I need a script that will check any modification in the /etc/passwd file, if there's a modification I get alerted immediately via email telling me that a user that has been added or removed from the passwd file
Without using inotifywait command
you could check for modifications with md5sum or sha256... make your base checksum, hardcode it in a scrip
if [[ "$(sha256 /etc/passwd)" != "the hash of ori file" ]]; then
mail yourself
fi
you could also have a copy of /etc/passwd somewhere and run a diff that you send by mail as to have the content of the changes
if [[ "$(diff /etc/passwd /root/passwdbackup)" != "" ]]; then
mail yourself
fi