前言
- find / -size +10000c
- :~ root# find / -amin -1
- Taokeceshiji1:/var/mobile/Library/Preferences root# find / -mmin -1
正文
find命令
* 基本格式:find path expression
<!-- 1.按照文件名查找 -->
find /etc -name '*srm*' #使用通配符*(0或者任意多个)。表示在/etc目录下查找文件名中含有字符串‘srm’的文件
按照文件特征查找
- find / -size +10000c
查找出大于10000000字节的文件(c:字节,w:双字,k:KB,M:MB,G:GB)
<!-- 常用语排查大文件,删除垃圾 -->
Taokeceshiji1:/var/mobile/Library/Preferences root# find / -size +100M
/System/Library/Caches/com.apple.dyld/dyld_shared_cache_armv7s
<!-- find / -size -1000k #查找出小于1000KB的文件 -->
- Taokeceshiji1:/var/mobile/Library/Preferences root# find . -group mobile
属于 group为mobile 的文件
- Taokeceshiji1:/var/mobile/Library/Preferences root# find / -user mobile
查找在系统中属于 mobile 这个用户的文件
- 查找在系统中最后5分钟里修改过的文件(modify time)
Taokeceshiji1:/var/mobile/Library/Preferences root# find / -mmin -1
/dev/null
/dev/ptmx
/dev/cu.debug
/dev/ttys001
/private/var/log/syslog
/private/var/mobile/Containers/Data/Application/0CBFDD26-FD65-4F93-8853-E2C2BB2DBF64/Library/WebKit/WebsiteData/LocalStorage/https_zhangkn.github.io_0.localstorage
- Taokeceshiji1:/var/mobile/Library/Preferences root# find / -empty
查找在系统中为空的文件或者文件夹
- find / -atime -2 # 查找在系统中最后48小时访问的文件
- 查找在系统中最后1分钟访问的文件
<!-- 常用语最近操作引起的配置文件信息修改 -->
:~ root# find / -amin -1
/System/Library/PrivateFrameworks/WebApp.framework/Info.plist
/System/Library/PrivateFrameworks/WebCore.framework/Info.plist
/private/var/mobile/Containers/Data/Application/316F71CA-00FE-4990-9F79-D4B490844E8F/Library/Caches/Snapshots/com.apple.webapp-34FB814D12744D389BC18AC2FB08222C
/private/var/mobile/Containers/Data/Application/316F71CA-00FE-4990-9F79-D4B490844E8F/Library/Caches/Snapshots/com.apple.webapp-34FB814D12744D389BC18AC2FB08222C/Main
/private/var/mobile/Containers/Data/Application/316F71CA-00FE-4990-9F79-D4B490844E8F/Library/Caches/Snapshots/com.apple.webapp-34FB814D12744D389BC18AC2FB08222C/Main/Default-34FB814D12744D389BC18AC2FB08222C-Portrait@2x.png
/private/var/mobile/Containers/Data/Application/316F71CA-00FE-4990-9F79-D4B490844E8F/Library/Caches/Snapshots/com.apple.webapp-34FB814D12744D389BC18AC2FB08222C/Main/downscaled
/private/var/mobile/Containers/Data/Application/316F71CA-00FE-4990-9F79-D4B490844E8F/Library/Caches/Snapshots/com.apple.webapp-34FB814D12744D389BC18AC2FB08222C/Main/downscaled/Default-34FB814D12744D389BC18AC2FB08222C-Portrait@2x.png
/private/var/mobile/Containers/Data/Application/316F71CA-00FE-4990-9F79-D4B490844E8F/Library/Caches/WebClips/34FB814D12744D389BC18AC2FB08222C
/private/var/mobile/Containers/Data/Application/316F71CA-00FE-4990-9F79-D4B490844E8F/Library/Preferences/com.apple.webapp.plist
<!-- 例子: 跟踪WebClips 的存储路径 -->
1) Taokeceshiji1:/var/mobile/Library/WebClips root# ls -lrt
drwxr-xr-x 3 mobile mobile 170 Mar 29 14:27 34FB814D12744D389BC18AC2FB08222C.webclip
drwxr-xr-x 2 mobile mobile 102 Mar 29 14:27 96B9826A3C6645E596581DC6504D2C4C.webclip
2) Taokeceshiji1:/var/mobile/Library root# ls -lrt /private/var/mobile/Containers/Data/Application/316F71CA-00FE-4990-9F79-D4B490844E8F/Library/Caches/WebClips
