LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 10-17-2004, 05:43 AM   #1
Raman_RB
LQ Newbie
 
Registered: Oct 2004
Posts: 2

Rep: Reputation: 0
How to find which program/service/process touch the file?


Any of our created directories in /tmp folder erasing after some time... I cannot track which program/service/process touch the file...

Looks like tmpwatch is not a problem - it is to be run daily, not an every few minutes!
I have removed it completely just for sure - and it is not helps...

How can I do the trace?.. For example do chattr +i /tmp/newdir and then watch which process access this dir?

Point me to manual/links on this theme. (please, not recommend SNARE - it is require kernel recompile which I cannot to do for now, especiall for RH7.3)

Thank you.
 
Old 10-31-2004, 05:52 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,688
Blog Entries: 54

Rep: Reputation: 2956Reputation: 2956Reputation: 2956Reputation: 2956Reputation: 2956Reputation: 2956Reputation: 2956Reputation: 2956Reputation: 2956Reputation: 2956Reputation: 2956
Here's three choices, all with their cons and pro's: Dirwatch from http://pedram.redhive.com/, Auditunlink from freshmeat.net or somethink like Syscalltrack at Sourceforge.net.
Auditunlink is a preloaded library and if you got your RHL7.x kernel source then building Syscaltrack modules should be easy.
 
Old 11-01-2004, 04:16 AM   #3
Raman_RB
LQ Newbie
 
Registered: Oct 2004
Posts: 2

Original Poster
Rep: Reputation: 0
Thank you.

Thank you, I will take a look at these links.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
quick help with find touch bosewicht Programming 1 06-07-2005 10:05 PM
Trying to program an SDL application but cannot find the SDL.h file:SuSE 9.2&KDevelop pujolasdf Linux - Newbie 4 03-13-2005 08:50 AM
a script for process lof file to find online user netman_af Linux - Networking 1 08-17-2004 10:18 AM
Where can I find instuctions for the Wipe file deletion program andy_g_gray Linux - Software 2 09-05-2003 04:24 AM
ez way to find the process that creates a file? Griffon26 Linux - General 2 08-20-2002 04:36 PM


All times are GMT -5. The time now is 07:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration