| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Jul 2010 01:32:08 -0700 From: coderman <coderman@...il.com> To: supercodeing35271 supercodeing35271 <supercodeing35271@...il.com> Cc: Full-Disclosure@...ts.grok.org.uk Subject: Re: About the inotify Mechanism in LINUX On Wed, Jul 7, 2010 at 12:42 AM, supercodeing35271 supercodeing35271 <supercodeing35271@...il.com> wrote: > I am now thinking on monitor the filesystem in linux, for this reason > the inotify is a good way.But the problem is that what i want to do is > not only monitor but a handle.This situation is like that a file in > system has been changed unusually,now the inotity could tell me this > but i want to intercept the change before the file been changed. inotify + FUSE [1], or if you must intercept over existing file systems kernel audit / security hooks. increase your nfile limits in /etc/security/limits.conf, if needed depending on num dirs watched. echo ' * soft nofile 262140 * hard nofile 262140 ' >> /etc/security/limits.conf also echo large into /proc/sys/fs/inotify/max_user_instances accordingly. echo 262140 > /proc/sys/fs/inotify/max_user_instances or set in sysctl at init. logout/login, maybe reboot (for services). ymmv. 1. FUSE http://sourceforge.net/projects/fuse/files/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists