Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

Canaryfy

by Thinkst Applied Research

Overview

Canaryfy is an example Linux file read monitor. It watches individual files or files in directories, and triggers a Canarytoken when a read occurs. It relies on the inotify(7) API for firing on file reads.

Building

Run make which will compile to a canaryfy binary.

To get the version which searches for a low PID, uncomment the DEFINES line with -DLOWPID in the Makefile.

Installation

Move the binary to an unexpected location (e.g. /var/lib/mailmain/bin/bouncer).

Execution

canaryfy <process_name> <dns_canarytoken> <path> [ <path> ,] where

  • process_name is what will appear in the ps listing. e.g. '[kswapd1]'
  • dns_canarytoken is a new token from Canarytoken.
  • path is a full path to a file or directory

About

Linux file read monitor

Resources

License

Releases

No releases published

Packages

No packages published