Logging access to files and directories
There are many reasons you may need to be notified when a file is accessed. You might want to know when a file is modified so it can be backed up, or you might want to know when files in /bin
are modified by a hacker.
Getting ready
The inotifywait
command watches a file or directory and reports when an event occurs. It doesn't come by default with every Linux distribution. You have to install the inotify-tools
package. It requires the inotify
support in the Linux kernel. Most new GNU/Linux distributions compile the inotify
support into the kernel.
How to do it...
The inotify
command can monitor a directory:
#/bin/bash #Filename: watchdir.sh #Description: Watch directory access path=$1 #Provide path of directory or file as argument to script $ inotifywait -m -r -e create,move,delete $path -q
A sample output resembles the following:
$ ./watchdir.sh . ./ CREATE new ./ MOVED_FROM new ./ MOVED_TO news ./ DELETE news