Skip to content

archival-0x/fileguard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
examples
examples
 
 
include
include
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

fileguard

configurable unix file watcher based on inotify

intro

fileguard is a file watcher that utilizes the POSIX-standard inotify API to watch inodes (a more Linux and abstract way of saying file/directory), and to trigger an action when an event occurs in that inode.

For more on inotify, read here.

features

  • simple and fast cli interface
  • configurable via YAML config
  • desktop notification over glib
  • (TODO) built-in logger support

use cases

  • intrusion detection on privileged files, and to trigger a kill to the reader process
  • automate and reproduce builds as developer writes changes to codebase

install

Get some dependencies (Debian-based distros):

$ sudo apt install libnotify-dev libglib2.0-dev libgdk-pixbuf2.0-dev libyaml-dev

# ... in case of a possible mis-linkage issue with GDK pixbuf
$ sudo ln -s /usr/include/gdk-pixbuf-2.0/gdk-pixbuf /usr/include/gtk-2.0/gdk-pixbuf

Build and compile:

$ git clone https://github.com/ex0dus-0x/fileguard.git && cd fileguard
$ make
$ ./fileguard -h

Usage: (note that these are optional arguments)
    ./fileguard -[h|v]

-h : Display this help message
-v : Turns ON verbosity

Running ./fileguard will automatically default to the fileguard.yaml file within this source directory. However, you may specify your own .yaml config by specifying it as an argument ./fileguard another.yaml.

config

This is the default CONFIG_FILE for fileguard. When the program is executed, this is the file that is parsed during exeution. To understand how it works and what to specify, read the comments below.

# -- Sets inode to be watched by inotify -- #
inode: my_inode

# -- Include an action that signifies change in an inode -- #
#    For more information: http://man7.org/linux/man-pages/man7/inotify.7.html
event: IN_ACCESS

# -- Include action to complete when inode changes -- #
#    List of actions:
#      * "execute <COMMAND>" - execute a user-specified command
#      * "log <CURR_DIR | ROOT>"  - create a log of events occuring for a watched inode
action: execute "echo 'Hello world!'"

This example config file prints "Hello world!" to the terminal when a IN_ACCESS event is detected on the inode my_inode.

Here are all the supported inotify events:

const char * events [] =
{
   "IN_ACCESS",             // File accessed
   "IN_ATTRIB",             // Metadata changes
   "IN_CLOSE_WRITE",        // File opened for writing was closed.
   "IN_CLOSE_NOWRITE",      // File or directory not opened for writing was closed.
   "IN_CREATE",             // File/directory created
   "IN_DELETE",             // File/directory deleted
   "IN_DELETE_SELF",        // Watched inode deleted
   "IN_MODIFY",             // File modified
   "IN_MOVE_SELF",          // Watched inode moved
   "IN_MOVED_FROM",         // Directory with old filename when a file is renamed.
   "IN_MOVED_TO",           // Directory with new filename when a file is renamed.
   "IN_OPEN",               // File/directory is opened
   "IN_UNMOUNT",            // Filesystem unmounted
};

license

mit

About

configurable unix file watcher based on inotify

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

3 watching

Forks

0 forks
Report repository

Languages