filewatcher一个简单的macOS审计和监控实用程序

filewatcher一个简单的macOS审计和监控实用程序

filewatcher

a simple auditing utility for macOS

Filewatcher is an auditing and monitoring utility for macOS.

It can audit all events from the system auditpipe of macOS and filter them by process or by file You can use this utility to:

Monitor access to a file, or a group of files.Monitor activity of a process, and which resources are accessed by that process.Build a small Host-Based IDS by monitoring access or modifications to specific files.Do an dynamic malware analysis by monitoring what the malware is using on the filesystem.

If you want to read more about how it works, check my blog.

Installation

Just run make to compile it and then ./bin/filewatcher.

Usage: ./bin/filewatcher [OPTIONS] -f, --file Set a file to filter -p, --process Set a process name to filter -a, --all Display all events (By default only basic events like open/read/write are displayed) -d, --debug Enable debugging messages to be saved into a file -h, --help Print this help and exit

Expected output:

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。