This command allows you to watch a file for changes.

vor 3 Jahren · 04a80c11f3
--- a/watch_file_for_changes_auditctl.sh
+++ b/watch_file_for_changes_auditctl.sh
@@ -0,0 +1,9 @@
 # Add a watch to the /etc/hosts file watching for (-p) reads, writes, executions,
 # and appends named (-k) hosts-file which can be uniquely used to identify the
 # audit records produced by this rule. Check the /var/log/audit/audit.log file
 # for matching events.
 sudo auditctl -w /etc/hosts -p rwxa -k hosts-file

 # To remove the rule later change the -w to -W with the rest of the command being
 # the same. If you want to list all rules auditctl -l will show you all rules
 # currently loaded.