Attention
Zercurity has been acquired by JumpCloud.
This documentation will no longer be maintained or updated. You can read more about the acquisition, or signup to JumpCloud today.
file¶
Interactive filesystem attributes and metadata.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: file
- Windows
- Linux
- Mac OSX
- Free BSD
Table schema¶
Name | Type | Description |
---|---|---|
path | TEXT | Absolute file path |
directory | TEXT | Directory of file(s) |
filename | TEXT | Name portion of file path |
inode | BIGINT | Filesystem inode number |
uid | BIGINT | Owning user ID |
gid | BIGINT | Owning group ID |
mode | TEXT | Permission bits |
device | BIGINT | Device ID (optional) |
size | BIGINT | Size of file in bytes |
block_size | INTEGER | Block size of filesystem |
atime | BIGINT | Last access time |
mtime | BIGINT | Last modification time |
ctime | BIGINT | Last status change time |
btime | BIGINT | (B)irth or (cr)eate time |
hard_links | INTEGER | Number of hard links |
symlink | INTEGER | 1 if the path is a symlink, otherwise 0 |
type | TEXT | File status |
bsd_flags | TEXT | The BSD file flags (chflags). Possible values: NODUMP, UF_IMMUTABLE, UF_APPEND, OPAQUE, HIDDEN, ARCHIVED, SF_IMMUTABLE, SF_APPEND |
Query examples¶
select * from file where path = '/etc/passwd'
select * from file where directory = '/etc/'
select * from file where path LIKE '/etc/%'