Linux: find out which PID changed my file

# Install auditd
```bash
sudo apt install auditd
```

# Watch file
```bash
sudo auditctl -w ~/.recently-used -p w -k asdf
# -w watch /etc/hosts
# -p rwxa watch for write, attribute change, execute or read events
# -k "asdf" is a search key.
```
# Do some testing
# Search result
```bash
sudo ausearch -f ~/.recently-used | less
sudo ausearch -f ~/.recently-used | grep 'asdf' | grep ' pid='
ps -ef | grep 123456
```

# List audit rules
```bash
sudo auditctl -l
```
# Remove audit rule
```bash
sudo auditctl -W ~/.recently-used -p w -k asdf
sudo auditctl -l
```
*It is KeePass!*

评论

发表评论

此博客中的热门博文

Windows下ShadowSocks客户端安装和配置 顺带KCP

最近连续4台Windows要安装SS. 必须得总结一下流程了. 必备条件 ------ 有已翻墙的机子, 可以下载翻墙专用软件. 这是先有鸡还是先有蛋的问题. 你们可以像松鼠那样, 在网站各处储藏坚果并分享出来, 让百度永远封不尽. 就像1024. (程序员还可以压缩软件改文件指纹以防秒删, 放原始文件的校验码以对证原始程序的完整性和可信性)  陷入无法翻墙的死循环? 可以下载Resilio Sync, 同步编程随想的翻墙工具文件夹, 总有一款能出墙: key: BTLZ4A4UD3PEWKPLLWEOKH3W7OQJKFPLG [参见](https://program-think.blogspot.com/2015/01/BitTorrent-Sync.html). 安装SS客户端 ------ - 下载SS客户端: [下载地址](https://github.com/shadowsocks/shadowsocks-windows/releases) Windows: 下载zip格式的. - 解压到合适的文件夹下. `exe`运行后旁边会自动生成配置文件. - 运行`exe`. 可能提示 .NET Framework 版本过低,按提示一路点击下载并安装. - 获取你的目标SS服务器地址, 端口, 密码和加密方式. 一些免费的SS: [樱花](https://app.arukas.io/) [ishadowsocks](http://ss.ishadow.world/index_cn.html) <del>[顷刻](https://www.745g.com/)</del> - 填入SS里. - 启用SS的系统全局代理 - 下载Chrome, 添加[SwitchyOmega](https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif)扩展程序, 配置自动切换代理模式 - 取消SS的系统全局代理. 对了,[SwitchyOmega](https://chrome.google.com/webstore/detail/proxy-switchyo...
继续阅读

How to Install KeePass on M1 Mac

图片
KeePass is good at syncing (via FTP or DAV). I missed that functionality on Windows. Here's how I install and use KeePass on MacOS: ## Install wine-crossover ```bash brew tap gcenx/wine brew install --cask --no-quarantine wine-crossover ``` ## Install winetricks ```bash brew install winetricks ``` ## Install .NET ```bash winetricks -q dotnet472 ``` ## Install mono ref: [StackOverflow](https://askubuntu.com/questions/644236/mono-does-not-appear-to-be-installed-error-winetricks) 1. Download [wine-mono.msi](http://dl.winehq.org/wine/wine-mono) from the official winehq site. 1. Run `wine64 uninstaller` 1. A window should popup. Inside the window choose the `mono.msi` file you just downloaded, and then click `install` ## Install clipboard dependences ```bash brew install xsel brew install xdotool ``` ## Install KeePass.zip Please download the exact KeePass version that you used on Windows. Or you may encounter the error `keepass failed to load the specified file the master key is invali...
继续阅读

How User Friendly is a MacOS

From a Windows user point of view, MacOS is differ for the purpose of difference only. Intuition doesn't work in the Mac universe. ```txt macbook hide safari macbook hide safari from dock macos latest version macbook check cpu macbook check cpu usage macbook chrome shortcut to find KeePass alternative Cannot Be Opened Because the Developer Cannot be Verified where is the macbook file explorer macbook stop changing screen temperature macbook stop changing screen color to blue how do I browse my file system on a mac 2021 pin hard drive to docker macbook 2021 pin hard drive to hub macbook what is super key mac sublime mac auto save sublime mac closed without ask me to save hot_exit not working on macbook (depending on close by x v.s. exit completely from docker) Preserve unsaved files macbook Sublime Text 3 keep unsaved files macbook Sublime Text 3 why macbook so antihuman why macbook so against human why macos so not user friendly macbook how to add hard drive to dock macbook how to ...
继续阅读