GitHub - cisco/ampfsm: Cisco AMP Filesystem Module

Cisco AMP Filesystem Module (ampfsm.ko)

Russ Kubik

Craig Davison

Description

This Linux kernel module monitors filesystem syscalls (rename) and sends these events to user space.

Supported kernels

This module has been tested on kernels 3.10 (as distributed in CentOS 7) through 4.14 (as distributed in Amazon Linux 2). This module requires jprobes, so kernel version 4.15 and higher are not currently supported.

Build the module

Build the module by running make:

$ make

Install the kernel module

Install the kernel module:

$ sudo insmod ampfsm.ko

Build the test client

Build the test client in the test_client directory (requires libmnl - http://www.netfilter.org/projects/libmnl/):

$ cd test_client
$ make

Run the test client

Run the test client as root:

$ sudo ./test_client -l debug -f rename

Name		Name	Last commit message	Last commit date
Latest commit History 32 Commits
common		common
include		include
test_client		test_client
.gitignore		.gitignore
Kbuild		Kbuild
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
fscallwatch.h		fscallwatch.h
fscallwatch_kprobe.c		fscallwatch_kprobe.c
fsm.c		fsm.c
fsm.h		fsm.h

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Cisco AMP Filesystem Module (ampfsm.ko)

Description

Supported kernels

Build the module

Install the kernel module

Build the test client

Run the test client

About

Releases

Packages

Contributors 9

Languages

License

cisco/ampfsm

Folders and files

Latest commit

History

Repository files navigation

Cisco AMP Filesystem Module (ampfsm.ko)

Description

Supported kernels

Build the module

Install the kernel module

Build the test client

Run the test client

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 9

Languages

Packages