![]() The myFolderWatch function starts off by declaring some local variables. The ‘aMode’ parameter is either “w” for write(over) or “a” for write(append). The first function, ‘writeStringToFileWithMode’ is just a convenience function. "/Library/LaunchAgents/", myFolderWatch):start() ![]() Local aWatcher = hs.pathwatcher.new(os.getenv("HOME"). Hs.alert.show("Launch Agents folder was modified.") WriteStringToFileWithMode(str, this_path, "a") Local str = "Launch Agents folder was modified on ". A code walkthrough follows.įunction writeStringToFileWithMode(aString, aPath, aMode) Here’s the code, also available from my pastebin here. Although there are, of course, many legitimate reasons for apps placing items in here, this folder is prime real estate for attackers as it is one of the locations that can launch processes at log in time without the user’s interaction (or knowledge). In this example, the folder being watched is ~/Library/LaunchAgents since we want to be aware of any adware, malware or other unsavoury processes being surreptitiously added by, for example, apps we download from the internet. This way, even if you miss the alert, you’ll always have a record of what files have been added, deleted or modified in your watched folder. The write is an append: if the file doesn’t exist it will create it before writing if it does exist, it will append the latest changes and date to the file. In this updated function, it now also writes a list of the file changes to a (by default) file on the Desktop. The problem with the simple alert I demonstrated last time is that it only hangs around for a second or two (much less than a Folder Action alert, which takes a couple of minutes to time out). For anyone using Hammerspoon and folder ‘watchers’ to alert them to changes to a given folder, I’ve updated the watcher function I wrote about here
0 Comments
Leave a Reply. |