will have a manual entry which is the help documentation for that command. The following commands will open the help info for each:

man locate
man find
man grep

When in the manual page for a particular command, exit back to the command prompt at any time by pressing the Q key to quit.
 

Attachments

    Outcomes