The program will monitor any penetration to the system, using "inotify" it will report immediately to HTTP server and also to the NETCAT.
1. Reports to WEB SERVER (APACHE SERVER)
The program updating the index.html file of the WEB SERVER in real time
and will display a list of files that were accessed, at which time and what is the access type to each file
(you can refresh the WEB SERVER manually to see the results immediately or to wait for the auto refresh).
Install Apache:
sudo apt-get update
sudo apt install apache2
2. Reporting on the net by NETCAT
The udp client sends textual information to the targeted ip, the information will be in the following configuration like the web server.
FILE ACCESSED: FILE NAME
ACCESS: NO_WRITE / WRITE
TIME OF ACCESS: dd/MM/yyyy HH:mm:ss
netcat -l -u 127.0.0.1 8888
3. Backtrace feature using Telnetd server and "libcli"
Execute telnet command 'backtrace' that will allow backtrace of some thread into the program (the backtrace performed using instrumentation only).
For more commands type 'help'.
telnet 127.0.0.1 8888
Compile:
gcc -g -finstrument-functions -pthread -rdynamic myFileSystemMonitor.c -o myFileSystemMonitor -lcli
Execute:
./myFileSystemMonitor -d test -i 127.0.0.1