Full Disclosure mailing list archives
Re: About the inotify Mechanism in LINUX
From: coderman <coderman () gmail com>
Date: Wed, 7 Jul 2010 01:32:08 -0700
On Wed, Jul 7, 2010 at 12:42 AM, supercodeing35271 supercodeing35271 <supercodeing35271 () gmail com> wrote:
I am now thinking on monitor the filesystem in linux, for this reason the inotify is a good way.But the problem is that what i want to do is not only monitor but a handle.This situation is like that a file in system has been changed unusually,now the inotity could tell me this but i want to intercept the change before the file been changed.
inotify + FUSE [1], or if you must intercept over existing file systems kernel audit / security hooks. increase your nfile limits in /etc/security/limits.conf, if needed depending on num dirs watched. echo ' * soft nofile 262140 * hard nofile 262140 ' >> /etc/security/limits.conf also echo large into /proc/sys/fs/inotify/max_user_instances accordingly. echo 262140 > /proc/sys/fs/inotify/max_user_instances or set in sysctl at init. logout/login, maybe reboot (for services). ymmv. 1. FUSE http://sourceforge.net/projects/fuse/files/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- About the inotify Mechanism in LINUX supercodeing35271 supercodeing35271 (Jul 07)
- Re: About the inotify Mechanism in LINUX coderman (Jul 07)
- Re: About the inotify Mechanism in LINUX Valdis . Kletnieks (Jul 07)
- Re: About the inotify Mechanism in LINUX Gregory Bellier (Jul 07)
- Re: About the inotify Mechanism in LINUX Valdis . Kletnieks (Jul 07)
- Re: About the inotify Mechanism in LINUX Gregory Bellier (Jul 08)
- Re: About the inotify Mechanism in LINUX Gregory Bellier (Jul 07)
- Re: About the inotify Mechanism in LINUX Guillaume Friloux (Jul 07)