INOTIFYWAIT, one of the more interesting command line tools out there. The GitHub repository can be found here. The package is known by inotify-tools. It is available in most default package managers. But you can use GitHub to install it from source if you like. The oldest commit goes back to 2009 in November when it was first committed from Source Forge, where it was first registered back in 2006 in July. With 35 contributors, INOTIFYWAIT has a bright future. Now let’s start hitting up that terminal.
Basics
The first thing to do, like many terminal tools, is installing it. We can do this with most package managers, as stated before. We will show you in Arch, Debian and openSUSE type distributions.
Arch/Endeavour
sudo pacman -S inotify-tools
Debian/Ubuntu
sudo apt install inotify-tools
openSUSE
sudo zypper install inotify-tools
Now that we have INOTIFYWAIT installed, we can go ahead and see what commands there are. As always, the best way to do that is to run the -h option.
inotifywait -h
The options are many. They even have the exit codes in there so you can look them up fast when working with INOTIFYWAIT. The events are also spelled out nicely. There is something about the simplicity of the -h option that just makes since. Its important to think of a use case when working with INOTIFYWAIT. Since it is ideal for use with systemd services and cron jobs. You can easily use INOTIFYWAIT to script out BASH solutions for your needs as well.
Monitoring
Now that we have INOTIFYWAIT installed, we can work with it. We just need to use the command while pointing it at a file, set of files or a directory. We will be using the Downloads directory for this example. In the first terminal, we will run INOTIFYWAIT.
inotifywait -m ~/Downloads
Now to see some action, in our second terminal, we need to change something in that directory.
cd ~/Downloads
Now we can download something. In this case, we should get a pointer HTML file rather than a picture.
wget https://i.chzbgr.com/full/9025750528/h9B356DC9/puppy-free-zone
Now we can delete the file and see more activity.
rm -r puppy-free-zone
In other words, you will see anything that happens here on a system dialog level.
Scripting
The output could even be put straight into a file for later use. We can do that like this.
mkdir ~/test && cd ~/test && echo "inotifywait -m ~/Downloads >> ~/test/inotifywait.log" > inotifywait-monitor.sh && sudo chmod +x inotifywait-monitor.sh
Now all we need to do is run our script in terminal, or you could set it to run as a systemd service every time you boot. The applications are pretty endless.
sh inotifywait-monitor.sh
Now let’s cat the activity, just download something else or even look at the folder with a file manager.
cat inotifywait.log
So as you can see, INOTIFYWAIT can really do a lot. There are however some limitations you should be aware of. You will not see user IDs in the printout, but you will see the owner of the directory, if not root. You can not use this on a remote system and see it on your current system. Furthermore, you would have to make a log and rsync that to your current machine. So it is not a hacker tool necessarily. The important thing is that you understand you can add tons of functionality with this one simple Unix philosophy driven tool.
Now that we have gone over some of the use of INOTIFYWAIT, we want to know what you would use it for. Please leave us a comment of how you would use INOTIFYWAIT. Thanks for following along.
