Alert when z file on linux server has been changed by x user

Question

Alert when z file on linux server has been changed by x user.
#/bin/sh
old_time=`stat -c %z /var/spool/cron/root` 
  if [[ "$new_time" != "$old_time" ]]; 
    then 
      echo -e "Changes has been made in Cron file" | mail -s "Modification alert" abhinav.dixit@xyz.com 
    echo -e "$old_time" 
    echo -e "$new_time" 
  else 
    echo "no change" 
 fi

Actually i want to track the user who make any change in z file where z file is accessed by n number of users. I am trying with above script atleast to get an alert when z file is changed. I have no idea how to track which user has changed it.

score 1 · Answer 1 · edited May 23 '17 at 10:25

1

The inotifywait utility supplied with inotify-tools will help you capture the event without polling:

while inotifywait -e modify /var/spool/cron/root; do

done

SO: inotify - how to find out which user has modified file? suggests using the audit daemon to track file modifications by user.

edited May 23 '17 at 10:25

Community

1
1

answered Sep 25 '13 at 20:36

James Allman

40,573
11
57
70

Alert when z file on linux server has been changed by x user

1 Answers1