[sllug-members]: Finding what process modifies files?
Mitch Anderson
mitch at metauser.net
Mon Jan 8 19:08:19 MST 2007
depending on what release of redhat you have auditd (rhel4+) or laus in
rhel3.
I'm not that familiar with either at this point other than laus is
buggy, and I'm glad it was replaced in rhel4. Some resources for
rhel4's auditd can be found here:
http://people.redhat.com/sgrubb/audit/
He also has some really cool graphing scripts for the audit daemon.
Marc Christensen wrote:
> Hey, I'm trying to find what process is modifying some files owned by an
> RPM I wrote. After a mystery processes runs, some groups and
> permissions on the RPM's files and directories have changed however, I
> don't know when or what process is doing the changing.
>
> I looked into fam and fileschanged which tells me that the files are
> changing but not which process is doing the modification.
>
> Does anyone know of a utility that possibly uses fam or similar file
> alteration monitor to report which processes are doing the changing?
>
> Thanks.
>
> --
> Marc Christensen
> http://blog.mecworks.com
> ______________________________________________________________________
> See http://www.sllug.org/ for latest SLLUG news, information, links.
> Join SLLUG and other UT LUG members on irc.FreeNode.net channel #Utah
> sllug-members at sllug.org
> http://www.sllug.org/cgi-bin/mailman/listinfo/sllug-members
More information about the sllug-members
mailing list