Inotify (inode notify) is a Linux kernel subsystem that monitors events in filesystems and reports those events to applications in real time via API.
inotify can be used to monitor individual files or directories. When a directory is monitored, inotify will return events for the directory itself and for files inside the directory.
inotify-tools is a set of command-line programs for Linux providing a simple interface to inotify. These programs can be used to monitor and act upon filesystem events. inotify-tools consists of four utilities: inotifywait, inotifywatch, fsnotifywait and fsnotifywatch.
inotifywait efficiently waits for changes to files, making it appropriate for use in shell scripts.
inotifywatch collects filesystem usage statistics and outputs counts of each inotify event.
fsnotifywait and fsnotifywatch are similar to inotifywait and inotifywatch, but they are using Linux's fanotify(7) interface by default. The fanotify API also provides notification and interception of filesystem events. Additional capabilities compared to the inotify(7) API include the ability to monitor all of the objects in a mounted filesystem, the ability to make access permission decisions, and the possibility to read or modify files before access by other applications.
inotify-tools is also useful for security activities in firewall systems or to detect changes and injections of new files in webservers by intruders.