Alert when z file on linux server has been changed by x user.
#/bin/sh
old_time=`stat -c %z /var/spool/cron/root`
if [[ "$new_time" != "$old_time" ]];
then
echo -e "Changes has been made in Cron file" | mail -s "Modification alert" abhinav.dixit@xyz.com
echo -e "$old_time"
echo -e "$new_time"
else
echo "no change"
fi
实际上我想跟踪在z文件中进行任何更改的用户,其中n个用户访问z文件。我尝试使用上面的脚本至少在z文件被更改时获得警报。我不知道如何跟踪哪个用户更改了它。
答案 0 :(得分:1)
inotify-tools附带的inotifywait实用程序可帮助您在不轮询的情况下捕获事件:
while inotifywait -e modify /var/spool/cron/root; do
done
<小时/> SO: inotify - how to find out which user has modified file?建议使用审计守护程序跟踪用户的文件修改。