lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 07 Jul 2010 10:17:25 +0200
From: Guillaume Friloux <guillaume.friloux@...64.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: About the inotify Mechanism in LINUX

  from man inotify :
            IN_ACCESS         File was accessed (read) (*).
            IN_ATTRIB         Metadata changed, e.g., permissions,  
timestamps,
                              extended  attributes,  link  count  
(since  Linux
                              2.6.25), UID, GID, etc. (*).
            IN_CLOSE_WRITE    File opened for writing was closed (*).
            IN_CLOSE_NOWRITE  File not opened for writing was closed (*).
            IN_CREATE         File/directory created in watched 
directory (*).
            IN_DELETE         File/directory  deleted  from  watched  
directory
                              (*).
            IN_DELETE_SELF    Watched file/directory was itself deleted.
            IN_MODIFY         File was modified (*).
            IN_MOVE_SELF      Watched file/directory was itself moved.
            IN_MOVED_FROM     File moved out of watched directory (*).
            IN_MOVED_TO       File moved into watched directory (*).
            IN_OPEN           File was opened (*).

So you cant prevent a file to be changed, cause you will only be warned 
AFTER.

Maybe you should have a look to Dazuko : 
http://dazuko.dnsalias.org/wiki/index.php/Main_Page

On 07/07/2010 09:42, supercodeing35271 supercodeing35271 wrote:
> I am now thinking on monitor the filesystem in linux, for this reason
> the inotify is a good way.But the problem is that what i want to do is
> not only monitor but a handle.This situation is like that a file in
> system has been changed unusually,now the inotity could tell me this
> but i want to intercept the change before the file been changed.
> So does anyone could give me a help on HOWTO?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