Shulou(Shulou.com)06/01 Report--

There is a command inotifywait under linux, which can record the access to files and directories. This command does not exist in the default system and needs to be installed. Inotifywait is a tool that can monitor file changes in real time when the kernel version is higher than 2.6.13. It uses the inotify mechanism in the linux kernel to achieve the monitoring function. In kernel versions higher than 2.6.13, it is said that no software installation package is needed. OK, let's start the experience of inotify: [root@World77 ~] # uname-aLinux World77 2.6.32-042stab068.8 # 1 SMP Fri Dec 7 17:06:14 MSK 2012 i686 i686 i386 GNU/Linux my kernel version is relatively high, but unfortunately I can't install it with yum. I'm always depressed. It may be my yum source. Anyway, download the source code to install it, anyway. After downloading http://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz, unzip it and then: configuration, make make install, everything is fine. With excitement, I knocked down inotifywait 1: [root@World77 ~] # inotifywait-m / root 2: inotifywait: error while loading shared libraries: libinotifytools.so.0: cannot open shared object file: No such file or directory unexpectedly reported a mistake, and there was a problem. I looked for a problem with the seemingly library file. I remember seeing this problem there, but it was very tangled to see this kind of problem. Later, I didn't know that I saw a universal solution to this problem from that senior's blog. Let's take a look at how I solve this problem. Haha, don't spray old birds. 1: [root@World77 ~] # find /-name libinotifytools.so.0 2: / usr/local/lib/libinotifytools.so.0 3: / root/inotify-tools-3.14/libinotifytools/src/.libs/libinotifytools.so.0 4: [root@World77 ~] # cp / root/inotify-tools-3.14/libinotifytools/src/.libs/libinoti Fytools.so.0 / usr/lib 5: [root@World77 ~] # cp / root/inotify-tools-3.14/libinotifytools/src/.libs/libinoti fytools.so.0 / usr/local/lib/ 6: cp: overwrite `/ usr/local/lib/libinotifytools.so.0'? Find the library file in the source folder and overwrite it. Haha, it is really an omnipotent method, but this vps is used by me to practice. The so-called omnipotent method, there is a hole can not adapt to you, especially in the production machine, be careful, weak things, I am not responsible. All right, let's take a look at the actual effect 1: [root@World77 ~] # inotifywait-rm / root 2: Setting up watches. Beware: since-r was given, this may take a while! 3: Watches established. 4: / root/ OPEN .bash _ profile 5: / root/ ACCESS .bash _ profile 6: / root/ CLOSE_NOWRITE,CLOSE .bash _ profile 7: / root/ OPEN .bashrc 8: / root/ ACCESS .bashrc 9: / root/ CLOSE_NOWRITE,CLOSE .bashrc 10: / root/ OPEN .bash _ history 11: / root/ ACCESS .bash _ history 12: / root/ CLOSE_NOWRITE CLOSE .bash _ history 13: / root/ OPEN .bash _ history 14: / root/ ACCESS .bash _ history 15: / root/ CLOSE_NOWRITE,CLOSE .bash _ history 16: / root/ OPEN,ISDIR 17: / root/ CLOSE_NOWRITE,CLOSE,ISDIR 18: / root/ OPEN,ISDIR 19: / root/ CLOSE_NOWRITE,CLOSE,ISDIR 20: / root/ OPEN,ISDIR meinv 21: / root/meinv/ OPEN,ISDIR 22: / root/ CLOSE_NOWRITE,CLOSE ISDIR meinv 23: / root/meinv/ CLOSE_NOWRITE,CLOSE,ISDIR 24: / root/ OPEN safe.sh 25: / root/ ACCESS safe.sh 26: / root/ MODIFY BlackIP.txt 27: / root/ OPEN BlackIP.txt 28: / root/ MODIFY BlackIP.txt 29: / root/ CLOSE_WRITE,CLOSE BlackIP.txt 30: / root/ ACCESS safe.sh 31: / root/ OPEN BlackIP.txt the above effect is when I open another putty to log in to the server The monitoring effect displayed in a terminal, , was really good, and immediately began to get excited, . The-m option in the inotifywait command indicates monitor, which turns on monitoring. The-r option indicates recursive monitoring, such as monitoring the entire / root directory above, and it can also be observed if files are modified under subdirectories. You can also use the-e option to specify the "events" to be monitored. For example: 1: inotifywait-rme modify,attrib,move,close_write,create,delete,delete_self > / root/test.txt if you do not add the parameter-e, the default is to monitor all events. When operating and maintaining the server, this tool can help you monitor important configuration files and important directories on the server. Haha, how is it? powerful? If you are interested, do not experiment quickly. We will introduce more advanced applications in the future. How to record the monitoring records to the database is the next series. Please look forward to it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.