Wrapping char device monitor
I am working on a kind of forensic shim, another layer in file integrity monitoring.
Looking for a way to wrap or monitor a /dev/device character file for writes and logging what's being written to it.
As example, I have a system that has a loaded .ko that will write data to /dev/device special char file. I want to capture all the writes to the device.
Suggestions?
|