[Aide] Questions

[Bowie Bailey]

On 8/15/2016 4:15 PM, Manav Nagla wrote:
>
> 1) Can I get alerts when the file is read by other user ?

Maybe.  By default, linux filesystems only update the access time under 
certain circumstances (see the mount option "relatime").  You may be 
able to get consistent updates with the "strictatime" option, but that 
will have a performance impact on the filesystem.

> 2) Can I get alerts when the file is copied ?

Copying the file should also update the atime (see above).  Aide might 
also give you notice of the new file if it is set up to monitor the 
directory it was copied to.

> 3) Can I get alerts when the file is modified ?

Yes.

> 4) How can I set monitoring capabilities around only 1 file ?

Specify the one file in the config file and exclude everything else.

> 5) Will this tool help me to perform all such actions I'm thinking of ?

Maybe, but you are better off putting strict access controls on the 
file.  The simplest option is to have your script run as a particular 
user that is not used for anything else.  You can then chown the file to 
that user and set permissions so that only the owner can read it.

-- 
Bowie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.cs.tut.fi/pipermail/aide/attachments/20160816/0732407e/attachment.html>