Background
We recently received a request from SecOps to search for the presence of dozens of specific filenames on multiple users’ hard drives.
The following script leverages mdfind
to search for a file by name; use mdfind -interpret
to search for the contents of a file.
Add to declare -a files=( … )
as needed; generous amounts of testing / validation will be required.
(Note: "UBF8T346G9.OneDriveSyncClientSuite"
was included to validate the script is actually working.)
Script
#!/bin/bash #################################################################################################### # # ABOUT # # Filename Search # #################################################################################################### # # HISTORY # # Version 1.0, 14-Nov-2018, Dan K. Snelson # Original version # #################################################################################################### echo " " echo "***********************" echo "*** Filename Search ***" echo "***********************" echo " " authorizationKey="${4}" # Check for a specified value in Parameter 4 if [[ "${authorizationKey}" != "]Iy9;;A)nV{KDl[WHj[VE*-Cs{" ]]; then echo "Error: Incorrect Authorization Key; exiting." exit 1 else echo "Correct Authorization Key; proceeding …" fi declare -a files=("UBF8T346G9.OneDriveSyncClientSuite" "File I don't want to Security to find.rtf" "Nothing to worry about.txt" "Filename-goes-here.pdf" "Add as many as needed.docx" "Spaces are OK.ppt" ) #set -x for file in "${files[@]}" do printf "\nSearching for: \"$file\" ...\n" IFS='%' testFile=( `/usr/bin/mdfind -name "${file}"` ) # testFile=( `/usr/bin/mdfind -interpret "${file}"` ) # Search for contents of file; see man mdfind if [[ -z "${testFile}" ]]; then echo "\"$file\" NOT found" else printf "Found: \"$file\"; printing metadata for "${testFile}" ...\n\n" /usr/bin/mdls "${testFile}" fi printf "\n============================================================\n" unset IFS done #set +x exit 0