Logging changes to file change/modify attributes

Question

System is Centos8

I need to determine what process is touching a file without making any changes in content. I've tried auditctl but it does not seem to have a filesystem watch that can track these attributes.

sudo auditctl -w /boot/grub2/grubenv -p a -k GRUBENV

but this does not capture timestamp changes.

Is there a way to log changes to file modify/change timestamps that do not alter anything else about the file?

score 1 · Accepted Answer · answered Jan 02 '20 at 18:31

1

Timestamp change is more like write operation. So the command should look like:

sudo auditctl -w /boot/grub2/grubenv -p wa -k GRUBENV

answered Jan 02 '20 at 18:31

Romeo Ninov

6,677

Logging changes to file change/modify attributes

1 Answers1