As a result of the work, a server Agent has been developed recently, which has a function of writing to the/path/to/file file
After the program deployment is complete, the content in the/path/to/file file is just beginning to match the expected
But after less than a minute, found that/path/to/file has been inconsistent with expectations, walk through the code to confirm the correct, suspect that there are other background processes to the file has been modified, so to find this culprit evil
At first, try to use the lsof command, specifically, empty the contents of the/path/to/file file, and then write an infinite loop call Lsof/path/to/file, after the run found no effect, but/path/to/file is still modified!
This seems to indicate that a process has completed the/path/to/file Open, write, close operation, lsof command dropped
Later recourse to stack overflow found a solution, that is Auditctl
1. Start Auditctl Background monitoring service first: Service AUDITD start
2, set monitoring rules: Auditctl-w/path/to/file-p w-k hosts-file Monitoring write operation
3, after a period of time, Ausearch-w/path/to/file can see which process makes the file/path/to/file which operation
See which process is working on a file under Linux