Watching Under The Hood Of Tiger's Spotlight 43
jaketheitguy writes "Over at KernelThread.com, Amit Singh has released a commandline app called FSLogger for looking under the hood of Tiger's Spotlight. You can watch all kinds of filesystem changes going on in realtime. The utility apparently intercepts and displays filesystem change data as it goes out to Spotlight from the kernel. It even tells you which app is making the changes. Looks like Apple has included some pretty powerful API's in Tiger and there may be some othre really interesting uses of this API as mentioned on the app's page. I for one would really like to be able to tell if somebody changed ANY files on my system without my knowledge. I think you can do that with Singh's program, but how do you make sure somebody cannot disable the program?"
Two in a row? (Score:1, Offtopic)
Come on Hemos, lets have a hattrick
and oh... I for one welcome our new Spotlight overlords
This story seems utterly confused. (Score:1, Informative)
Spotlight changed my life. (Score:4, Funny)
- Run Faster
- Jump Higher
- Score with the chicks
- Regrow lost hair!
Re:Spotlight changed my life. (Score:3, Funny)
Re:Spotlight changed my life. (Score:2)
Possible side effects may include but are not limited to data loss, computer malfunction, loss of electricity, rugburn, high phone bills, cataracts, auto repossession, and in rare cases death and/or dismemberment and eternal damnation. Use only as directed.
Two stories in 20 minutes? (Score:1)
Re:Two stories in 20 minutes? (Score:1, Funny)
Recursion (Score:2, Funny)
So, this application would shine a spotlight on Spotlight? Is that anything like when you point a video camera at a monitor hooked up to the camera's output?
Re:Recursion (Score:2)
IDS Potential (Score:2)
Interesting idea.
Tripwire (Score:3, Informative)
http://www.tripwire.com/ [tripwire.com]
http://sourceforge.net/projects/tripwire/ [sourceforge.net]
There is even a Mac OS X version now it seems:
http://www.macguru.net/~frodo/Tripwire-osx.html [macguru.net]
Of course you'd probably then want an OS that implements some form of relevant Mandatory Access Control / POSIX.1e (e.g. LIDS for Linux, Trusted Solaris, or Argus Pitbull (Linux/Solaris)) to help prevent the intruder from interfering with Tripwire i
Re:Tripwire (Score:3, Informative)
Fslogger runs continuously and registers itself with the kernel, when a filesystem change event happens details about it are announced to all registered apps and fslogger displays the information it receives in a useful (if verbose) manner.
Tripwire is a fantastically useful app which I run on every one of the servers I admin, and perhaps the OSX version
Re:Tripwire (Score:1)
Sorry if it the reply came across as harsh.
Re:Tripwire (Score:2)
I think the idea of having Tripwire hooks so that it's automatically informed of changes real time when on Mac OS X is certainly interesting and I'd think eminently doable.
I think true real time updates may actually have been a feature of a commercial implimentation (for Solaris), but that would be going back 7-8 years ago now, so I'm not certain (it could have been just a daemon that periodically checked for changes, or I may have remembered wrongly).
PS: I hadn't heard the name 'fsl
Tripwire (Score:2, Informative)
- Tripwire is not a real-time service, it's scheduled to run at specific (user-defined) times.
- Tripwire does not prevent anyone from making changes - it merely ensures that any changes to the OS are recorded and mad
Where's "As Seen on TV" ... (Score:2)
He was very vocal about this sort of thing, and now he's gone very quiet. Almost as if he was an Apple employee who was given The Warning (tm) or... (obligatory Star Wars reference being used in shameless Karma whoring)
When I get some time, I'll read the article (thus breaking a long-running streak for me) and compare to ASoT's statements.
Re:Where's "As Seen on TV" ... (Score:1, Informative)
Re:Where's "As Seen on TV" ... (Score:2)
Awesome.
Re:Where's "As Seen on TV" ... (Score:1)
If the AC's observation is correct
Re:Where's "As Seen on TV" ... (Score:2)
Re:Where's "As Seen on TV" ... (Score:3, Funny)
Re:Where's "As Seen on TV" ... (Score:3, Funny)
ASOT is not Steve Jobs (Score:3, Insightful)
1. ASOT is too familiar with the technical underpinnings of Apple technology. Steve Jobs is smart smart smart, a great businessman, but there is no way he is this familiar with all the technical details. That was what Woz was for, remember? (No I'm not implying this is Woz, since he clearly no longer has this much access to Apple.)
2. There's no way the CEO of a public company would risk the MAJOR, MAJOR, MAJOR lawsuits and trouble that could be caused from the SEC and shareholde
Re:ASOT is not Steve Jobs (Score:1)
I don't know of any Steve at Apple except Jobs, so what should we conclude?
Re:ASOT is not Steve Jobs (Score:1)
That ASOT is a witch!!
Re:ASOT is not Steve Jobs (Score:1)
Re:Where's "As Seen on TV" ... (Score:1)
Re:Where's "As Seen on TV" ... (Score:1)
Tracking changes to the file system (Score:3, Informative)
Take a look at the kqueue(2) man page.
There are more details available at http://people.freebsd.org/~jlemon/papers/kqueue.pd f [freebsd.org]
Re:Tracking changes to the file system (Score:3, Interesting)
Physical security essential (Score:1)
You can't, not withint guarenteeing physical security to the box.
If someone can pull your hard disk OR boot with their own media, all is lost.
Short of that, your question amounts to "how do I keep from getting rootkitted."
Re:Just use fs_usage (Score:1)
These guys are utter LORDS of the nt OS by any definiton. ( read their "About us" section and see just how A class it is. A Microsoft Most Valued Proffesional no less )
Anyway. There are filesystem access and notification tools around for nearly any os and its good