Using audit as extended inotify
Tyler Hardin
th020394 at gmail.com
Mon Jul 27 23:30:33 UTC 2015
I want to monitor file and directory creation, modification, and deletion
on some large subtrees (/etc/, /usr/share/, and ~/.config/). And I want the
name of the executable that caused the event. The purpose will be to
facilitate cruft detection and removal.
Can audit do this? Will using it to do this with such large subtrees become
a performance issue?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20150727/2ca59136/attachment.htm>
More information about the Linux-audit
mailing list