I want to log file I / O on Linux

Thing you want to do

When a user connects a PC to a USB memory or SD card and puts in or takes out data I want to log. I also want to prevent users from dropping the monitoring process without permission.

Installation

Install inotify-tools

sudo apt-get install inotify-tools

Try out

qiita@ubuntu:~$ inotifywait -m .&

If the m option is not added, the command will end once it is output.

qiita@ubuntu:~$ ls
Desktop  Documents  Downloads  Music  
./ OPEN,ISDIR
./ ACCESS,ISDIR
./ CLOSE_NOWRITE,CLOSE,ISDIR
qiita@ubuntu:~$
qiita@ubuntu:~$

When I access the directory monitored by ls, something is displayed.

What about subdirectories

qiita@ubuntu:~$ mkdir hoge
./ CREATE,ISDIR hoge
qiita@ubuntu:~$ cd hoge
qiita@ubuntu:~/hoge$ ls
./ OPEN,ISDIR hoge
./ ACCESS,ISDIR hoge
./ ACCESS,ISDIR hoge
./ CLOSE_NOWRITE,CLOSE,ISDIR hoge
qiita@ubuntu:~/hoge$ mkdir hoge
qiita@ubuntu:~/hoge$ cd hoge
qiita@ubuntu:~/hoge/hoge$ ls
qiita@ubuntu:~/hoge/hoge$

Not monitored It seems that subdirectories are also monitored with the r option

qiita@ubuntu:~$ inotifywait -mr . &
[1] 2760
qiita@ubuntu:~$ Setting up watches.  Beware: since -r was given,
 this may take a while!
Watches established.

qiita@ubuntu:~$ cd hoge
qiita@ubuntu:~/hoge$ cd hoge
qiita@ubuntu:~/hoge/hoge$ ls
./hoge/ OPEN,ISDIR hoge
./hoge/hoge/ OPEN,ISDIR 
./hoge/ ACCESS,ISDIR hoge
./hoge/hoge/ ACCESS,ISDIR 
./hoge/ ACCESS,ISDIR hoge
./hoge/hoge/ ACCESS,ISDIR 
./hoge/ CLOSE_NOWRITE,CLOSE,ISDIR hoge
./hoge/hoge/ CLOSE_NOWRITE,CLOSE,ISDIR 
:%

By the way, I was running firefox while I was working,

.cache/mozilla/firefox/ It seems that writing is done from firefox under it, A lot of logs were being written out from notifywait. Even if I changed the user, the log was output when I accessed it.

What if I monitor the root directory?

qiita@ubuntu:~/hoge/hoge$ inotifywait -mr / &
[1] 2884
qiita@ubuntu:~/hoge/hoge$ Setting up watches.  
Beware: since -r was given, this may take a while!

qiita@ubuntu:~/hoge/hoge$ Failed to watch /; 
upper limit on inotify watches reached!
Please increase the amount of inotify watches allowed per user
 via `/proc/sys/fs/inotify/max_user_watches'.

A lot of directories seem to be useless.

Then?

Monitor under / dev and monitor USB memory mount Monitor read / write to mounted directories Did you achieve the required purpose? Is it a daemon?

Reference article

Monitor files and directories with inotify-tools [Linux] Execute arbitrary command when updating files using inotify wait

How to monitor storage connection

I wonder if I should monitor under / dev ...

Recommended Posts

I want to log file I / O on Linux

I want to use OpenJDK 11 on Ubuntu Linux 18.04 LTS / 18.10

I want to know how LINUX works!

I want to develop Android apps on Android

I want to do pyenv + pipenv on Windows

I want to write to a file with Python

Log when I was worried that I could not connect to Wi-Fi on Linux

I want to drop a file on tkinter and get its path [Tkinter DnD2]

I want to realize something like AutoHotkey with AutoKey on Ubuntu (Kali Linux)

I want to be notified when the command operation is completed on linux!

I want to see the file name from DataLoader

I want to find a popular package on PyPi

I want to randomly sample a file in Python

I want to AWS Lambda with Python on Mac!

I want to restart CentOS 8 on time every day.

I want to do Wake On LAN fully automatically

I want to solve Sudoku (Sudoku)

I tried to reintroduce Linux

I want to disable interrupts on Raspberry Pi (≒ DI / EI)

I want to announce my graduation thesis on IPython Notebook

[Django] I want to log in automatically after new registration

[AWS EC2] Settings you want to do on Amazon Linux 2

When you want to use python2.x on modern Gentoo Linux

How to create an ISO file (CD image) on Linux

Easy copy to clipboard on Linux

I want to understand systemd roughly

How to install VMware-Tools on Linux

[Linux] I installed CentOS on VirtualBox

I want to scrape images to learn

I want to do ○○ with Pandas

I want to copy yolo annotations

I want to debug with Python

I installed Linux on my Mac

I want to record the execution time and keep a log.

[Linux] I want to know the date when the user logged in

A note I was addicted to when making a beep on Linux

I want to know if you install Python on Mac ・ Iroha

I want to hack Robomaster S1 ① Rooting and file configuration check

How to check and change Linux permissions (permissions) (chmod) (I want to be saved from Permiss on denied)

I want to pin Spyder to the taskbar

I want to output to the console coolly

I created an SFTP-only user on Linux.

How to install aws-session-manager-plugin on Manajro Linux

I want to tweet on Twitter with Python, but I'm addicted to it

I want to print in a comprehension

I want to scrape them all together.

I want to handle the rhyme part1

I want to handle the rhyme part3

I want to use jar from python

How to update php on Amazon linux 2

I want to analyze logs with Python

How to display emoji on Manjaro Linux

I was addicted to Flask on dotCloud

I want to play with aws with python

Upgraded mysql on Cloud9 (Amazon Linux) (5.5 to 5,7)

How to install packages on Alpine Linux

5 reasons to install Linux on your laptop.

How to install Anisble on Amazon Linux 2

I want to use IPython Qt Console

How to update security on CentOS Linux 8

I want to make an automation program!