LIFL, or its full name, Linux Filesystem Logger, is a new, rewritten version of loggedfs, a filesystem activities logging daemon, based on FUSE.
LIFL logs any file system call inside a given directory-path, in details.
To describe the prosject I will summarise the functionality of the program in a list:
Fully configurable with On/Off switches for performance.
Remote logging with MySQL.
Logging of lstat, access, readlink, readdir, mknod, mkdir, unlink, rmdir, symlink, rename, link, chmod, chown, truncate, utimens, open, read, write, statfs, fallocate, setxattr, getxattr, listxattr and removexattr.
SQL provides flexibility to represent the log data.
Logs system error messages.
Monitor write calls and log a copy of the write buffer with options to target the command, effective user id and write sizes of the write calls.
Logging of time, hostname, user id, group id, username and groupname.
Logging of TTY, login time and remote host.
Logging command, arguments, process id, parent process command and parent process id.
And file, path, file protection, file owner and group.
This project need some big testing. I think I will set up a honeypot to see if the program has the expected behavior, and to see if I am able to find some valuable results.
(If so I will come back with another post about that.)
See Github page.
When I changed platform from Linux to Mac, some of my Linux software where unavailable. The most important app I lost was Tomboy Notes. It had all the things I needed to write down. After looking for a working version on OSX, I decided I had to export. Both the Linux and the Windows port where lacking working functionality to export to a more readable format. I tried the different plugins for a way to export, but I could not get them working. I tried to export the data with libXML, but libXML did not recognize the data as valid xml data.
Ok. I needed the data and I wanted cleartext files, so I made my own Tomboy XML data extractor.
This utility takes data from Tomboy application data folder and outputs the data to cleartext files. If there is multiple revisions of a Tomboy note, only the newest is stored.
This process of trying to get the data into cleartext was annoying. I guess others might have had the same problem, so I wrote this post and made the utility public.
Sourcecode here: ohboy.c ohboy.h ohboy.readme
I made a mess of my photos. About 9000 originals stored as many as three times in the Pictures folder on my Mac.
So I started to write my own code for finding duplicate files.
This code will inspect the file’s content, not match with filename and size. It ran unbelivable fast. 9000 photos scanned and compared in only a few seconds.
Job done. 🙂
Compilation should be straight forward.
You will find the files here and here and readme.