Track the evolution of operating systems over time
OSWatcher is an ambitious project that aims to track the evolution of operating
systems by making diffs between recognizable characteristics.
The core of OSWatcher is to build a reference database about every OS
releases, that is to be populated by an extractor in charge of capturing the
various information that can be extracted from an installed operating system, both online
and offline, in a reproducible way.
Offline:
- filesystem hierarchy
- setuid binaries
- executable properties
- library graph dependencies
- statistics around
perl/sh/pythonscripts - syscall tables
- kernel configuration
- cronjobs
/etcconfiguration
Online:
- IDLE memory consumption
- default processes running
- mapped libraries
- listening ports and associated services
- DNS requests sent
- unix sockets
- dbus traffic
- iptables rules
- loaded drivers
Dockerlibguestfspython3virtualenv
virtualenv --system-site-packages -p python3 venv
source venv/bin/activate
pip install -r requirements.txt
Note: We have to use --system-site-packages because libguestfs is not
available on pip.
OSWatcher's data is stored on a neo4j database.
Follow the instructions in the db directory to run a it inside a docker
container.
(venv) $ python -m oswatcher.capture <vm_name> hooks.json
Example: 
Access Neo4j web interface at http://localhost:7474 
MATCH(n)
RETURN(n)
LIMIT 300;
If libguestfs fails to initialize, you can use the libguestfs-test-tool to
quickly understand the root cause of the failure.
PRs accepted.
Small note: If editing the Readme, please conform to the standard-readme specification.