How to Use Incron to Monitor Important Files and Folders

’ve seen it happen: a Linux server is taken over by a rootkit and no one was the wiser…at least not until some errant behavior occurred or something outside of the company reported an oddity. After some serious digging, you find out the rootkit has modified a few files or directories and the damage has been done.

What if you knew of a tool that could monitor files for change and then report the changes within /var/log/syslog or take some action when a file was modified? There is such a tool.