Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon

Finding Files and File Contents

In this lab, we'll use the `find` command and its options to find all sorts of files on our system. Once we have found certain files, we'll use the execute function on them to run commands that will further display useful information about those files. Then, we'll use the `grep` command to show the contents of files, display additional context for what is found, show what lines those instances occur on, and more.

Google Cloud Platform icon

Path Info

Clock icon Beginner
Clock icon 45m
Clock icon Nov 27, 2019

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Use the `find` Command to Search for Files

    Run find:


    See how many files it finds there:

    find | wc -l

    Run find on /home and its subdirectory contents:

    find /home

    See how many files are there:

    find /home | wc -l

    Search the /etc directory for files whose names include .conf (the -name flag means it will be case sensitive):

    find /etc -name *.conf 2> /dev/null

    See how many files are returned:

    find /etc -name *.conf 2> /dev/null | wc -l

    Now, run a similar search, but this time, the -iname flag makes it case insensitive:

    find /etc -iname *.conf 2> /dev/null | wc -l

    Look for everything in the directory:

    find /etc -iname *.* 2> /dev/null | wc -l

    Instead, add quotation marks to the command:

    find /etc -iname "*.*" 2> /dev/null | wc -l

    Let's say you made a backup. Let's run touch on it:

    touch lastbackup

    See what the timestamps are on it:

    ls -l lastbackup

    See more info about it:

    stat lastbackup

    Run touch on a range of files:

    touch file{1..10}

    Run ls.

    Compare the dates and times of lastbackup and the files we just looked at:

    ls -l lastbackup file*

    Find what files have changed since a particular backup or event:

    find /home -newer lastbackup 2> /dev/null

    Take a look at files that are 128k or larger:

    find /etc -size +128k 2> /dev/null

    Run a similar search, but this time we'll get more information:

    find /etc -size +128k -exec ls -l {} \; 2> /dev/null

    Change the size specification:

    find /etc -size +512k -exec ls -l {} \; 2> /dev/null

    Run the following to see the sizes in bytes:

    find /etc -size +512k -exec ls -lh {} \; 2> /dev/null

    Run touch on file99:

    touch file99

    Run ls -l:

    ls -l file99

    Create a hard link to file99:

    ln file99 hardlink2file99

    Run ls -l again:

    ls -l *file99

    This time, we'll see both files.

    Run ls -li:

    ls -li *file99

    We'll see they share the same inode number.

    Run a search:

    find /home -samefile file99 -exec ls -li {} \; 2> /dev/null
  2. Challenge

    Find File Contents and Display the Results Using the `grep` Command

    Run the ps aux command, pipe it to grep, and look for ssh:

    ps aux | grep ssh

    We should see we get a few entries.

    Find out more about ssh:

    pstree -a | grep ssh

    Get the process number of sshd:

    pstree -ap | grep sshd

    Insert the process number you received in the previous command output:

    pstree -ap <sshd_PROCESS_NUMBER>

    This will give us a tree of everything, and their process IDs, running through sshd.

    Use grep to search for a user in multiple files:

    grep cloud_user /etc/passwd /etc/group /etc/shadow

    Search for zip in /usr/share/doc/packages:

    grep -i zip /usr/share/doc/packages

    It won't work because it's a directory.

    Try this instead:

    grep -ir zip /usr/share/doc/packages

    -ir tells it to look recursively from wherever we're pointing it to. This time, we'll see a ton of files.

    Get a count of the files:

    grep -ir zip /usr/share/doc/packages | wc -l

    There should be thousands (somewhere around 3800).

    Search specifically for zip on its own as a word:

    grep -irw zip /usr/share/doc/packages | wc -l

    This time, there are still a lot (close to 2000), but not as many.

    Search for ZIP:

    grep -rw ZIP /usr/share/doc/packages | wc -l

    There should be even fewer this time (in the 150 range).

    Run the following to search for src:

    grep -rw ZIP /usr/share/doc/packages | grep src

    Get even more information:

    grep -rwn ZIP /usr/share/doc/packages | grep -n src

    Open one of the files in the list:

    vim /usr/share/doc/packages/p7zip/DOC/src-history.txt +174

    Quit the file with :q.

    Find the accounts that are on your system:


    Search forward with to find the accounts that have never logged in:

    lastlog | grep "Never"

    This time, cloud_user won't be on the list, as we've logged in.

    Invert the search to see everything that doesn't have "Never" in it:

    lastlog | grep -v "Never"

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans