Answer the question
In order to leave comments, you need to log in
P
P
pashaxp2014-06-03 11:15:21
pashaxp, 2014-06-03 11:15:21
How to catch editing a file by a process, a user on a Linux server?
1. There was a file and it was gone.
2. The file has been edited unexpectedly.
How (what utility) to understand who or what was done?
Server hacking and malicious actions are 99% excluded, this is something happening inside the system.
I would like a solution like "logging everything that happens on the server" (who and when edited / added / deleted the file in the system).
5 answer(s)
@pashaxp
Protko @Fesor
@lesovsky
@leahch
V
Vlad Zhivotnev, 2014-06-03 @pashaxp
Try Snoopy first.
If it does not help, then the script for inotify already.
S
Sergey, 2014-06-03 Protko @Fesor
rsyslog.d + inotify, in theory, you can write a small daemon that will catch file changes and write to the log who did it.
A
Alexey Lesovsky, 2014-06-03 @lesovsky
I like auditd, it's easy to set up and run, it can track almost everything that happens in the system (I kept track of who, what, when and with what parameters it starts).
ps and yes, you don't need to write anything yourself;)
A
Alexey Cheremisin, 2014-06-03 @leahch
Inotify for help en.wikipedia.org/wiki/Inotify
AND rus-linux.net/MyLDP/kernel/Inotify-tools.html
Similar questions
M
A
Alexander Semenenko2018-02-09 10:57:43
What is special about ALT-Linux when working with cgroup?
1Reply
Q
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question