How to know if a file has 'access' monitor in linux

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by J L on Super User See other posts from Super User or by J L
Published on 2012-04-03T22:03:44Z Indexed on 2012/04/03 23:33 UTC
Read the original article Hit count: 260

Filed under:
|
|

I'm a noob and have some questions about viewing who accessed a file.

I found there are ways to see if a file was accessed (not modified/changed) through audit subsystem and inotify.

However, from what I have read online, according to here: http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html

it says to 'watch/monitor' file, I have to set a watch by using command like:

# auditctl -w /etc/passwd -p war -k password-file

So if I create a new file or directory, do I have to use audit/inotify command to 'set' watch first to 'watch' who accessed the new file?

Also is there a way to know if a directory is being 'watched' through audit subsystem or inotify? How/where can I check the log of a file?

© Super User or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about linux

Related posts about security

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle