Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Cleaning-up the /tmp partition

[Bdzzld]

Hi,

I'm looking for a (new) script which can be run daily (via a cronjob) and deletes every file in the /tmp partition which has not been used in a week.

I'm currently using the following :

Code:

find /tmp -mtime +8 -exec rm {} \;

but that only deletes those files and does not show the files being deleted and not even the amount of files being deleted.

Any ideas how to extend this script or rewrite it? The server runs CENTOS Enterprise 4.6 x86_64.

Thanks.

[hermetek]

find /tmp -mtime +8 | xargs rm -fv

...and then you could use a redirect to log it.

[david510]

Use below. Make a new directory /var/tmplogs. The script will make a file with current date, fill the file with the files that will be removed and will remove those files from /tmp.

Code:

#!/bin/sh
find /tmp -mtime +8 > /var/tmplogs/log-`date -I`
find /tmp -mtime +8 | xargs rm -fv

[Bdzzld]

Thanks for the suggestions so far...
If you write all file names of the files to be deleted to a logfile first, ain't it easier to use that logfile to remove the files instead of reissueing the 'find' command? Afaik the 'find' command can be heavy on resources...

[david510]

Modify the script as follows.

Code:

#!/bin/sh
find /tmp -mtime +8 > /var/tmplogs/log-`date -I`
for i in  $(cat /var/tmplogs/log-`date -I`) ; do rm -rf $i ; done

[Bdzzld]

I've now rewritten the script based on your suggestions.
Bash scripts can be quite powerfull

Is there also some way to check if the /var/tmplogs/ path has already been created and if not create it?

Thanks.

[slinek]

Quote:

Originally Posted by Bdzzld

I've now rewritten the script based on your suggestions.
Bash scripts can be quite powerfull

Is there also some way to check if the /var/tmplogs/ path has already been created and if not create it?

Thanks.

Code:

#!/bin/bash
if [ ! -d "/var/tmplogs" ]; then
mkdir /var/tmplogs
fi

[Tim Greer]

First, mtime is the modification time. If you want files that were just not "accessed" for over 8 days, then you'd use -atime instead.

Also, you don't need to run any additional commands, you can just use:

find /tmp -atime +8 -exec rm -vf {} \; > /var/tmplogs/log-`date -I`

This way it will run the rm command in forced, verbose mode and the redirect > will write to the dated log file.

You might want to add some commands to ignore links. Also, make sure the path for the log file exists and is writable and set the cron accordingly.

[Bdzzld]

If files are scanned on a regular basis in the /tmp path for possible abuses - which is what the csf/lfd combo does f.i. - substituting

Code:

-mtime

with

Code:

-atime

as you suggest, will not find any files at all.

[Tim Greer]

A file could not be modified for weeks, but be accessed every hour. This is why I recommended a check for access time instead of modification? Anyway, yeah, if the files are actually opened/read by some exploit checker, then the access time will be updated (and not the modification time). I don't think much of those scanners, but I'd have assumed it only checked the file once, within minutes (or hours) of creation time and shouldn't read them again unless the modification time changed.

Anyway, use -mtime if you want or need to, but I'd save processing with:

find /tmp -mtime +8 -exec rm -vf {} \; > /var/tmplogs/log-`date -I`