You are not logged in.
Pages: 1
hi,
do you know if the way exists, on a system Linux, of log all process and relative modified files?
thankyou
Offline
Your question is kind of fuzzy... What do you want? An IDS?
Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy
Offline
may be
for example:
process#1, begin-time, end-time, file read=a.b, write=c
process#2, ................................................................
..
Offline
Here is something to get you started:
ps -Ao pid,comm,lstart | sed '1d'
ps can't do end time of course, you have to write a script that loops and checks if any pids-commands are gone. (maybe there is a more efficient way)
I couldn't find opened files in ps, but lsof can do that. Look into man lsof, it's quite complex though.
Offline
Pages: 1