Jump to content
Nytro

filewatcher

By Nytro, in Programe securitate

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

filewatcher

a simple auditing utility for macOS

Filewatcher is an auditing and monitoring utility for macOS.

It can audit all events from the system auditpipe of macOS and filter them by process or by file You can use this utility to:

  • Monitor access to a file, or a group of files.
  • Monitor activity of a process, and which resources are accessed by that process.
  • Build a small Host-Based IDS by monitoring access or modifications to specific files.
  • Do an dynamic malware analysis by monitoring what the malware is using on the filesystem.

If you want to read more about how it works, check my blog.

Installation

Just run make to compile it and then ./bin/filewatcher. 

Usage: ./bin/filewatcher [OPTIONS]
  -f, --file            Set a file to filter
  -p, --process         Set a process name to filter
  -a, --all             Display all events (By default only basic events like open/read/write are displayed)
  -d, --debug           Enable debugging messages to be saved into a file
  -h, --help            Print this help and exit

Expected output:

Output

 

Sursa: https://github.com/m3liot/filewatcher

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...