Skip to content

thinkst/canaryfy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

base32.c

base32.c

 
 

base32.h

base32.h

 
 

canaryfy.c

canaryfy.c

 
 

Repository files navigation

Canaryfy

by Thinkst Applied Research

Overview

Canaryfy is an example Linux file read monitor. It watches individual files or files in directories, and triggers a Canarytoken when a read occurs. It relies on the inotify(7) API for firing on file reads.

Building

Run make which will compile to a canaryfy binary.

To get the version which searches for a low PID, uncomment the DEFINES line with -DLOWPID in the Makefile.

Installation

Move the binary to an unexpected location (e.g. /var/lib/mailmain/bin/bouncer).

Execution

canaryfy <process_name> <dns_canarytoken> <path> [ <path> ,] where

  • process_name is what will appear in the ps listing. e.g. '[kswapd1]'
  • dns_canarytoken is a new token from Canarytoken.
  • path is a full path to a file or directory

About

Linux file read monitor

Resources

Readme

License

BSD-3-Clause license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

90 stars

Watchers

3 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages