Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nowsecure/fsmon

monitor filesystem on iOS / OS X / Android / FirefoxOS / Linux
https://github.com/nowsecure/fsmon

android dynamic-analysis filesystem linux nowsecure osx tracing

Last synced: 6 days ago
JSON representation

monitor filesystem on iOS / OS X / Android / FirefoxOS / Linux

Host: GitHub
URL: https://github.com/nowsecure/fsmon
Owner: nowsecure
License: mit
Created: 2016-01-13T17:38:34.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2025-01-21T10:14:48.000Z (16 days ago)
Last Synced: 2025-01-24T16:06:29.510Z (13 days ago)
Topics: android, dynamic-analysis, filesystem, linux, nowsecure, osx, tracing
Language: C
Homepage: https://www.nowsecure.com
Size: 2.4 MB
Stars: 925
Watchers: 51
Forks: 156
Open Issues: 23
Metadata Files:
- Readme: README.md
- License: COPYING

Awesome Lists containing this project

awesome-iOS-security-tools - fsmon

README

        # fsmon

![ci](https://github.com/nowsecure/fsmon/actions/workflows/ci.yml/badge.svg?branch=master)

FileSystem Monitor utility that runs on Linux, Android, iOS and OSX.

Brought to you by Sergi Àlvarez at Nowsecure and distributed under the MIT license.

Contact: [email protected]

## Usage

The tool retrieves file system events from a specific directory and shows them in colorful format or in JSON.

It is possible to filter the events happening from a specific program name or process id (PID).

```

$ ./fsmon -h

Usage: ./fsmon-macos [-Jjc] [-a sec] [-b dir] [-B name] [-p pid] [-P proc] [path]

 -a [sec]  stop monitoring after N seconds (alarm)

 -b [dir]  backup files to DIR folder (EXPERIMENTAL)

 -B [name] specify an alternative backend

 -c        follow children of -p PID

 -f        show only filename (no path)

 -h        show this help

 -j        output in JSON format

 -J        output in JSON stream format

 -n        do not use colors

 -L        list all filemonitor backends

 -p [pid]  only show events from this pid

 -P [proc] events only from process name

 -v        show version

 [path]    only get events from this path

Examples:

 fsmon /data

 fsmon -J / | jq -r .filename

 fsmon -B fanotify /home

$

```

Backends

--------

fsmon filesystem information is taken from different backends depending on the operating system and apis available.

This is the list of backends that can be listed with `fsmon -L`:

* inotify (linux / android)

* fanotify (linux > 2.6.36 / android with custom kernel)

* devfsev (osx /dev/fsevents - requires root)

* kqueue (xnu - requires root)

* kdebug (bsd?, xnu - requires root)

* fsevapi (osx filesystem monitor api)

Compilation

-----------

fsmon is a portable tool. It works on iOS, OSX, Linux and Android (x86, arm, arm64, mips)

*Linux*

	$ make

*OSX + iOS fatbin*

	$ make

*iOS*

	$ make ios

*Android*

	$ make android NDK_ARCH= ANDROID_API=

To get fsmon installed system wide just type:

	$ make install

Changing installation path...

	$ make install PREFIX=/usr DESTDIR=/