Results 1 to 2 of 2
Hi,
I'm new to this forum so excuse if my problem has been solved in previous thread.
I want to audit changes to files and/or directories.
Eg. monitor file httpd.conf, ...
- 08-17-2009 #1Just Joined!
- Join Date
- Aug 2009
- Posts
- 1
BASH script to audit changes to files and/or directories.
Hi,
I'm new to this forum so excuse if my problem has been solved in previous thread.
I want to audit changes to files and/or directories.
Eg. monitor file httpd.conf, if edited or deleted, then write date;username;filename;host ip address to log file
Any ideas?
- 08-18-2009 #2Trusted Penguin
- Join Date
- Jan 2005
- Location
- Seattle, WA, USA
- Posts
- 3,230
I don't believe this can be done. You could certainly do _some_ of this, but not all.
There is a library called inotify that allows a C program to receive events detailing when certain things happen to a file. For your particular case, you could be alerted whenever a given file is modified or is deleted (or renamed). However, I don't know how to get the username of the user who did that, and as for IP address, that would involve some sort of interfacing with sshd, which would be rather difficult.DISTRO=Arch
Registered Linux User #388732
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts