[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Jul 2010 01:32:08 -0700
From: coderman <coderman@...il.com>
To: supercodeing35271 supercodeing35271 <supercodeing35271@...il.com>
Cc: Full-Disclosure@...ts.grok.org.uk
Subject: Re: About the inotify Mechanism in LINUX
On Wed, Jul 7, 2010 at 12:42 AM, supercodeing35271 supercodeing35271
<supercodeing35271@...il.com> wrote:
> I am now thinking on monitor the filesystem in linux, for this reason
> the inotify is a good way.But the problem is that what i want to do is
> not only monitor but a handle.This situation is like that a file in
> system has been changed unusually,now the inotity could tell me this
> but i want to intercept the change before the file been changed.
inotify + FUSE [1], or if you must intercept over existing file
systems kernel audit / security hooks.
increase your nfile limits in /etc/security/limits.conf, if needed
depending on num dirs watched.
echo '
* soft nofile 262140
* hard nofile 262140
' >> /etc/security/limits.conf
also echo large into /proc/sys/fs/inotify/max_user_instances accordingly.
echo 262140 > /proc/sys/fs/inotify/max_user_instances or set in sysctl at init.
logout/login, maybe reboot (for services). ymmv.
1. FUSE
http://sourceforge.net/projects/fuse/files/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists