Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like to monitor any files modifications that occur on one of my servers. I know I will get some false results. I'm just not able to find the proper command. Regards.
fam is a server that tracks changes to the filesystem and relays these changes to interested applications. Applications such as fm(1G) and mailbox(1) present an up-to-date view of the filesystem. In the absence of fam, these applications and others like them are forced to poll the filesystem to detect changes. fam is more efficient.
Applications can request fam to monitor any files or directories in any filesystem. When fam detects changes to monitored files, it notifies the appropriate application. The FAM API provides a programmatic interface to fam; see fam(3X).
fam is informed of filesystem changes as they happen by the kernel through the imon(7M) pseudo device driver. If asked to monitor files on an NFS mounted filesystem, fam tries to use fam on the NFS server to monitor files. If fam cannot contact a remote fam, it polls the files instead. fam also polls special files.
Normally, fam is started by inetd(1M). It is registered with portmap(1M) as performing the sgi_fam service.
OPTIONS
-l Disable polling of NFS files. It does not disable use of remote fam on NFS servers, nor does it disable polling of local files.
-t NFS_polling_interval Set the interval for polling files to NFS_polling_interval seconds. The default is six
seconds.
-T idle_timeout Set the idle timeout interval to idle_timeout. fam exits idle_timeout seconds after its
last client disconnects. A value of 0 causes fam to wait indefinitely for new connections. The default is five seconds.
-f Remain in the foreground instead of spawning a child and exiting. This option is ignored if fam is
started by inetd.
-v Turn on verbose messages.
-d Enable verbose messages and debug messages.
-p program.version Use the specified RPC program and version numbers.
-L Local-only mode. fam will only accept requests from clients running on the local machine. This overrides the local_only flag in the configuration file. This option is ignored if fam is started by inetd.
-C Compatibility mode. This disables authentication and reduces access security as described under SECURITY below. This overrides the insecure_compatibility flag in the configuration file.
-c config_file Read configuration information from the given file rather than the default, which is
/etc/fam.conf.
CONFIGURATION FILE
In addition to its command-line options, fam's behavior can also be controlled through its configuration file. By default, this is /etc/fam.conf; the -c command-line option can be used to specify an alternate file. Configuration lines are in the format option=value. Lines beginning with # or ! are ignored. fam recognizes the following options:
insecure_compatibility If set to true, this disables authentication and reduces access security as described
under SECURITY below. This is false by default. Setting this option to true is the same as using the -C command-line option.
untrusted_user This is the user name or UID of the user account which fam will use for unauthenticated clients. If a file can't be stat'ed by this user, fam will not tell unauthenticated clients about the file's existence. If an untrusted user is not given in the configuration file, fam will write an error message to the system log and terminate.
local_only If set to true, fam will ignore requests from remote fams. This is false by default. Setting
this option to true is the same as using the -L command-line option. This option is ignored if fam is started by inetd.
idle_timeout This is the time in seconds that fam will wait before exiting after its last client disconnects. The default is five seconds. This option is overridden by the -T command-line option.
nfs_polling_interval This is the interval in seconds between polling files over an NFS filesystem. The default is six seconds. This option is overridden by the -t command-line option.
xtab_verification If set to true, fam will check the list of exported filesystems when remote requests are
received to verify that the requests fall on filesystems which are exported to the requesting hosts. This is true by default. If this option is set to false, fam will service remote requests without attempting to perform the verification. If the local_only configuration option or -L command-line option is used, xtab_verification has no effect.
SECURITY
For backward compatibility, the -C command-line option and insecure_compatibility configuration option can be used to disable authentication. Configuring fam this way opens a publically known security weakness whereby a "rogue client" can obtain the names of all the files and directories on the system.
Note that fam never opens the files it's monitoring, and cannot be used by a rogue client to read the contents of any file on the system. fam only gives out the names of monitored files, and only monitors files which the client can stat(1M). Users can stat a file without having read permission on it as long as they have search permission on the directory containing it.
Aide and tripwire will monitor file changes and mail you a report, their kind of a pain to configure. If you want to monitor one file use "stat filename" at a prompt. Also perl has a stat function that returns an array with useful info about the file, try "man perlfunc" and look for "stat".
man perlfunc /stat:
stat FILEHANDLE
stat EXPR
stat Returns a 13-element list giving the status info for a file,
either the file opened via FILEHANDLE, or named by EXPR. If
EXPR is omitted, it stats $_. Returns a null list if the stat
fails. Typically used as follows:
Not all fields are supported on all filesystem types. Here are
the meaning of the fields:
0 dev device number of filesystem
1 ino inode number
2 mode file mode (type and permissions)
3 nlink number of (hard) links to the file
4 uid numeric user ID of file's owner
5 gid numeric group ID of file's owner
6 rdev the device identifier (special files only)
7 size total size of file, in bytes
8 atime last access time in seconds since the epoch
9 mtime last modify time in seconds since the epoch
10 ctime inode change time in seconds since the epoch (*)
11 blksize preferred block size for file system I/O
12 blocks actual number of blocks allocated
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.