In a world where automation is key and staying informed in real time can make all the difference, monitoring file changes on your server becomes more than just a convenience — it's a necessity.
A few weeks ago, one of my clients had a security incident: their website was compromised, and malicious files were silently uploaded to their server. It wasn’t until much later that the intrusion was discovered — long after suspicious scripts had been running undetected. This incident became a turning point, reminding me how crucial it is to have visibility over what’s happening inside the filesystem, especially in production environments.
That experience inspired me to create a simple yet powerful monitoring script. The goal was clear: track every change in specific directories, ignore irrelevant paths (like logs or temporary files), and send real-time alerts through Telegram whenever something changes — whether it's a new file, a modification, or a deletion.
In this post, I’ll walk you through the script I ended up with. It’s lightweight, bash-based, and leverages inotifywait to efficiently monitor multiple directories while excluding specific ones. If you’re running a CentOS or similar Linux VM and want quick, actionable visibility into file activity — this one's for you.
Let’s dive in.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
#!/bin/bash BOT_TOKEN="YOUR_BOT_TOKEN" CHAT_ID="YOUR_CHAT_ID" # Included folders INCLUDE_DIRS=( "/mnt/data/project1" "/mnt/data/project2" ) # Excluded path patterns EXCLUDE_PATTERNS=( "/tmp/" "/logs/" ) send_telegram() { MESSAGE="$1" echo "Sending to Telegram: $MESSAGE" # Debug curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" \ -d chat_id="${CHAT_ID}" \ -d text="$MESSAGE" >> /tmp/telegram_log.txt 2>&1 } # Start monitoring all included folders in a single loop inotifywait -m -r -e create -e modify -e delete -e move --format '%w%f %e' "${INCLUDE_DIRS[@]}" | while read FILE EVENT; do # Skip excluded patterns skip=0 for pattern in "${EXCLUDE_PATTERNS[@]}"; do if [[ "$FILE" == *"$pattern"* ]]; then skip=1 break fi done [[ $skip -eq 1 ]] && continue echo "Detected: $FILE [$EVENT]" # Debug send_telegram "📂 Change detected: $FILE [$EVENT]" done |
Parameters should you changes:
BOT_TOKEN
CHAT_ID
INCLUDE_DIRS
EXCLUDE_PATTERNS
