|
editing a link file?
Hi everyone
this may sound like a stupid question but it just came to mind and thought id ask around... is it possible to editing a soft/hard link file i.e. the one that is created using the ln command? and is it possible to also get it to execute a command whenever some use the link i.e. cd into the soft link which takes them to the actual directory but also updates a log with time of access. thanks in advance |
Hello,
I'm not sure what you mean by editing link. You can use the ln command to redirect the link elsewhere. The inotify interface can be used to trigger a command whenever a link is accessed: http://en.wikipedia.org/wiki/Inotify |
Thanks for your help, inotify is not availble on the red hat server in question is there another way?
If this is not possible is it possible to run a script when a particular service or daemon is called? |
Everything is possible. You just have to know precisely what you want to do and to do it.
inotify is on every linux kernel after 2.6.13 For older kernels, there is dnotify. |
Basically the issue that got me thinking a little :) was we suspect one of the I.T guys are messing with some of the red hat servers but want to catch him in the act, the act is various issue i.e. accessing certain files or logs, i want to run some commands on the server to monitor certain things but not from the obvious place i.e. cron at anacron as the I.T guy is well versed in linux and would prob catch on to us.
I have noticed that certain daemons or services run once a day, week or month but wanted to run my monitoring scripts from these trigger events if that makes sense???? stuf like w, top, netstat etc. Is this possible? Thanks |
I get a fuzzy idea about what you are trying to do, but it's not cristal clear to me.
I got that you were trying to monitor the file activities of a daemon that runs periodically. Is that correct? Why doesn't dnotify or inotify do the job? What didn't I get? |
Assuming that your intentions are legal, meaning that you are officially backed by your bosses, there are certain things you could do.
The most easiest thing to do would be to regularly monitor the bash history file of that person to see what commands he he/she has issued. You need access to his account or root privilege. You could use a modified shell application that logs all his actions without keeping these from being done. You must modify his user settings to use that shell as a default. He/she could find out about this when accessing /etc/passwd. Or modify the shell to log only when he/she is logged in, and replace the default shell with this modified one (affects all users). Or if the person accesses logfiles for reading with, for example, less, then use a modified less to log events when certain files are accessed. Modifying common tools to do some extra logging will also generate evidence. Replacing the links with links to certain a script that acts/redirects data/contents from the original files is problematic. Easy to find out for the person that something is going on and difficult to mimic (for example plain text files during editing with vi, or something like that). That's what I would do, if the amount of the person's "criminal activity" justifies the amount of work that has to be implemented to catch him. Or just have a talk with him/her. Knowing that he/she is being monitored could put a hold on all that activity and solve the situation as well. Server issues |
Quote:
Ive tried looking for the command dnotify but could find it even as root user? could you give me dummy instructions.. |
The inotify interface is not a command. It is an API to monitor files. If you are looking for a command, you should look at the inotify-tools:
http://inotify-tools.sourceforge.net/ |
| All times are GMT -5. The time now is 04:38 PM. |