What is the canonical way to monitor accesses to a file?
You may want to take a look at 'fam,' in /usr/ports/devel/fam , as some
of the code's already been done for this type of monitoring AFAIK...
Yes, that is a nice framework to start with. It uses help from
the kernel (imon pseudo device
A file, let's say, /path/to/a/file, is being modified by
an unknown process P(u) at random times. Unfortunately,
the name of the program ran by P(u) is unknown.
I'd think the failsafe way to approach this is with a wrapper so that when
process P accesses file F it's really
What is the canonical way to monitor accesses to a file?
Problem description:
A file, let's say, /path/to/a/file, is being modified by
an unknown process P(u) at random times. Unfortunately,
the name of the program ran by P(u) is unknown.
The goal
A file, let's say, /path/to/a/file, is being modified by
an unknown process P(u) at random times. Unfortunately,
the name of the program ran by P(u) is unknown.
Have you tried moving the file elsewhere and seeing if anyone
complains about the absence?
No, P(u) obviously fails
On Sun, Nov 23, 2003 at 11:17:57AM +0100, Cordula's Web wrote:
A file, let's say, /path/to/a/file, is being modified by
an unknown process P(u) at random times. Unfortunately,
the name of the program ran by P(u) is unknown.
Have you tried moving the file elsewhere and seeing
A file, let's say, /path/to/a/file, is being modified by
an unknown process P(u) at random times. Unfortunately,
the name of the program ran by P(u) is unknown.
Not a lock as such, but:
# chflags schg /path/to/a/file
should achieve the effect you desire. Although this
Cordula's Web [EMAIL PROTECTED] writes:
I've finally found the culprit with a traditional method:
* md5 (binary from an uncompromised machine) on all files
* reinstalling from scratch (not buildworld, but really
installing from FTP)
* md5 again and diff.
[snip]
Ugh... system
I've finally found the culprit with a traditional method:
* md5 (binary from an uncompromised machine) on all files
* reinstalling from scratch (not buildworld, but really
installing from FTP)
* md5 again and diff.
[snip]
Ugh... system clean again at last. :)
You
Cordula's Web wrote:
Hello list,
maybe someone knows the answer for the following problem already?
Summary:
What is the canonical way to monitor accesses to a file?
Problem description:
A file, let's say, /path/to/a/file, is being modified by
an unknown process
At 05:58 PM 11/22/2003, Cordula's Web wrote:
A file, let's say, /path/to/a/file, is being modified by
an unknown process P(u) at random times. Unfortunately,
the name of the program ran by P(u) is unknown.
Being a newbie I'm going against my better judgement by offering my
thoughts. The
On Saturday, 22 November 2003 at 23:58:10 +0100, Cordula's Web wrote:
Hello list,
maybe someone knows the answer for the following problem already?
Summary:
What is the canonical way to monitor accesses to a file?
Problem description:
A file, let's
Problem description:
A file, let's say, /path/to/a/file, is being modified by
an unknown process P(u) at random times. Unfortunately,
the name of the program ran by P(u) is unknown.
The goal is to catch P(u) red-handed, just the moment
it accesses
12 matches
Mail list logo
