Monitor accesses to directory on a Linux machine

Question

How would you monitor a directory on a Linux machine to check if there was a user (or someone from the network) who attempted to access it?

score 3 · Accepted Answer · answered Dec 19 '16 at 13:51

3

inotify like so

inotifywait -m -e modify,create,delete -r /var/www >> /var/log/i-see-www 2>&1

assuming you meant "worked in" when you said "access", simply listing or reading files .. that'd be harder to do.

answered Dec 19 '16 at 13:51

flowtron

score 3 · Answer 2 · answered Dec 19 '16 at 14:12

You can use auditd (audit) to monitor file access , after starting the service a log file will be registered under /var/log/audit/audit.log

To set a watch on a file, run :

sudo auditctl -w /path/to/file

To check it , run:

sudo ausearch -f /path/to/file

A detailled tuto can be found on Arch-linux-Wiki

2 Answers2