Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/thinkst/canaryfy

Linux file read monitor
https://github.com/thinkst/canaryfy

Last synced: 4 days ago
JSON representation

Linux file read monitor

Host: GitHub
URL: https://github.com/thinkst/canaryfy
Owner: thinkst
License: bsd-3-clause
Created: 2015-09-08T09:37:11.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2023-09-16T16:57:38.000Z (about 1 year ago)
Last Synced: 2024-08-04T02:07:57.312Z (3 months ago)
Language: C
Size: 6.84 KB
Stars: 89
Watchers: 3
Forks: 11
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        Canaryfy

=============

by Thinkst Applied Research

Overview

--------

Canaryfy is an example Linux file read monitor. It watches individual files or files in directories, and triggers a [Canarytoken](http://canarytokens.org/) when a read occurs. It relies on the inotify(7) API for firing on file reads.

Building

------------

Run `make` which will compile to a `canaryfy` binary.

To get the version which searches for a low PID, uncomment the DEFINES line with `-DLOWPID` in the Makefile.

Installation

------------

Move the binary to an unexpected location (e.g. `/var/lib/mailmain/bin/bouncer`).

Execution

---------

```canaryfy    [  ,]```

where 

* `process_name` is what will appear in the `ps` listing. e.g. '[kswapd1]'

* `dns_canarytoken` is a new token from [Canarytoken](http://canarytokens.org).

* `path` is a full path to a file or directory