How to know if a file has 'access' monitor in linux

Posted by J L on Super User See other posts from Super User or by J L
Published on 2012-04-03T22:03:44Z Indexed on 2012/04/03 23:33 UTC
Read the original article Hit count: 189

Filed under:
|
|

I'm a noob and have some questions about viewing who accessed a file.

I found there are ways to see if a file was accessed (not modified/changed) through audit subsystem and inotify.

However, from what I have read online, according to here: http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html

it says to 'watch/monitor' file, I have to set a watch by using command like:

# auditctl -w /etc/passwd -p war -k password-file

So if I create a new file or directory, do I have to use audit/inotify command to 'set' watch first to 'watch' who accessed the new file?

Also is there a way to know if a directory is being 'watched' through audit subsystem or inotify? How/where can I check the log of a file?

© Super User or respective owner

Related posts about linux

Related posts about security