- Lab
- Cloud

Finding Files and File Contents
In this lab, we'll use the `find` command and its options to find all sorts of files on our system. Once we have found certain files, we'll use the execute function on them to run commands that will further display useful information about those files. Then, we'll use the `grep` command to show the contents of files, display additional context for what is found, show what lines those instances occur on, and more.

Path Info
Table of Contents
Use the `find` Command to Search for Files
See how many files it finds there:
find | wc -l
and its subdirectory contents:find /home
See how many files are there:
find /home | wc -l
Search the
directory for files whose names include.conf
flag means it will be case sensitive):find /etc -name *.conf 2> /dev/null
See how many files are returned:
find /etc -name *.conf 2> /dev/null | wc -l
Now, run a similar search, but this time, the
flag makes it case insensitive:find /etc -iname *.conf 2> /dev/null | wc -l
Look for everything in the directory:
find /etc -iname *.* 2> /dev/null | wc -l
Instead, add quotation marks to the command:
find /etc -iname "*.*" 2> /dev/null | wc -l
Let's say you made a backup. Let's run
on it:touch lastbackup
See what the timestamps are on it:
ls -l lastbackup
See more info about it:
stat lastbackup
on a range of files:touch file{1..10}
.Compare the dates and times of
and the files we just looked at:ls -l lastbackup file*
Find what files have changed since a particular backup or event:
find /home -newer lastbackup 2> /dev/null
Take a look at files that are 128k or larger:
find /etc -size +128k 2> /dev/null
Run a similar search, but this time we'll get more information:
find /etc -size +128k -exec ls -l {} \; 2> /dev/null
Change the size specification:
find /etc -size +512k -exec ls -l {} \; 2> /dev/null
Run the following to see the sizes in bytes:
find /etc -size +512k -exec ls -lh {} \; 2> /dev/null
:touch file99
ls -l
:ls -l file99
Create a hard link to
:ln file99 hardlink2file99
ls -l
again:ls -l *file99
This time, we'll see both files.
ls -li
:ls -li *file99
We'll see they share the same inode number.
Run a search:
find /home -samefile file99 -exec ls -li {} \; 2> /dev/null
Find File Contents and Display the Results Using the `grep` Command
Run the
ps aux
command, pipe it togrep
, and look forssh
:ps aux | grep ssh
We should see we get a few entries.
Find out more about
:pstree -a | grep ssh
Get the process number of sshd:
pstree -ap | grep sshd
Insert the process number you received in the previous command output:
pstree -ap <sshd_PROCESS_NUMBER>
This will give us a tree of everything, and their process IDs, running through sshd.
to search for a user in multiple files:grep cloud_user /etc/passwd /etc/group /etc/shadow
Search for
:grep -i zip /usr/share/doc/packages
It won't work because it's a directory.
Try this instead:
grep -ir zip /usr/share/doc/packages
tells it to look recursively from wherever we're pointing it to. This time, we'll see a ton of files.Get a count of the files:
grep -ir zip /usr/share/doc/packages | wc -l
There should be thousands (somewhere around 3800).
Search specifically for
on its own as a word:grep -irw zip /usr/share/doc/packages | wc -l
This time, there are still a lot (close to 2000), but not as many.
Search for
:grep -rw ZIP /usr/share/doc/packages | wc -l
There should be even fewer this time (in the 150 range).
Run the following to search for
:grep -rw ZIP /usr/share/doc/packages | grep src
Get even more information:
grep -rwn ZIP /usr/share/doc/packages | grep -n src
Open one of the files in the list:
vim /usr/share/doc/packages/p7zip/DOC/src-history.txt +174
Quit the file with
.Find the accounts that are on your system:
Search forward with to find the accounts that have never logged in:
lastlog | grep "Never"
This time,
won't be on the list, as we've logged in.Invert the search to see everything that doesn't have "Never" in it:
lastlog | grep -v "Never"
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.