Comments on How to trigger commands on File/Directory changes with Incron on Debian 8

This guide shows how you can install and use incron on a Debian 8 (Jessie) system. Incron is similar to cron, but instead of running commands based on time, it can trigger commands when file or directory events occur (e.g. a file modification, changes of permissions, etc.).

3 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: dostekhob
Reply  

Hello

Thank you very much for this article

that was perfect

By: LinuxUser
Reply  

Can you provide an example of monitoring a folder (and/or) a file to thwart any ransomware type programs?

I envisage creating a folder called "1" or "a" which contains a file called "1" or "a" and maybe some other dummy documents as a mean to delay any ransomware attempt to encrypt my system.

I'm not good with scripting but could I do something like

incrontab -e

/1 IN_ALL_EVENTS /home/user/shutdown.sh

/1/1 IN_ALL_EVENTS  /home/user/shutdown.sh

 

The shutdown.sh script would include a message saying "Possible ransomware .. boot with live DVD/USB to check"

 

Thanks

By: Jonathan
Reply  

The frustrating thing I've found with incron/inotify is that at least some events (like IN_CLOSE_WRITE) trigger multiple times for the same file. So you have to take steps to prevent your command from running multiple times. That's not insoluble of course (sleeps, lock files etc.) but it's annoying.