# ampfsm

**Repository Path**: mirrors_cisco/ampfsm

## Basic Information

- **Project Name**: ampfsm
- **Description**: Cisco AMP Filesystem Module
- **Primary Language**: Unknown
- **License**: GPL-2.0
- **Default Branch**: main
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2020-08-08
- **Last Updated**: 2026-03-28

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

### Cisco AMP Filesystem Module (ampfsm.ko)

Russ Kubik

Craig Davison

### Description

This Linux kernel module monitors filesystem syscalls (rename) and sends these
events to user space.

### Supported kernels

This module has been tested on kernels 3.10 (as distributed in CentOS 7) through
4.14 (as distributed in Amazon Linux 2). This module requires jprobes, so kernel
version 4.15 and higher are not currently supported.

### Build the module

Build the module by running make:

```
$ make
```

### Install the kernel module

Install the kernel module:

```
$ sudo insmod ampfsm.ko
```

### Build the test client

Build the test client in the test_client directory
(requires libmnl - http://www.netfilter.org/projects/libmnl/):

```
$ cd test_client
$ make
```

### Run the test client

Run the test client as root:

```
$ sudo ./test_client -l debug -f rename
```