find -newerXY

I am working my way through the Linux Fundamentals however im finding the Parrot instance does not support birth date to find the necessary file. I 'am honestly completely lost on how to find the file its asking for at this point. any suggestions?

htb-student@nixfund:~$ find / -iname “.confi*” -size +25k -size -28k -newerXY 2020-03-03
find: This system does not provide a way to find the birth time of a file.
find: invalid predicate `-newerBt’

@data4153 said:

I am working my way through the Linux Fundamentals however im finding the Parrot instance does not support birth date to find the necessary file. I 'am honestly completely lost on how to find the file its asking for at this point. any suggestions?

htb-student@nixfund:~$ find / -iname “.confi*” -size +25k -size -28k -newerXY 2020-03-03
find: This system does not provide a way to find the birth time of a file.
find: invalid predicate `-newerBt’

I haven’t completed this lab so I don’t know the specifics.

Linux filesystems have sporadic support for creation/birth date on files and even when they do support it, not every tool can access it.

What is the question specifically asking for? Would -newermt be effective?

TazWake I see you responding to a lot of these posts and just want to say thank you first.

The question is:

“What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?”

I feel like this might be another command other than find but I am not aware of any that can do an option for created date or “birth date” like its listed in the man.

@data4153 said:

TazWake I see you responding to a lot of these posts and just want to say thank you first.

Always pleased to assist where I can.

The question is:

“What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?”

I feel like this might be another command other than find but I am not aware of any that can do an option for created date or “birth date” like its listed in the man.

Find seems like the right answer but there are a few complexities to consider.

  • I’d try -newermt first and see if it returned anything useful. The mtime on Linux is often treated as the creation date.

Linux filesystem time rules are different to Windows which can be confusing. If the FS doesn’t support file creation times (EXT3 for example), then it simply doesn’t exist anyway. No amount of searching or other tools can return the creation date. Even filesystems that do support crtime (EXT4) this isn’t easy to recover.

You can experiment with this - stat filename is a good way to see what’s available. You can retrieve the crtime with a more complex approach - using debugfs -R stat filename for example. This isn’t something that works well with a broad search across a system, and it still only works if the fs captures creation timestamps.

  • The question is asking for config files. I’d double-check that means it has a name with .confi* as you are excluding files like httpd.conf with that string. I’d be tempted to use `“.conf” as the string to broaden the possible hits.

That said - YMMV. I haven’t done the lab so I don’t know what actually works here. There might be a lot of trial and error.

Maybe what you need to do is narrow down the search i was stuck here at first but i managed to narrow down the search by the command below.

*find / -type f -user root -name .conf -newermt 2020-03-03 -size +25k -size -28k 2>/dev/null

first i found all the files for user root with .conf extension and the date 2020-03-03
When i executed that command i got 10-20 files so i thought to narrow down the search more so i did some web search and found the way to pass 2 sizes if you use the -28k at first then +25k for size it throws an error so it’s better go from min range to max range.
Hope this helps :slightly_smiling_face:

When we use the -newerBt option, we might face the below error

find: This system does not provide a way to find the birth time of a file.
find: invalid predicate `-newerBt’

But if we see the question we have to use two filters. The one filter is size of the file and the other one is birth time of the file

As the system does not provide a way to find birth time of the file. We can try with the available option i.e the size of the file

command:
find / -type f -name *.conf -size +25k -size -28k -exec ls -al {} ; 2>/dev/null

In my case, there was only one file with this condition(the size) met and that file name is the answer for the question.