Answer the question
In order to leave comments, you need to log in
Archive audit, is it possible?
Good evening!
I'm building a software product and I was given tasks to identify files that are never used in the build. After a little thought, I decided to hang an audit on all assembly files. If the file is called for reading or for execution, there will undoubtedly be an entry in the audit log. But to my regret, it turned out that before the assembly itself there is a preparatory stage (the assembly environment is formed (environment variables are declared, etc.), directories are prepared in which it will be built). The directory is built from tar archives. If you hang an audit on them, then an audit entry will be added to the log when unpacking. But not the fact that all the files in the archive are used. With that in mind, I have a question: How can I trace the call to a file in an archive? Is there any tool for this? Or do you still have to redo the assembly algorithm a little? It means to unpack the archives in advance and hang an audit after the preparatory stage.
The assembly is made in CentOS 6.3
Answer the question
In order to leave comments, you need to log in
man incron.
Filter IN_CLOSE_WRITE, catch IN_CLOSE_NOWRITE.
Well, or even easier - write timestamps, after unpacking mark what was unpacked, after that already look at the files.
so just ignore the entries that are made when unpacking the archive.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question