Monitoring file access for security purposes (fuser?)
Posted on 1999-01-28
We have gotten wind of a potential 'mole' within the company who (we think) is rooting around in everyone's home directories (including Uniplex/ascii documents) and we want to get evidence of this. I was intending setting up a small script to continually monitor all files in a directory waiting for one to report it was being used by 'fuser' then cut the user part out of the response to show who was accessing the file and when. Trouble is, 'fuser' doesn't seem to be triggered off on a text/uniplex file with any of 'vi', 'cat', or 'view' so the 'fuser' never shows up as the file being used... is there a better way to record the info I'm after - I'm unaware of any arguments on fuser apart from 'k' and 'u' and they're not going to help. Would I be better off doing a pseudo-vi (and cat and view) that calls the real ones, yet records who, what and when?