Saagar Jha (@saagar@saagarjha.com)

Bill Mill

08/04/2023 (replying to Bill Mill)

@b0rk it will show you file creation and removal, but not stat unfortunately

Bill Mill

08/04/2023 (replying to Bill Mill)

@b0rk oh I should have included that it gives you details on the events too, here's the python exec:

Bill Mill

08/04/2023 (replying to Bill Mill)

@b0rk If you disable SIP, you can use dtrace or dtruss like strace I think, I'm just not willing to do that to test it out at the moment - if you're interested I can dig into it ab it

1 replies →

1 replies

Julia Evans

08/04/2023 (replying to Bill Mill)

@llimllib yea i'm not willing to disable SIP either. whenever I ask about Mac spy tools like this I usually get answers like "oh yeah you can do X but I've never tried it” which makes me very suspicious about the actual utility of the Mac tools in practice :)

Saagar Jha

08/06/2023 (replying to Julia Evans)

@b0rk @llimllib I assure you that they are very helpful, but they are also somewhat difficult to wield :)

Bill Mill

08/04/2023 (replying to Bill Mill)

@b0rk process monitor and file monitor appear to do the same thing with the same os tools on the command line, but I haven't tried them out: https://objective-see.org/products/utilities.html#FileMonitor