kfsmd is an interesting tool to keep track of changes in your filesystems. This tool based upon inotify which is a Linux kernel subsystem that provides file system event notification. Useful for file auditing. From the article:
Applications can ask the Linux kernel to report changes to selected files and directories. I created the Kernel Filesystem Monitoring Daemon (kfsmd) to make monitoring filesystem changes simple. Command-line clients for kfsmd come in two categories: monitoring and logging. The monitoring client produces output on the console whenever something happens to a filesystem you are watching. You can log to either a Berkeley DB4 file or a PostgreSQL database.
=> Use kfsmd to keep track of changes in your filesystems
Related: Linux audit files to see who made changes to a file
- RSS feed or Weekly email newsletter
- Share to Twitter • Facebook • 3 comments... add one ↓
40 Linux Server Hardening Security Tips [2019 edition]
30 Best Sources For Linux / *BSD / Unix Documentation On the Web
Linux audit files to see who made changes to a file
How Do I Enable remote access to PostgreSQL database server?- Linux 25 PHP Security Best Practices For Sys Admins
30 Linux System Monitoring Tools Every SysAdmin Should Know
Top 25 Nginx Web Server Best Security Practices
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
For a long time, the standard utility in this area has been SGI’s File Alteration Monitor, though I don’t know the status of FAM today.
It’s home page is at:
http://oss.sgi.com/projects/fam/
On distros involving hats (probably most others as well), the standard package for this is gamin, which is a simplified but mostly ABI/API-compatible replacement for FAM.
http://www.gnome.org/~veillard/gamin/
It was a little rough in the beginning (witness the 136-comment RH bugzilla ticket: https://bugzilla.redhat.com/show_bug.cgi?id=132354 ), but is now very stable and unobtrusive in its activity.
file system monitoring scripts
process monitoring scripts
cpu usage scripts
memory / swap usage scripts