SUMMARY: How to monitor (by a daemon) activities on a file or folder

Date: Wed Jan 27 1999 - 09:19:29 CST

The Original Question:
how to monitor activities on a file or folder of a given path?
(Under Solaris) For a file or folder on a given path, is it possible to set up a daemon to monitor activities on the file or folder? Say, a file is modified,or a new file is created, ... If so, how?

Each of the following can be a solution:

1. Install Tripwire from Purdue University. The initial run creates a
database of file "signatures", subsequent runs can update the database or
report against it. It's available from

2. Install lsof from

3. Install Security products from Axcent or Platinum/Memco.
AutoSecure 3.1.1 is for Solaris 2.5.1 and Autosecure 4.0 is for Solaris 2.6
from Platinum. The AutoSecure product has a watchdog daemon to monitor any file.
Better is the access rules to stop root or anyone from modifying files that
you wish to stay untouched. (Seems this is not a freeware)

4. By following script and a "daemon maker"
   while true
     if [[ -f /a/file ]] or something like that
     sleep 10

   Use submit to submit above shell script. submit make it a daemon.
   submit can be obtained from the URL in my signature.
unix programs: niftp (non-interactive recursive ftp), hide (hide command args),
submit (replace nohup), etc from

5. (building your own code) C & Perl reference book:
Advanced Unix Programming, by Marc J Rochkind, Prentice Hall Software
Series, 1985, ISBN 0-13-011800-1
An oldie, but it contains all you need to know. Alternatively, read the
Rochkind book and write it in Perl.

Thanks to
Michael Wang <>
Colin Melville <>
Chad Price <>
Alan orndorff <>
sandesh <>
Nick Hindley" <>
Horatio Jones <>
Dennis Martens <>

Yuming Huang

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:14 CDT