WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Want Simple Filesystem change monitoring program?  (Read 2734 times)

Offline ankushkale1

  • Newbie
  • *
  • Posts: 12
Want Simple Filesystem change monitoring program?
« on: March 06, 2012, 02:31:50 AM »
 hi  :)

is there simple file changes monitoring program? i tried samhain,tripwire,ossec,aide but always failed with configuration file generation errors..( very ugly ducumentation ).

So is there simple filesystem changes monitor? with easy eamples?

I want to monitor "make install" installed files & changes done by configuring different xfce settings

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11629
Re: Want Simple Filesystem change monitoring program?
« Reply #1 on: March 06, 2012, 11:09:24 AM »
Hi ankushkale1
There is a very simple way for your purpose:
Code: [Select]
1. touch /tmp/Now
2. make install
3. find /usr -newer /tmp/Now -not -type d > /tmp/newfiles.lst
4. find /home -newer /tmp/Now -not -type d >> /tmp/newfiles.lst
5. find /lib/modules/`uname -r`/kernel -newer /tmp/Now -not -type d >> /tmp/newfiles.lst

The file  /tmp/newfiles.lst  will contain a list of files that were modified after executing the  touch  command.
If  make install  makes modifications in other directories, like /etc, you'll have to add  find  commands to track
them down, but this should catch everything in most cases. Don't try to do a find just from the root, or you'll get
lots of files that were modified by the operating system but were not modified by  make install. Be selective
when using  find.


Offline ankushkale1

  • Newbie
  • *
  • Posts: 12
Re: Want Simple Filesystem change monitoring program?
« Reply #2 on: March 06, 2012, 11:49:55 AM »
thx.  ;D

Offline shail.dw

  • Newbie
  • *
  • Posts: 34
Re: Want Simple Filesystem change monitoring program?
« Reply #3 on: March 08, 2012, 01:36:35 AM »
Awesome Rich !
I am mesmerized. How badly I needed this.

But clear to me this thing, if it can be done.
If I wanted to do that all the time after logging to my system, instead of doing that only while make install ? Certainly I will then not be touching newfiles.lst in /tmp but elsewhere .
I intend to do a thousand things with that.

Regards.

Offline yoshi314

  • Full Member
  • ***
  • Posts: 135
Re: Want Simple Filesystem change monitoring program?
« Reply #4 on: March 08, 2012, 08:48:52 AM »

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11629
Re: Want Simple Filesystem change monitoring program?
« Reply #5 on: March 08, 2012, 09:14:14 AM »
Hi shail.dw
The answer I gave to ankushkale1 is really only suitable for taking a snapshot at one particular point
in time. For real time monitoring, yoshi314s suggestion is one possibility.