Monitor and report or action file systems for specific files.
fscanary aims to be a replacement for some features of Microsoft's File Server Resource Manager (FSRM), particularly in detecting creation of specific files and notifying the system admin of those files.
For example, it is likely to be desirable to have an alert when a user saves and executable file to the company file server.
- Download from the Releases page
- Deploy
fscanaryto your preferred binary location (eg,/usr/local/bin/fscanaryor~/bin/fscanary) - Copy the sample configuration file to the appropriate location:
/etc/fscanary.confon Linux/usr/local/etc/fscanary.confon FreeBSDC:\fscanary.confon Windows
The default location of the config file is OS-specific and is shown in the
output of fscanary -help. It can be overridden with the -config command line
argument. For example:
fscanary -config /root/fscanary.conf
The configuration file is INI-style and has a global section for general configuration, then one or more sections to set up watches.
Example configuration file:
email = [email protected]
smtp_server = smarthost
smtp_from = [email protected]
logging = 1
[executables]
enabled = yes
path = /home
notify = yes
quarantine = yes
dest = /quarantined
pattern = *.exe
pattern = *.bat
pattern = *.js
pattern = *.bin
pattern = *.cmd
pattern = *.cpl
pattern = *.dll
pattern = *.lnk
pattern = *.ps1
pattern = *.scr
Pull requests welcomed! Please keep the following points in mind:
- One feature change/bug fix per pull request.
- Multiple minor changes such as spelling may be in a single PR.
- Documentation must be updated with the PR where the change warrants documentation changes.
- Check the TODO.md file for specific tasks that are outstanding.
- Phillip Smith - fukawi2
This project is licensed under the MIT License - see the LICENSE.md file for details