If your curious what programs are attempting to read your Linux webcam then it’s possible to use the auditctl
and ausearch
tools to see what process is using the webcam.
First install the auditd
package:
sudo apt-get install auditd
Then run auditctl
to start monitoring the /dev/video0
device for access:
sudo /sbin/auditctl -w /dev/video0 -p war
Then after a little while use the ausearch
tool to see which processes have tried to access /dev/video0
:
sudo /sbin/ausearch -f /dev/video0
The results will look something like this:
time->Sat Feb 1 17:50:29 2020 type=PROCTITLE msg=audit(1580543429.661:123): proctitle=63617400234 type=PATH msg=audit(1580543429.661:123): item=0 name="/dev/video0" inode=3413842 dev=fd:00 mode=0100664 ouid=1000 ogid=1001 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(1580543429.661:123): cwd="/home/dtbaker" type=SYSCALL msg=audit(1580543429.661:123): arch=c000003e syscall=257 success=yes exit=3 a0=ffffff9c a1=7ffc0b5422d6 a2=0 a3=0 items=1 ppid=8910 pid=10436 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts8 ses=173 comm="cat" exe="/usr/bin/cat" key=(null)
This shows that the command cat
was used to try access /dev/video0
😀