Tags:








Can You Lock/Watch your sysyem?
September 10, 2006 1:27 PM   RSS feed for this thread Subscribe

Is there anyway to boot your mac off a disk image? Or something that can be closely watched in terms of changes?

I want to be able to have my system inside a single (not necessarily compressed) file that I would be able to us diff on or something. I want to be able to track every change in my system folder very closely to see what has been installed on it. Perhaps there is a extension or utility that might do this without loading of a .dmg?
posted by Napierzaza to computers & internet (8 comments total)
The only way I'm aware of to boot from a disk image is to put the disk image on a Mac OS X server and boot over the network.

As for getting diffs of directory changes, why not just periodically do ls -alR /System >foo.txt and diff that? You could put it on a cron job.
posted by kindall at 1:41 PM on September 10, 2006


You could use a host based intrusion detection program to monitor files for any changes. Tripwire is what I'd use. Unsurprisingly, there is an OS X patch for it over here.
posted by crypticgeek at 1:43 PM on September 10, 2006


You could get the effect by creating a small partition on your hard disk to boot off. Make a disk image of the partition before and after and diff them.
posted by cillit bang at 1:58 PM on September 10, 2006


You might want to ask this on a more technical Mac forum. Spotlight has the ability to monitor all files on the disk for changes; that's how it's able to update itself live without visible performance loss. I think there is a method to hook into this facility with user programs, but I don't know what it is offhand.
posted by Malor at 3:40 PM on September 10, 2006


FSLogger? This uses the Spotlight hooks that Malor suggested. otherwise, the ls trick above would be good too.
posted by mrg at 3:59 PM on September 10, 2006


How about the mtree command? Check out this Macdevcenter article on it's use for detecting presence of rootkit files under OS X.
posted by jaimev at 5:26 PM on September 10, 2006


There's a shareware utility called Filebuddy that lets you take snapshots before and after a software install in order to see what was changed.
posted by machaus at 9:12 PM on September 10, 2006


Seconding tripwire. Been around forever, works well.
posted by flabdablet at 5:32 AM on September 11, 2006


« Older Men's Skincare Filter: the boy...   |   What to get a high maintenance... Newer »

You are not logged in, either login or create an account to post comments



Related Questions
How do I share a folder between users on a single... September 12, 2007
Recovering lost files on a mac deleted by... August 30, 2007
Stumped February 23, 2007
Mac OS /tmp folder February 2, 2006
A question about using Folder Action scripts in... March 31, 2004