Re: Monitoring copy file security

To: debian-user@lists.debian.org
Subject: Re: Monitoring copy file security
From: Roberto C. Sánchez <roberto@debian.org>
Date: Mon, 13 Aug 2018 14:59:48 -0400
Message-id: <[🔎] 20180813185948.bvuwk3ipirf5742l@santiago.connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] CAMmziWcK+krHmxQop9iYfHWFrwvCV5K7razEnbYpbxgA+fAU=w@mail.gmail.com>
References: <[🔎] CAMmziWcK+krHmxQop9iYfHWFrwvCV5K7razEnbYpbxgA+fAU=w@mail.gmail.com>

On Mon, Aug 13, 2018 at 08:52:35PM +0200, Ilyass Kaouam wrote:
>    Hi,
>    I have a database server in which I save the database (dump)
>    let say /home/backup directory.
>    I would like to monitor this directory and find out if anyone is doing a
>    cp or mv or.....
>    Any idea?
>    Thank you very much 

The best tool I have found for this sort of thing is incron.  In my case
I have a requirement that published build artifacts not be accidentally
removed, replaced, etc.  To ensure that, I have incron monitor the
directory where publish mechanism deposits the artifacts and when incron
detects that a file is closed at the conclusion of writing (i.e., when
the copy operation is completed), it changes the permissions to 444 and
sets the immutable attribute.

It sounds like you could do something similar to notify when something
interesting happens or it could even take action.

Incidentally, it has been some time but I recall making an attempt to
use inotify-tools first for my particular solution.  However, it did not
work in the way that I needed it to so I went with incron instead.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Reply to:

References:
- Monitoring copy file security
  - From: Ilyass Kaouam <ilyassikai@gmail.com>

Prev by Date: Re: Monitoring copy file security
Next by Date: Re: Monitoring copy file security
Previous by thread: Re: Monitoring copy file security
Next by thread: Re: Monitoring copy file security
Index(es):
- Date
- Thread