Is it possible to detect changes to a containers file system as they happen. I have a web application which needs to be highly secure. I’d like to monitor the container and be notified whenever a file is added, removed or changed, as well as if a new process is started inside the container.
I know the diff command could be used to see changes, however I’d prefer to have something I could watch more directly. Calling diff every minute or so and comparing the output with the previous won’t show if a file is changed more than once, and won’t register if a new process is created.
As for processes I’m more concerned about processes which start and exit rapidly.
Thoughts?