Wrapping char device monitor
by Linux_Kidd from LinuxQuestions.org on (#6KA6V)
I am working on a kind of forensic shim, another layer in file integrity monitoring.
Looking for a way to wrap or monitor a /dev/device character file for writes and logging what's being written to it.
As example, I have a system that has a loaded .ko that will write data to /dev/device special char file. I want to capture all the writes to the device.
Suggestions?
Looking for a way to wrap or monitor a /dev/device character file for writes and logging what's being written to it.
As example, I have a system that has a loaded .ko that will write data to /dev/device special char file. I want to capture all the writes to the device.
Suggestions?