[CentOS] This "find" command--dun deal!!!

Fri Dec 30 13:25:50 UTC 2005
rado <rado at rivers-bend.com>

On Fri, 2005-12-30 at 00:02 -0600, Les Mikesell wrote:
> On Thu, 2005-12-29 at 23:30, rado wrote:
>  
> > > > also, it seems that no matter what I tried I cannot get find to stop
> > > > looking in /proc  lol
> > > 
> > > One way is to use the -mount argument and make separate runs for
> > > each filesystem.  That also avoids the problem of wandering into
> > > isos/dvd's/nfs mounts, etc.
> > 
> > whoa...I run CentOS as generic and simply as possible. Only thing I am
> > guilty of is bash shell lol. I don't even run nfs anywhere!
> > ...my fstab:
> > # This file is edited by fstab-sync - see 'man fstab-sync' for details
> > /dev/md1     /                 ext3    defaults        1   1
> > /dev/md0     /boot             ext3    defaults        1   2
> > none         /dev/pts          devpts  gid=5,mode=620  0   0
> > none         /dev/shm          tmpfs   defaults        0   0
> > none         /proc             proc    defaults        0   0
> > none         /sys              sysfs   defaults        0   0
> > /dev/hdc3    swap              swap    defaults        0   0
> > /dev/hda3    swap              swap    defaults        0   0
> > 
> > /dev/hdb    /media/cdrecorder auto pamconsole,exec,noauto,managed 0 0
> > /dev/fd0    /media/floppy     auto pamconsole,exec,noauto,managed 0 0
> > 
> > oh my, Les!!! as I was editing the spacing in this fstab, something hit
> > me!  ...the /proc line and the /sys line could they be the culprits that
> > have been giving me fits???  
> > 
> > ok...I'm too tired tonite...gonna stop right here...tomorrow nite first
> > thing, I am gonna google around see if I can find some "proper syntax"
> > for this -mount deal...I read the man...just bounced off me for now.
> 
> If you don't have any mounted filesystems that you want scanned
> then you can't hurt anything.  Just add -mount as an argument
> to find after the directory (/) and on general principles you
> should also add -print0 as the last argument to find and -0 as
> an argument to xargs.

kk, now this is exciting! I ended up w/the following:

clamexcludes=" --exclude=/usr/share/doc/clamav-0.87 -- \
exclude=/usr/lib/mailman/tests/msgs "

find / -mount -type f -mtime -1 -print0 | xargs -0 clamscan -l \
/var/log/clamav/clamscan-bu-daily.log $clamexcludes \
 -r --no-summary | \
cut -d: -f1 > /usr/local/bin/changedfilelog


I was able to take all excludes from /sys and /proc from clamexcludes
and the -prune options of find. 

The total run time takes 2min 19 secs now (a couple mins. less) and the
number of files logged is 2,067 compared to 6-7000 files before!

Wow, I am very pleased!
Now I gotta go work!

thx for all,

John Rose