Re: Monitoring copy file security
On Mon, Aug 13, 2018 at 08:52:35PM +0200, Ilyass Kaouam wrote:
> I have a database server in which I save the database (dump)
> let say /home/backup directory.
> I would like to monitor this directory and find out if anyone is doing a
> cp or mv or.....
> Any idea?
> Thank you very much
The best tool I have found for this sort of thing is incron. In my case
I have a requirement that published build artifacts not be accidentally
removed, replaced, etc. To ensure that, I have incron monitor the
directory where publish mechanism deposits the artifacts and when incron
detects that a file is closed at the conclusion of writing (i.e., when
the copy operation is completed), it changes the permissions to 444 and
sets the immutable attribute.
It sounds like you could do something similar to notify when something
interesting happens or it could even take action.
Incidentally, it has been some time but I recall making an attempt to
use inotify-tools first for my particular solution. However, it did not
work in the way that I needed it to so I went with incron instead.
Roberto C. Sánchez