linux audit

How To Track Changes in Your Linux Filesystem

kfsmd is an interesting tool to keep track of changes in your filesystems. This tool based upon inotify which is a Linux kernel subsystem that provides file system event notification. Useful for file auditing. From the article:

Applications can ask the Linux kernel to report changes to selected files and directories. I created the Kernel Filesystem Monitoring Daemon (kfsmd) to make monitoring filesystem changes simple. Command-line clients for kfsmd come in two categories: monitoring and logging. The monitoring client produces output on the console whenever something happens to a filesystem you are watching. You can log to either a Berkeley DB4 file or a PostgreSQL database.

=> Use kfsmd to keep track of changes in your filesystems

Related: Linux audit files to see who made changes to a file

