LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-16-2017, 02:16 PM   #1
OS-Newb
LQ Newbie
 
Registered: Aug 2014
Location: Near Portland, OR
Distribution: Would like help becoming comfortable with Gentoo, AV Linux, maybe Arch
Posts: 8

Rep: Reputation: Disabled
Is there a file access history in Linux?


You know how in Windows, you can look up the history (in Windows Explorer, I think) of files that have been opened on the system? Is there a similar way to do that on Linux? I ask because I would want to clear that history all the time.
 
Old 03-16-2017, 03:09 PM   #2
whynotkeithberg
LQ Newbie
 
Registered: Nov 2013
Location: Murder Dubs... Oakland CA
Distribution: RHEL
Posts: 20

Rep: Reputation: Disabled
Auditd can but it has to be configured... I could be wrong but I don't believe there is anything that will track that by default. Obviously an lsof will list all files that are currently open by a user/process but nothing that tracks who opened what files by default.
 
Old 03-16-2017, 03:29 PM   #3
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,874
Blog Entries: 2

Rep: Reputation: 1314Reputation: 1314Reputation: 1314Reputation: 1314Reputation: 1314Reputation: 1314Reputation: 1314Reputation: 1314Reputation: 1314Reputation: 1314
CLI has a history, can tweak in ~/.bashrc
 
Old 03-16-2017, 03:34 PM   #4
whynotkeithberg
LQ Newbie
 
Registered: Nov 2013
Location: Murder Dubs... Oakland CA
Distribution: RHEL
Posts: 20

Rep: Reputation: Disabled
Quote:
Originally Posted by jamison20000e View Post
CLI has a history, can tweak in ~/.bashrc
That's true. However, that's not a file access history. It only shows files you accessed via the cli not a list of all files accessed. But that is something I should have thought about in my initial response. Files you accessed via a GUI application will not show up in the history list or files opened by a script you launch from the cli. It will only show files you directly specify in your command history.
 
Old 03-16-2017, 04:57 PM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177
File access logging produces such a flood of entries that it is basically useless in practice. Thousands of files might be opened and closed, each and every second.

Logic to update the "time last accessed" information is usually turned off for much the same reason: it simply causes too many disk writes that could be better spent doing useful things.
 
Old 03-16-2017, 05:16 PM   #6
JeremyBoden
Senior Member
 
Registered: Nov 2011
Location: London, UK
Distribution: Debian
Posts: 1,580

Rep: Reputation: 323Reputation: 323Reputation: 323Reputation: 323
You could obtain a list of all modified files in a specified period...
So you could get a list of all the files that have been amended in any significant way...
 
Old 03-16-2017, 08:57 PM   #7
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 19.1 MATE
Posts: 8,018
Blog Entries: 5

Rep: Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869Reputation: 2869
You need to tell us which desktop environment you are using. Gnome-based desktop environments, for example, normally keep a list of most recently accessed files (e.g. /.local/share/recently-used.xbel on my Mint 18.1 MATE system).

This might be of interest to you (read through the whole thing to get ideas before trying anything - the final solution will be specific to your setup):

https://alexcabal.com/disabling-gnom...he-better-way/

Be aware that applications themselves, including your file manager, very often keep most recently used lists - you may want to switch those off on a per-application basis.
 
1 members found this post helpful.
Old 03-17-2017, 01:30 AM   #8
JeremyBoden
Senior Member
 
Registered: Nov 2011
Location: London, UK
Distribution: Debian
Posts: 1,580

Rep: Reputation: 323Reputation: 323Reputation: 323Reputation: 323
The popular GUI file managers keep a cache of icons of displayed files,
but many or most files are simply used without any presentation to a GUI.

I have only 3,000 files in /etc - but I'm betting the majority are read-only (in normal use).
 
Old 03-17-2017, 11:14 AM   #9
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
even if you deleted such a history in a GUI, it can be figured out from the CLI since all files have three time stamps, Access, Modify and Change.

You can disable the updating of Access time stamps (via noatime & nodiratime mount options) but Modify and Change would still function if there were changes to the file or it were updated.

Just to note, these time stamps only indicate the when and not the who.
 
Old 03-17-2017, 12:23 PM   #10
JeremyBoden
Senior Member
 
Registered: Nov 2011
Location: London, UK
Distribution: Debian
Posts: 1,580

Rep: Reputation: 323Reputation: 323Reputation: 323Reputation: 323
Except that the access/modify/change time-stamps to read-only files are not normally updated, since that would require a wasted file update.
 
Old 03-17-2017, 12:44 PM   #11
!!!
Member
 
Registered: Jan 2017
Posts: 666

Rep: Reputation: 289Reputation: 289Reputation: 289
Welcome BACK! How's things been going over past 2.4years? IF AV Linux, try this search:
recently used files xcfe desktop
Wikipedia will tell you that linux more literally means kernel, seperate from each distribution's choice of DE, Desktop Environment.
 
Old 03-17-2017, 08:44 PM   #12
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
Quote:
Originally Posted by JeremyBoden View Post
Except that the access/modify/change time-stamps to read-only files are not normally updated, since that would require a wasted file update.
But how do you know the files in question are read-only, I see no such mention as such other than by yourself. The OP never specified what files they are talking about, it seems however they were probably on about ALL files, not just some files that might be read-only.
 
Old 03-19-2017, 06:56 AM   #13
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 3,980
Blog Entries: 1

Rep: Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843Reputation: 843
There's fam, file alteration monitor or some such. But it has to be installed and configured and running when files are altered. Or at least there used to be, maybe it got ate by systemd. In general about the only thing tracked without configuration is last access time, which can also be disabled (noatime). For linux, most everything is a file, to include devices, so tracking them would be a daunting task and probably not on by default for most distros. If you're paranoid, run something like puppy linux or tails that runs in ram. Or other read-only live distros. Or do fresh installs often and wipe your partitions clean, plus encrypted partitions for those devices that don't wipe easily.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] History utility error in Linux Mint 14; cannot delete history mintyninja41 Linux - Newbie 3 03-22-2013 07:36 AM
detect file deletion on an operating system and trace the file history or activity? lovsis Linux - Security 2 10-19-2010 09:52 AM
history clearance for a particular history number in linux sangupari Linux - Software 3 03-03-2010 04:08 AM
tcsh: can you save the history from multiple shells to one history file? BrianK General 2 04-23-2009 06:19 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration