How would you monitor a directory on a Linux machine to check if there was a user (or someone from the network) who attempted to access it?
0
Add a comment
|
2 Answers
inotify like so
inotifywait -m -e modify,create,delete -r /var/www >> /var/log/i-see-www 2>&1
assuming you meant "worked in" when you said "access", simply listing or reading files .. that'd be harder to do.
You can use auditd (audit) to monitor file access , after starting the service a log file will be registered under /var/log/audit/audit.log
To set a watch on a file, run :
sudo auditctl -w /path/to/file
To check it , run:
sudo ausearch -f /path/to/file
A detailled tuto can be found on Arch-linux-Wiki
