Using audit as extended inotify
I want to monitor file and directory creation, modification, and deletion
on some large subtrees (/etc/, /usr/share/, and ~/.config/). And I want the
name of the executable that caused the event. The purpose will be to
facilitate cruft detection and removal.
Can audit do this? Will using it to do this with such large subtrees become
a performance issue?
Attachments:
- attachment.html (text/html — 402 bytes)