- file operation monitoring
- process creation monitoring
- dynamic library and kernel extension monitoring
- network traffic monitoring
- Mandatory Access Control (MAC) policy monitoring, etc.
In addition, Kemon project can also extend the Pre and Post callback-based monitoring interfaces for any macOS kernel function.
How to build the Kemon driver
Please use Xcode project or makefile to build the Kemon kext driver
How to use the Kemon driver
- Please turn off macOS System Integrity Protection (SIP) check if you don’t have a valid kernel certificate
- Use the command “sudo chown -R root:wheel kemon.kext” to change the owner of the Kemon driver
- Use the command “sudo kextload kemon.kext” to install the Kemon driver
- Use the command “sudo kextunload kemon.kext” to uninstall the Kemon driver