file-audit-system

File monitoring software that will log file access to configured directories on the system.

Assumptions

Linux OS
Recent version of linux kernel, I used 5.3.7
systemd based OS
libaudit is available and installed in the system
libpthread is available and installed in the system
auditd and friends are available and installed in the system

Debugging

Reinstall new version:
- sudo killall auditd && make && sudo make install && sudo systemctl start auditd
Gdb analysis of core in case of crash
- sudo coredumpctl -1 gdb
Following debugging output
- journalctl -fu auditd

Install

1. Build

mkdir build
cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
make
sudo make install

2. Run install.sh

sudo install.sh

See it in action:

tail -f /tmp/file-monitor.log
- Change above for different logs
journalctl -fu auditd
- Watch here for any relevant app logs

Todo

Is nametype truly the file access type?
Add executable arguments to specify different config file
Not such a hardcoded config file location ("/etc/file-monitor.conf")
Make audit events logged configurable

Name		Name	Last commit message	Last commit date
Latest commit History 82 Commits
cmake		cmake
config		config
inc		inc
src		src
.gitignore		.gitignore
CMakeLists.txt		CMakeLists.txt
LICENSE		LICENSE
README.md		README.md
install.sh		install.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

file-audit-system

Assumptions

Debugging

Install

1. Build

2. Run install.sh

See it in action:

Todo

About

Releases

Packages

Languages

License

tricktux/file-audit-system

Folders and files

Latest commit

History

Repository files navigation

file-audit-system

Assumptions

Debugging

Install

1. Build

2. Run install.sh

See it in action:

Todo

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages