Does the Inotifywait process increase the server load? Change Inotify to AuditD

You are here:
Estimated reading time: 1 min
Inotify is the Malware Detection module’s filesystem monitoring tool. It detects if a file has been uploaded to the server or has been modified and triggers the Malware Detection module to check the file.

– If there are a lot of file changes or uploads on the server constantly Inotify might increase the server’s load
– AuditD requires much less resource on the server and it is also faster than Inotify

Check if AuditD can be used

  1. To start AuditD temporally with this command:
    bitninjacli --module=MalwareDetection --use-auditd
  2. Check if the necessary AuditD rules are generated. You can do that with auditctl -l
  3. AuditD will log to the same file so you can check if AuditD is running with tail -f /var/log/bitninja/inotify/inotify.log

Enable AuditD permanently

You can do this from the BitNinja dashboard from the Configuration menu. You can apply the changes explained below on a per-server basis or a server group’s level, or you can apply it to your whole account.

  1. Open the Configuration menu on your BitNinja dashboard.
  2. Select the setting level on the left side. (server-level, server group-level, account-level)
  3. Select the Malware Detection module.

  4. Scroll down and select the “Advanced settings” menu at the bottom.
  5. Change the File system monitor to auditd.
  6. Click on the Save button at the top of the page.
  7. Restart BitNinja with the service bitninja restart command.

Was this article helpful?
It was not helpful
Views: 1496