{"id":26085954,"url":"https://github.com/meliot/filewatcher","last_synced_at":"2025-03-09T06:01:56.712Z","repository":{"id":41566951,"uuid":"96050788","full_name":"santoru/filewatcher","owner":"santoru","description":"A simple auditing utility for macOS","archived":false,"fork":false,"pushed_at":"2021-03-20T21:00:34.000Z","size":3920,"stargazers_count":286,"open_issues_count":3,"forks_count":39,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-02-28T23:19:59.112Z","etag":null,"topics":["auditing","filesystem","macos","malware","monitoring","security-audit"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/santoru.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-07-02T21:49:19.000Z","updated_at":"2025-02-12T05:36:40.000Z","dependencies_parsed_at":"2022-07-07T14:31:53.212Z","dependency_job_id":null,"html_url":"https://github.com/santoru/filewatcher","commit_stats":null,"previous_names":["meliot/filewatcher"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santoru%2Ffilewatcher","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santoru%2Ffilewatcher/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santoru%2Ffilewatcher/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santoru%2Ffilewatcher/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/santoru","download_url":"https://codeload.github.com/santoru/filewatcher/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242650949,"owners_count":20163611,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auditing","filesystem","macos","malware","monitoring","security-audit"],"created_at":"2025-03-09T06:01:52.666Z","updated_at":"2025-03-09T06:01:56.695Z","avatar_url":"https://github.com/santoru.png","language":"C","readme":"# filewatcher\n## a simple auditing utility for macOS\n\nFilewatcher is an auditing and monitoring utility for macOS.\n\nIt can audit all events from the system auditpipe of macOS and filter them by process or by file. \nYou can use this utility to:\n - Monitor access to a file, or a group of files.\n - Monitor activity of a process, and which resources are accessed by that process.\n - Build a small Host-Based IDS by monitoring access or modifications to specific files.\n - Do an dynamic malware analysis by monitoring what the malware is using on the filesystem.\n\n\nIf you want to read more about how it works, [check my blog](https://insecurity.blog/2017/07/02/mac-os-real-time-auditing/).\n\n\n### Installation\nJust run \u003ci\u003emake\u003c/i\u003e to compile it and then \u003ci\u003e./bin/filewatcher\u003c/i\u003e.\n\n```\nUsage: ./bin/filewatcher [OPTIONS]\n  -f, --file            Set a file to filter\n  -p, --process         Set a process name to filter\n  -a, --all             Display all events (By default only basic events like open/read/write are displayed)\n  -d, --debug           Enable debugging messages to be saved into a file\n  -h, --help            Print this help and exit\n```\n### Expected output:\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"screenshot.png\" alt=\"Output\" /\u003e\n\u003c/p\u003e\n","funding_links":[],"categories":["C","C (286)","\u003ca id=\"df8a5514775570707cce56bb36ca32c8\"\u003e\u003c/a\u003e审计\u0026\u0026安全审计\u0026\u0026代码审计"],"sub_categories":["\u003ca id=\"34569a6fdce10845eae5fbb029cd8dfa\"\u003e\u003c/a\u003e代码审计"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmeliot%2Ffilewatcher","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmeliot%2Ffilewatcher","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmeliot%2Ffilewatcher/lists"}