Tracing file modifications

Hello all!

Is there a way or a utility to trace any kind of file changes in a particular directory on any UNIX machine?
The purpose is that in Unix, there are multiple ways of opening and making changes to a file. But internally, there must be something common (a single pipe, etc.) that is being refered by every application or command that performs file modifications. How can I get to that?

Some versions of unix have c2 security features which can trace any system call made by any process. I don't know of any other way to to do what you want. The kernel knows whenever a file is changed, but there are no interfaces to provide the info except for c2 auditing. Beyond that you would need to rewrite the kernel.

There is a product called ETrust that is available from Computer Associates, maybe you could look that up.

Tripwire is a possibility for tracking file system intergrity. Worth looking at anyway.