Hello! Some time ago I wrote a kernel module that lets you monitor filesystem alterations by simply typing $ cat /dev/fsysmon It's original purpose was to be part of a Full Text Search System that's always up to date but nevertheless it's quite useful on it's own. How does it work? Once loaded, the module continuously writes modification logs to /dev/fsysmon, a character device that supports (non)blocking reading. The module uses the hooks of the LSM (Linux Security Modules) Framework to be able to react on every filesystem modification. With filesystem I mean _every_ real filesystem (except the pseudo ones). Contrary to similar projects like inotify, dnotify, etc there is no patching of the kernel required, it's sufficient if CONFIG_SECURITY=y is set. More information can be found in the README file. http://www.logic.at/staff/robinson/fsysmon-0.2.tar.gz Maybe someone has some use for it! Regards, Peter -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
