> tripwire! > > Seriously... Linux/unix doesn't have any 'registry'.. Everything is in > files.. Any intrusion detection system will report on file changes.. Or > just write your own little utility. Do an ftw (file tree walk) and stat > each file/directory. Save the data, and do it again.. then compare.
I keep thinking about a tool that could do this. dump, tar, and rsync can detect changes in a filesystem so they can do incremental backups. A few days ago, I was manually keeping two file systems in sync by using rsync every few hours. It was enlightening to see what files had changed the course for 24 hours on a busy machine. I think I did something similar to rysnc -arPv <original> <new file system> (arPv is archive, recursive, resume, verbose) Here is an idea: If you have the disk space, rsync the file system that you want to monitor to another disk (or mountpoint). Then, make your changes, and run rsync -arPvn <modified file system> <original file system> and you can see what files changed. The -n parameter will just do a dry run, no files will be synced. You'll be able to see what files changed. Perhaps some people with more rsync foo than I can add on to my idea? Mark _______________________________________________ RLUG mailing list [EMAIL PROTECTED] http://www.rlug.org/mailman/listinfo/rlug
