Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/thinkst/canaryfy
Linux file read monitor
https://github.com/thinkst/canaryfy
Last synced: about 2 months ago
JSON representation
Linux file read monitor
- Host: GitHub
- URL: https://github.com/thinkst/canaryfy
- Owner: thinkst
- License: bsd-3-clause
- Created: 2015-09-08T09:37:11.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2023-09-16T16:57:38.000Z (about 1 year ago)
- Last Synced: 2024-05-15T04:44:35.387Z (4 months ago)
- Language: C
- Size: 6.84 KB
- Stars: 90
- Watchers: 3
- Forks: 11
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Canaryfy
=============
by Thinkst Applied Research
Overview
--------
Canaryfy is an example Linux file read monitor. It watches individual files or files in directories, and triggers a [Canarytoken](http://canarytokens.org/) when a read occurs. It relies on the inotify(7) API for firing on file reads.
Building
------------
Run `make` which will compile to a `canaryfy` binary.
To get the version which searches for a low PID, uncomment the DEFINES line with `-DLOWPID` in the Makefile.
Installation
------------
Move the binary to an unexpected location (e.g. `/var/lib/mailmain/bin/bouncer`).
Execution
---------
```canaryfy [ ,]```
where
* `process_name` is what will appear in the `ps` listing. e.g. '[kswapd1]'
* `dns_canarytoken` is a new token from [Canarytoken](http://canarytokens.org).
* `path` is a full path to a file or directory