Tag: find

Viewing strings of text in binary files on Linux and UNIX

If a user encounters a binary file and does not know what it is used for or where it came from, they may gain some insight into its origins and use by searching for character strings within the file. If the cat command is used to view a binary file, the user will get a screen full of garbage that will more often than not change the display characteristics. Instead, the strings command should be used, as demonstrated in the following examples:

Find All Strings in the Binary File

$ strings echo
/lib/ld-linux.so.2
libc.so.6
stdout
getopt_long
__fpending
getenv
...
Copyright (C) 2002 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
%s (%s) %s
Written by %s.
%s %s
memory exhausted

Again the above output has been abbreviated to save space, but you can see that there is some useful information here. Just knowing that “This is free software” and that it is copyrighted by the Free Software Foundation can give you some great insight on where this came from and why it might be there.

Finding Occurrences of a String in a Binary File

Here we show how the output of the strings command can be piped into the grep command to look for specific words within a binary file.

$ strings echo|grep GLIBC
GLIBC_2.3
GLIBC_2.1.3
GLIBC_2.1
GLIBC_2.0
GLIBC_2.2

This shows how grep can be used to limit the output of a command to only lines that contain certain text.

Easy Linux CommandsFor more tips like this check out my book Easy Linux Commands, only $19.95 from Rampant TechPress.

Buy it now!


unix, linux, text, search, find

More Linux and UNIX find command options

Like many Linux and UNIX commands, the find command supports a long list of options. I covered several of the options in a previous article but there are even more useful options. Here are some of them:

Doing things with what we find

The –exec option gives find the powerful ability to execute commands on the files found. The syntax is a little tricky but an example is usually all it takes to get it right.

Before using the -exec option, especially with a powerful command like rm I recommend performing the same find without the –exec. By doing this you will see exactly which files you will be affecting when you run the final command.

The following is a practical example that finds files less than three days old with the .txt extension and deletes them.

Finding .txt Files < 3 Days Old and Delete Them

$ find . -name '*.txt' -mtime -3 -exec rm {} \;
$ ls –lt
total 8
-rw-r--r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt

The –exec option allows you to put any command after it. Here we have used rm but it is often useful to use this option with cp or chmod. Within the command to be run there must be two curly brackets {}. find will execute the command for each file it finds substituting the file name (and path) where the curly brackets are. Finally the end of the –exec option is signaled by an escaped semicolon (\;). The –exec option should always be the last option given in a find command.

The find command is great for finding files and directories but next we’ll look at some options for finding other things on the system.

Dealing with “Permission denied” in find

If you use find a lot (and you probably will) you will sometimes run into the problem where you get just pages and pages of output like this:

$ find / -name '*.txt'
find: /var/lib/dav: Permission denied
find: /var/lib/nfs/statd: Permission denied
find: /var/lib/dhcpv6: Permission denied
find: /var/lib/slocate: Permission denied
find: /var/lib/xdm/authdir: Permission denied
find: /var/lib/php/session: Permission denied
find: /var/log/samba: Permission denied
find: /var/log/ppp: Permission denied
find: /var/log/audit: Permission denied
find: /var/log/squid: Permission denied
...

This is find telling you there are certain directories you don’t have permissions to search. This can make it very difficult to find the useful output of the find as it can be mixed in with the permissions errors.

To ignore these (and any other) errors and just get the results of what you can find we can use a special redirect at the end of the command. Redirecting output will be covered in more detail in the chapter on shell scripting, but suffice it to say that in this command 2>/dev/null is redirecting the error output to nowhere.

$ find / -name '*.txt' 2>/dev/null
/var/www/icons/small/README.txt
/usr/X11R6/lib/X11/rgb.txt
/usr/X11R6/lib/X11/doc/Xprint_FAQ.txt
/usr/lib/4Suite/tests/Xml/Core/count.txt
...

While it would not be a good idea to redirect the error output all the time (usually you want to know when something has gone wrong) in this case of the find command it can be very useful.

Easy Linux CommandsFor more tips like this check out my book Easy Linux Commands, only $19.95 from Rampant TechPress.

Buy it now!


find, search, unix, linux, system administration, sysadmin

Search UNIX without the junk

If you have done much UNIX systems administration you have probably seen output like this from the ‘find’ command:

$ find / -name lifeaftercoffee.com
find: /proc/tty/driver: Permission denied
find: /proc/sys/kernel/pax: Permission denied
find: /proc/net: Permission denied
find: /proc/4680/fd: Permission denied
find: /usr/local/dh/apache/logs/basic-argon/fastcgi: Permission denied
find: /usr/local/dh/apache/logs/basic-bongo/fastcgi: Permission denied
find: /usr/local/dh/apache/logs/basic-cabo/fastcgi: Permission denied
find: /usr/local/dh/apache/logs/basic-dap/fastcgi: Permission denied
find: /usr/local/dh/apache/logs/basic-adamant/fastcgi: Permission denied
find: /usr/local/dh/apache/logs/basic-emu/fastcgi: Permission denied
find: /usr/local/dh/apache/logs/basic-fritz/fastcgi: Permission denied
find: /usr/local/dh/apache/logs/basic-grog/fastcgi: Permission denied
…

Annoying, to say the least, that your actual search results may be buried in pages upon pages of this.

Here’s a quick way around this. Redirect the error output to /dev/null (the black hole of data.) It’s as simple as appending ‘2>/dev/null’ to the end of the command.

$ find ./ -name lifeaftercoffee.com 2>/dev/null
/home/jonemmons/logs/lifeaftercoffee.com
/home/jonemmons/lifeaftercoffee.com

Any errors are ignored, which can complicate troubleshooting, but if things aren’t doing what you want them to, just drop the redirect and run the command to see the errors again.

The command may vary depending on your shell and breed of UNIX, but this has always worked for me.

Easy Linux CommandsFor more tips like this check out my book Easy Linux Commands, only $19.95 from Rampant TechPress.

Technorati tags: , , , ,