Friday, August 26, 2011

Viewing changed files on Linux

I thought that it would be useful to scan your system for changed files periodically. Instructions below explain how to generate a list of all your files along with the md5 information. If a file is changed, the md5sum will also be different. It would be more beneficial to have the system configured perfectly before doing this.

Create an index of the system:

find / -type f | xargs md5sum > original-`date +%m%d%y`

find / -type f | xargs md5 > original-`date +%m%d%y`

This will create a file called original along with the date in the filename. This may take awhile to complete. The next step is to generate a new list to see the changes. This should not be done immediately after the first step because the output files will probably be the same.

Repeat the steps above except change the output file from "original" to "changes"

View the changes:

diff original changes

To constantly view the the activity of changed files:

for((i=1;i<=16;i++)) do find ~/ -type f > new;diff original new; done