Fsmon: A Open-Source FileSystem Monitor Tool
Fsmon is an open-source FileSystem Monitor Tool. Fsmon tool runs on Android, OSX, iOS and Linux. Fsmon is brought by Sergi Àlvarez at Nowsecure and it was distributed under MIT license.
In iOS Device:
In iOS device, Fsmon is used to implement missing events, segfaulting, broken and to report false or incorrect information.
In Linux and Android Device:
In both the device, the inotify syscall is the one who provides access to receive the events of the filesystem. But, this API contains some limitations like:
It lacks in some useful info like by whom(process-id) action is performed. But by using inotify some limitations have been fixed.
Features of Fsmon:
Fsmon is having many unique features that can easily address all the above issues:
- The output comes in JSON.
- Filtration is done by process or appname.
- Specific directory filteration.
- It stops monitoring after N seconds.
- It can easily Copy the backup accessed files in another directory.
- If the event streams are asynchronous and non-blocking, only that time the process name can’t be grabbed or the file can’t be copied into the backup directory.
How to Use it:
From the specific directory file system events have been retrieves by this tool and it gives output either in colorful format or in JSON.
After that event happening can be filtered by using program name or process id (PID).
$ ./fsmon -h
Usage: ./fsmon [-jc] [-a sec] [-b dir] [-p pid] [-P proc] [path]
-a [sec] stop monitoring after N seconds (alarm)
-b [dir] backup files to DIR folder (EXPERIMENTAL)
-c follow children of -p PID
-h show this help
-j output in JSON format
-f show only filename (no path)
-p [pid] only show events from this pid
-P [proc] events only from process name
-v show version
[path] only get events from this path
How to Compile Fsmon:
Fsmon is an open-source and portable tool. It works on several devices like iOS, OSX, Linux and Android.
1. On Linux-
For compilation use the following command
linux$ make
2. OSX + iOS fatbin
For compilation use the following command
osx$ make
3. Android
For compilation use the following command
$ make android NDK_ARCH=arm
The universal command to use for installing it is:
$ make install
Download Link: Click Here
ليست هناك تعليقات:
إرسال تعليق