A tamper detection script that monitors target files for changes or access.
- Checks system for inotify-tools package.
- If not installed, installs inotify-tools.
- If installed, proceeds with script and starts "watching" for changes to target files.
- In another window, run tail -r marmotscream.txt to view changes in real time.
Changes will be shown in marmotscream.txt as "File Name", "User" and date/time.
To manually install:
Ubuntu: sudo apt-get inotify-tools
CentOS 7: sudo yum inotify-tools
Fedora 21: sudo dnf inotify-tools
inotify is incorporated into the Linux kernel 2.16.3 and beyond.