Skip to content

thinkst/canaryfy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Canaryfy

by Thinkst Applied Research

Overview

Canaryfy is an example Linux file read monitor. It watches individual files or files in directories, and triggers a Canarytoken when a read occurs. It relies on the inotify(7) API for firing on file reads.

Building

Run make which will compile to a canaryfy binary.

To get the version which searches for a low PID, uncomment the DEFINES line with -DLOWPID in the Makefile.

Installation

Move the binary to an unexpected location (e.g. /var/lib/mailmain/bin/bouncer).

Execution

canaryfy <process_name> <dns_canarytoken> <path> [ <path> ,] where

  • process_name is what will appear in the ps listing. e.g. '[kswapd1]'
  • dns_canarytoken is a new token from Canarytoken.
  • path is a full path to a file or directory

About

Linux file read monitor

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •