Tiny Core Linux
Tiny Core Extensions => TCE Talk => Topic started by: ankushkale1 on March 05, 2012, 11:31:50 PM
-
hi :)
is there simple file changes monitoring program? i tried samhain,tripwire,ossec,aide but always failed with configuration file generation errors..( very ugly ducumentation ).
So is there simple filesystem changes monitor? with easy eamples?
I want to monitor "make install" installed files & changes done by configuring different xfce settings
-
Hi ankushkale1
There is a very simple way for your purpose:
1. touch /tmp/Now
2. make install
3. find /usr -newer /tmp/Now -not -type d > /tmp/newfiles.lst
4. find /home -newer /tmp/Now -not -type d >> /tmp/newfiles.lst
5. find /lib/modules/`uname -r`/kernel -newer /tmp/Now -not -type d >> /tmp/newfiles.lst
The file /tmp/newfiles.lst will contain a list of files that were modified after executing the touch command.
If make install makes modifications in other directories, like /etc, you'll have to add find commands to track
them down, but this should catch everything in most cases. Don't try to do a find just from the root, or you'll get
lots of files that were modified by the operating system but were not modified by make install. Be selective
when using find.
-
thx. ;D
-
Awesome Rich !
I am mesmerized. How badly I needed this.
But clear to me this thing, if it can be done.
If I wanted to do that all the time after logging to my system, instead of doing that only while make install ? Certainly I will then not be touching newfiles.lst in /tmp but elsewhere .
I intend to do a thousand things with that.
Regards.
-
you could try gamin daemon.
http://people.gnome.org/~veillard/gamin/config.html
-
Hi shail.dw
The answer I gave to ankushkale1 is really only suitable for taking a snapshot at one particular point
in time. For real time monitoring, yoshi314s suggestion is one possibility.