LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Press page

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

File alteration monitoring techniques under Linux (DevChannel)

[Posted May 14, 2004 by ris]

The OSDN DevChannel looks at monitoring filesystems with tools like dnotify and FAM. "Most modern operating systems provide file monitoring facilities to give applications real-time information about changes to the filesystem. A variety of notification methods are used to tell the application when a change happens, ranging from an asynchronous signal being sent from the kernel through a user space tool printing the name of the changed file on its standard output. We'll take a look at some of the file monitoring facilities available to the Linux developer, starting with the lowest-level mechanism and working up to the highest."
(Log in to post comments)

File alteration monitoring techniques under Linux (DevChannel)

Posted May 14, 2004 20:26 UTC (Fri) by bkw1a (subscriber, #4101) [Link]

Around here, I use the SGI::FAM perl module for intrusion detection. See:

http://ayesha.phys.virginia.edu/~bryan/projects/famids

I have the fam server monitor a set of files (/etc/passwd, and /sbin/login, for example) and mail me a notice if they change. I run this on over 100 hosts.

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds