On May 22, 2023, then again in June, July and August 8, 2023 the last access date on the files in my home director were changed. Most of these files I haven't accessed in years.
How do I find out the name of the process that is doing this? My first guess is Google but I have no proof. I looked into journalctl but it isn't that granular and has nothing meaningful of programs running at that time.
I have no problems writing a script that runs once a minute and checks the last access date of ~/secret_file.txt or whatever trap is set, but I'm not sure on the exact script I should run.
Similar question with no explicit answer: How do I see what program accessed my files?
Not a duplicate question because that link doesn't suggest setting a trap by creating a file that is never accessed such as ~/my_secrets.txt. Also that question never offered willingness to create a script that runs every minute. Whatever program is accessing my files is probably internet based because I have an nvme SSD that can quickly access files but the POG (Program of Interst) in question takes many minutes to access all the files in ~. In the last August 8th instance I noticed (two days after the fact) it was from 9:01 am to 9:04 am.
Is there already a package that lets you plant a trap and see who springs it? If not how do you see what is running at that time and get a notification? Anything that can change the world, I say or post publicly anyway, so there is nothing on my computer to hide. I just resent the fact something or someone is looking into my home directory.
