Saturday, April 28, 2007

Deleting zer0 size files & Renaming files with '-' prefix

I didn't notice that my research honeypot has its partition full when collecting malwares, hence it generates a lot of malware files with 0 size as there's no room for it. Since I have all of them collected under /var/nepenthes/binaries, I just execute the command below to delete all of the files with 0 size -

shell>cd /var/nepenthes/binaries

shell>find ./ -type f -size 0 -exec rm -rf '{}' \; -print

Then I list the all the files again -

shell>ls -la
total 808
drwxr-xr-x 2 root wheel 3584 May 4 19:49 .
drwxr-xr-x 7 root wheel 512 Jan 28 22:46 ..
-rw-r--r-- 1 root wheel 48808 Jan 29 20:31 06b6cd8fc0333df6a96a66910f0a285d
-rw-r--r-- 1 root wheel 8192 Jan 29 23:43 314b889b16b11886656c901656ffa847
-rw-r--r-- 1 root wheel 8192 Feb 1 20:05 579ab2f7e55c8ddc074603b82bb73ee4
-rw-r--r-- 1 root wheel 64464 May 4 19:49 6df903d10f7ad3ad688d90dba9380d3c
-rw-r--r-- 1 root wheel 58325 Jan 29 17:28 703a8118b285f85622db82e7350c16da
-rw-r--r-- 1 root wheel 40884 May 4 19:46 706e697ed520cc32027a525a645be1dd
-rw-r--r-- 1 root wheel 8192 Feb 1 05:54 a2628d55e482fac6448801187c0ce836
-rw-r--r-- 1 root wheel 158720 Jan 29 19:42 a4ed429c882f382b994b0860c5a9ced2
-rw-r--r-- 1 root wheel 8192 Feb 2 11:52 bc6595eff1398227ab0d4aa13acc20f4

I think I will need to write a script to automate the process, by moving all the files under this directory to another partition when /var partition is full or else I will need to do it manually which wasting my time.

Sometimes it is fun to poke with shell commands especially dealing a tricky one, to rename all the files in the directory with the prefix of '-' so that '-' get discarded, you can try the command below.

shell>for i in `ls -la | awk '{ print $9 }' | grep '^-.*'`; \
do mv -- $i `echo $i | cut -f 2 -d '-'`; done


I was asked about how to do this and think the commands crafted above should do the job. Have fun.

Peace ;]

2 comments:

Anonymous said...

i would have done it this way, no need for long ls and awk, for me i get blank fields,

for f in `ls -a|grep '^-.*'`; do mv ./$f `echo $f |sed s/^-//`; done

i like that there are a lot of different ways to do the same thing

Ben (a gentoo nut)

Anonymous said...

I would do it like this:

for i in -*; do mv ./$i $(echo $i | cut -b 2-); done

or

for i in -*; do mv -- $i $(echo $i | cut -b 2-); done

One problem, MANY solutions. :D