-
Notifications
You must be signed in to change notification settings - Fork 39
/
Copy pathfilewatcher.c
69 lines (57 loc) · 1.65 KB
/
filewatcher.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
/**
* filewatcher - a simple auditing utility for macOS
* Copyright (C) 2018 santoru
*
* This file is part of filewatcher.
*
* filewatcher is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* filewatcher is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with filewatcher. If not, see <http://www.gnu.org/licenses/>.
*
* filewatcher.c
*
* This is the main file of the program.
* It contains (obviously) the main function :)
*
*/
#include "lib/common.h"
#include "lib/optparse.h"
#include "lib/whitelist.h"
#include "lib/pipeconfig.h"
#include "lib/auditing.h"
#include "lib/tokens.h"
extern char* fileFilter;
extern char* processFilter;
extern bool verbose;
int main(int argc, char** argv) {
signal(SIGINT, shutDown);
output = OUT;
error = ERR;
debug = OFF;
banner();
if(!isRoot()) {
fprintf(output, "This software must be run as root.\n");
exit(1);
}
parseArguments(argc, argv);
auditFile = initPipe();
int i = 0;
while (true) {
i++;
struct auditEvent currentEvent;
currentEvent = getEvent(auditFile);
// Printing output
printEvent(currentEvent);
}
fclose(auditFile);
fprintf(output, "Exiting..\n");
}