kfsmd is an interesting tool to keep track of changes in your filesystems. This tool based upon inotify which is a Linux kernel subsystem that provides file system event notification. Useful for file auditing. From the article:
Applications can ask the Linux kernel to report changes to selected files and directories. I created the Kernel Filesystem Monitoring Daemon (kfsmd) to make monitoring filesystem changes simple. Command-line clients for kfsmd come in two categories: monitoring and logging. The monitoring client produces output on the console whenever something happens to a filesystem you are watching. You can log to either a Berkeley DB4 file or a PostgreSQL database.
=> Use kfsmd to keep track of changes in your filesystems
Related: Linux audit files to see who made changes to a file
🐧 3 comments so far... add one ↓
AIX UNIX: File auditing to track reads and writes changes
Linux audit files to see who made changes to a file
Track your sport activity with open source software…
FOSSology: Track Open Source Software Within Your Company
Track ongoing developments in the Linux with Linux…
HowTo: Configure Linux To Track and Log Failed Login…
How to find the owner of a Network or Domain to…
Track Stolen Laptop / Mac With Free Open Source…
| Category | List of Unix and Linux commands |
|---|---|
| Disk space analyzers | df • ncdu • pydf |
| File Management | cat • tree |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | NetHogs • dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
For a long time, the standard utility in this area has been SGI’s File Alteration Monitor, though I don’t know the status of FAM today.
It’s home page is at:
http://oss.sgi.com/projects/fam/
On distros involving hats (probably most others as well), the standard package for this is gamin, which is a simplified but mostly ABI/API-compatible replacement for FAM.
http://www.gnome.org/~veillard/gamin/
It was a little rough in the beginning (witness the 136-comment RH bugzilla ticket: https://bugzilla.redhat.com/show_bug.cgi?id=132354 ), but is now very stable and unobtrusive in its activity.
file system monitoring scripts
process monitoring scripts
cpu usage scripts
memory / swap usage scripts