Monitoring Directories and Files

[theLittleTramp]

Hi guys

A question has been put to me from my university and I'm lost as to where to begin, hopefully you can help.

In learning and understanding Linux which Directories and Files could you monitor for changes. I have a fair understanding of how Inotify works, the problem is the vagueness of the question. The question only asks which directories and files could you consider monitoring

Any help you can give me would be great

Thanks

[Irithori]

That question is vague and from my pov it depends on the scenario.
In a (very) high security environment: probably all files.
For filesync setup between multiple servers? The datadirectory(s) to be synced.
In general I would say it doesnt make too much sense to monitor volatile files like /proc /dev etc and logfiles in /var/log for change. Because.. they do

You might want to check /bin, /sbin, /usr/bin, /usr/sbin as they should only change in a controlled way: aka via update or install of packages.
But then again, I wouldnt use inotify here. Wrong tool: waste of ressources, and there are more sophisticated ones like tripwire, aide, etc

I guess this question is meant to make you think in a braindump way,
and does not expect a specific answer.
Because that would need a specific scenario, imho.

[theLittleTramp]

Thanks for your reply, I was on another forum and they were giving me such plain answers. Very precise, thanks a lot

[matonb]

You might also be interested in "inotify" if it's available for your distribution.
inotify - Wikipedia, the free encyclopedia

It first appeared in RHEL / CentOS 5 if your a RedHat type...

[Rubberman]

The inotify tools are also available for Debian-based distributions. I have used it on ARM9 processor-based systems as well as on CentOS/RHEL and Ubuntu. It should be available on just about any 2.6 kernel system.