On 8/15/2016 4:15 PM, Manav Nagla wrote:
1) Can I get alerts when the file is read by other user ?
Maybe. By default, linux filesystems only update the access time under certain circumstances (see the mount option "relatime"). You may be able to get consistent updates with the "strictatime" option, but that will have a performance impact on the filesystem.
2) Can I get alerts when the file is copied ?
Copying the file should also update the atime (see above). Aide might also give you notice of the new file if it is set up to monitor the directory it was copied to.
3) Can I get alerts when the file is modified ?
Yes.
4) How can I set monitoring capabilities around only 1 file ?
Specify the one file in the config file and exclude everything else.
5) Will this tool help me to perform all such actions I'm thinking of ?
Maybe, but you are better off putting strict access controls on the file. The simplest option is to have your script run as a particular user that is not used for anything else. You can then chown the file to that user and set permissions so that only the owner can read it.
-- Bowie
_______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
