Jack Wallen shows you how to install and use the directory monitor tool, fswatch.
With each passing day, it seems we are more and more likely to suffer from data theft. To that end, we do everything in our powers to prevent such an event. We pay exorbitant prices for a secure network pipe, spend long hours constantly configuring and updating our servers, and so much more. And yet, our data is still vulnerable.
That's why most admins go out of their way to monitor that precious cargo. Any tool you can find to monitor files and directories is a must-have. One such tool is fswatch. The fswatch application is a free, open-source cross-platform monitor that checks for changes in files and sends notifications (to standard output) when the contents of those watched files are altered.
SEE: Information security policy template download (Tech Pro Research)
Fswatch is somewhat basic in its functionality, but that also helps make it useful and easy for admins to monitor crucial directories that hold configurations for server systems or user data. When something changes in those directories, fswatch lets you know. Fswatch is available for Linux, macOS, Solaris, and Windows.
I'm going to walk you through the process of installing and running fswatch on the Ubuntu Server 18.04 platform.
What you need
The only things you need are a running instance of Ubuntu Server 18.04, a user with sudo privileges, a directory to watch, and (optional) a bit of creativity. If your platform of choice is not Linux, you need to modify the installation instructions to suit your needs.
The first thing to do is install fswatch. Fortunately, fswatch can be found in the standard Ubuntu repository, so the installation is just a matter of running the command:
sudo apt-get install fswatch -y
Once that installation finishes, you're ready to start using fswatch.
Using fswatch is quite simple. Secure shell into the same server from two different terminal windows. In the first terminal create a test directory with the command mkdir TEST and then issue the command fswatch TEST. From the second terminal window, change into the TEST directory (with the command cd TEST) and then issue the command touch testing. Back in the first terminal, fswatch will print out a notification for the newly created file (Figure A).
Back in the second terminal, open testing for editing with the command nano testing. Add some text to that file and then save/close it. fswatch will immediately report that testing has been opened for editing by appending an .swp at the end (Figure B).
To cancel the fswatch command, type the [Ctrl]+[c] key combination, and you'll be given back your prompt.
If you don't want to see those reports in real time, you can set a latency, which will cause fwatch to poll the directory for changes every X seconds. Say you want to only poll the directory every 10 seconds, that command would be:
fswatch -l 10 TEST
You can also have fswatch print a timestamp for an event with the command:
fswatch --timestamp TEST
The above command will print out a timestamp along with every event (Figure C).
If you don't want to watch the terminal window for events, you can always output the information it prints to a file, like so:
fswatch --timestamp TEST > fswatch_output
If you want your command prompt returned to you, append the & character like so:
fswatch --timestamp TEST > fswatch_output &
You will be given a PID number (Figure D) for the running fswatch command. You'll need that number to kill the command (otherwise it will continue running in the background, collecting data in fswatch_output).
To kill fswatch, issue the command:
Where PID is the number reported after running the fswatch command.
And that's how you can easily monitor a directory for changes with fswatch.
Because we're working with Linux, you can use fswatch to get as creative as needed. Use fswatch in batch scripts, regular expressions, pipes, and more. But no matter how you use fswatch, it can keep you apprised on when something is amiss in your directories.
- How to install the OpenVAS security audit tool on Ubuntu Server 18.04 (TechRepublic)
- How to increase Linux security by disabling USB support (TechRepublic)
- How to re-add yourself to the sudo security group (TechRepublic)
- How to harden MySQL security with a single command (TechRepublic)
- All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix (ZDNet)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)