total 0
drwxr-xr-x 2 mobile mobile 68 Mar 29 11:41 D5D97FE3FB2841FCA4E043D7FBF29549
drwxr-xr-x 2 mobile mobile 68 Mar 29 14:27 34FB814D12744D389BC18AC2FB08222C
因此从Safari 创建的WebClips 最终是生成.webclip 是在/var/mobile/Library/WebClips
3) Taokeceshiji1:/var/mobile/Library/WebClips root# ls -lrt /private/var/mobile/Containers/Data/Application/316F71CA-00FE-4990-9F79-D4B490844E8F/Library/Caches/
total 0
drwxr-xr-x 4 mobile mobile 238 Mar 29 11:41 com.apple.webapp
drwxr-xr-x 4 mobile mobile 136 Mar 29 14:27 WebClips
drwxr-xr-x 4 mobile mobile 136 Mar 29 14:27 Snapshots
4) Taokeceshiji1:/private/var/mobile/Containers/Data/Application/316F71CA-00FE-4990-9F79-D4B490844E8F/Library/Caches/Snapshots root# ls -lrt
total 0
drwxr-xr-x 3 mobile mobile 102 Mar 29 11:41 com.apple.webapp-D5D97FE3FB2841FCA4E043D7FBF29549
drwxr-xr-x 3 mobile mobile 102 Mar 29 14:27 com.apple.webapp-34FB814D12744D389BC18AC2FB08222C
5) devzkndeMacBook-Pro:~ devzkn$ plutil -p com.apple.webapp.plist
{
"WebDatabaseDirectory" => "/var/mobile/Library/WebClips/34FB814D12744D389BC18AC2FB08222C.webclip/Storage"
"WebKitDiskImageCacheSavedCacheDirectory" => ""
"WebKitLocalCache" => "/var/mobile/Containers/Data/Application/316F71CA-00FE-4990-9F79-D4B490844E8F/Library/Caches/WebClips/34FB814D12744D389BC18AC2FB08222C"
"WebKitLocalStorageDatabasePathPreferenceKey" => "/var/mobile/Library/WebClips/34FB814D12744D389BC18AC2FB08222C.webclip/Storage"
"WebKitMediaPlaybackAllowsInline" => 1
"WebKitMediaPlaybackRequiresUserGesture" => 0
"WebKitOfflineWebApplicationCacheEnabled" => 1
"WebKitShrinksStandaloneImagesToFit" => 1
"WebKitStandalonePreferenceKey" => 1
"WebKitStorageTrackerEnabledPreferenceKey" => 1
}
<!-- -->
<!-- /var/mobile/Library/Preferences -->
<!-- /var/mobile/Library/Logs/oreduetd.log -->
grep 命令
基本格式: grep expression
- 1.主要参数
-c:只输出匹配行的计数。
-i:不区分大小写
-h:查询多文件时不显示文件名。
-l:查询多文件时只输出包含匹配字符的文件名。
-n:显示匹配行及行号。
-s:不显示不存在或无匹配文本的错误信息。
-v:显示不包含匹配文本的所有行。
- pattern正则表达式主要参数:
\: 忽略正则表达式中特殊字符的原有含义。
^:匹配正则表达式的开始行。
$: 匹配正则表达式的结束行。
\<:从匹配正则表达 式的行开始。
\>:到匹配正则表达式的行结束。
[ ]:单个字符,如[A]即A符合要求 。
[ - ]:范围,如[A-Z],即A、B、C一直到Z都符合要求 。
.:所有的单个字符。
* :有字符,长度可以为0。
例子
- grep -r magic /usr/src
#显示/usr/src目录下的文件(包含子目录)包含magic的行
- xargs
find . -name "*" | xargs grep "iosre" > ./cqtest.txt
- safari com.apple.mobilesafari
<!-- sanbox -->
/private/var/mobile/Containers/Data/Application/
<!-- app store 下载的app -->
/private/var/mobile/Containers/Bundle/Application/
<!-- /Applications/ 系统app -->
Taokeceshiji1:/var/mobile/Library/Preferences root# ps -e |grep Safari
582 ?? 0:00.45 /private/var/db/stash/_.lfIEX0/Applications/MobileSafari.app/webbookmarksd
597 ?? 1:03.18 /Applications/MobileSafari.app/MobileSafari
<!-- WebBookmarks.webbookmarksd.plist -Safari书签相关 -->
- ios_LaunchDaemons
/System/Library/LaunchDaemons 存放属于系统本身的守护程序plist文件
/Library/LaunchDaemons 存放第三方程序的守护程序plist文件
/System/Library/LaunchAgents 存放属于系统本身的代理程序plist文件
/Library/LaunchAgents 存放第三方程序的代理程序plist文件,通常为空
~/Library/LaunchAgents 用户自有的launch代理程序,只有对应的用户才会执行。
see also
在操作过程或者文章有问题的话欢迎在 原文 里提问或指正。
