Full Disclosure mailing list archives

Re: About the inotify Mechanism in LINUX

From: coderman <coderman () gmail com>
Date: Wed, 7 Jul 2010 01:32:08 -0700

On Wed, Jul 7, 2010 at 12:42 AM, supercodeing35271 supercodeing35271
<supercodeing35271 () gmail com> wrote:

I am now thinking on monitor the filesystem in linux, for this reason
the inotify is a good way.But the problem is that what i want to do is
not only monitor but a handle.This situation is like that a file in
system has been changed unusually,now the inotity could tell me this
but i want to intercept the change before the file been changed.


inotify + FUSE [1], or if you must intercept over existing file
systems kernel audit / security hooks.

increase your nfile limits in /etc/security/limits.conf, if needed
depending on num dirs watched.
echo '
*               soft    nofile          262140
*               hard    nofile          262140
' >> /etc/security/limits.conf

also echo large into /proc/sys/fs/inotify/max_user_instances accordingly.
echo 262140 > /proc/sys/fs/inotify/max_user_instances or set in sysctl at init.

logout/login, maybe reboot (for services). ymmv.


1. FUSE
http://sourceforge.net/projects/fuse/files/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

About the inotify Mechanism in LINUX supercodeing35271 supercodeing35271 (Jul 07)
- Re: About the inotify Mechanism in LINUX coderman (Jul 07)
- Re: About the inotify Mechanism in LINUX Valdis . Kletnieks (Jul 07)
  - Re: About the inotify Mechanism in LINUX Gregory Bellier (Jul 07)
    - Re: About the inotify Mechanism in LINUX Valdis . Kletnieks (Jul 07)
    - Re: About the inotify Mechanism in LINUX Gregory Bellier (Jul 08)
- Re: About the inotify Mechanism in LINUX Guillaume Friloux (Jul 07)