Desde que eu precisei desse tipo de ferramenta para instaladores mal-intencionados e crapware, Eu escrevi:
crater
para avaliar o dano causado por qualquer software que se comporte mal.
#!/bin/sh
# shell script to search for files created or modified around
# a reference modified file (known impact on the file system)
# default time interval to search is 5 minutes
_cn='basename $0'
USAGE="Usage: ${_cn} impact_reference_file [delay_around_impact_in_minutes]"
case $# in
1|2)
_ref_file="$1"
;;
*)
echo "${USAGE}" >&2
exit 2
;;
esac
_ref_date='ls -ldT "${_ref_file}" | awk '{printf ("%s %2s %s %s\n", $6, $7, $8, $9)}''
_minutes=${2:-5}
_seconds='expr ${_minutes} \* 60'
_format="+%m/%d/%Y %H:%M:%S"
echo "\treference date:\t${_ref_date}"
# convert reference date in seconds since the epoch
# so as to make arithmetic on it
_ref_date_epoch='date -j -f "%b %e %T %Y" "${_ref_date}" "+%s"'
_beg_date_epoch='expr ${_ref_date_epoch} - ${_seconds}'
_end_date_epoch='expr ${_ref_date_epoch} + ${_seconds} + 1'
_log="/var/log/${_cn}_'date -r ${_ref_date_epoch} +%d-%m-%Y_%H:%M:%S'.log"
echo "\tlog: \t\t${_log}"
# convert back to the format for find
_beg_date='date -r ${_beg_date_epoch} "${_format}"'
_end_date='date -r ${_end_date_epoch} "${_format}"'
echo "\tbeginning time:\t${_beg_date}"
echo "\tending time:\t${_end_date}"
find / -xdev -newerct "${_beg_date}" ! -newerct "${_end_date}" -ls >${_log}
awk '{n++; s+=$7}END{printf ("\timpact:\t\t%d files\t\t%d bytes\n", n, s) }' ${_log}
Como instalá-lo:
- cole a fonte acima em
crater.sh
-
make crater
Como usar:
/usr/bin/sudo ./crater impact_reference_file delay_around_impact_in_minutes
Exemplo:
/usr/bin/sudo ./crater /Applications/Adobe\ Reader.app
Password:
reference date: Dec 29 16:11:56 2015
log: /var/log/crater_29-12-2015_16:11:56.log
beginning time: 12/29/2015 16:06:56
ending time: 12/29/2015 16:16:57
impact: 1518 files 298217339 bytes
Compatibilidade:
Testado no FreeBSD, MacOS X & Linux.