google "monitor file change on linux" 大多数给的建议是使用inotifywatch这个命令,试了试,发现达不到自己想要的效果。 例子:(可以是文件夹或者文件,使用Ctrl+C中断监控,然后会返回结果到标准输出) root@bv03301:/root: inotifywatch -v /home/qli00001/ Establishing watches... Total of 1 watches. Finished...
-R <file> Reads audit rules from a specified file. -s Displays the status of the audit system. -S <syscall> Adds a rule to audit a specific system call. -t Sets the audit systems clock to the current time. -w <path> Adds a watch on a file or directory. -W <path> Removes a...
exit-Sopenat-Fsuccess=0To watch a file for changes (2 ways to express):auditctl-w/etc/shadow-pwa#Notethisslowsthesystemauditctl-aalways,exit-Farch=b64-Fpath=/etc/shadow-Fperm=waTo recursively watch a directory for changes (2 ways to express):auditctl-w/etc/-pwa#Notethisslowsthesystem...
We read every piece of feedback, and take your input very seriously. Include my email address so I can be contacted Cancel Submit feedback Saved searches Use saved searches to filter your results more quickly Cancel Create saved search Sign in Sign up Reseting focus {...
To see all syscalls made by a specific program:auditctl-aalways,exit-Sall-Fpid=1005To see files opened by a specific user:auditctl-aalways,exit-Sopenat-Fauid=510To see unsuccessful openat calls:auditctl-aalways,exit-Sopenat-Fsuccess=0To watch a file for changes (2 ways to express):aud...