how to find which process/application modified a particular file in LibreElec

    Hi ,

    I have a couple of files that my application manages but some other process seems to be modifying and resetting those files.

    I think auditctl would be a good utility to have on this system. Can someone please advice on how to go about installing auditctl or similar program to find out which process modified the files ?

    It is impossible to catch the process in the act, so 'lsof' does not work for my needs.

    Thanks in advance.

    The files are DB files that are used by my custom scripts. They are in a separate folder under my Script folder. No other process should be modifying them, but I see it repeated being reset. I've reviewed my scripts multiple times and I don't see anything that could have reset the DBs.

    they're reset in the middle, without a reboot.

    I'm quite certain that none of the LE processes are modifying them.

    My custom scripts have been something I've worked on in my spare time over the last 1-2 years and I"m afraid that there may be some old scripts that are messing with these DB files. But I can't seem to find any other scripts that could be doing that. Thus the need for a program like auditctl .

    Then look line by line your scripts?

    I build audit package for x86 if this is the arch you are using. But I didn't test it and should be run manually with specifying config files or folders or whatever.

    Update: Audit is not enabled in kernel so userspace tools are useless anyway :)

    Code
    # CONFIG_AUDIT is not set

    Thanks vpeter .

    I did take a look line by line and there is nothing in there that could be resetting the DB.

    Thank you for checking and confirming that audit wouldn't work. Since Audit is no longer an option, I'll see what I can do, maybe if needed do a clean install of LE and try the current scripts again.