⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.144
Server IP:
157.245.143.252
Server:
Linux www 6.11.0-9-generic #9-Ubuntu SMP PREEMPT_DYNAMIC Mon Oct 14 13:19:59 UTC 2024 x86_64
Server Software:
nginx/1.26.0
PHP Version:
8.3.11
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
self
/
root
/
usr
/
share
/
doc
/
bpftrace
/
examples
/
View File Name :
execsnoop_example.txt
Demonstrations of execsnoop, the Linux BPF/bpftrace version. Tracing all new process execution (via exec()): # ./execsnoop.bt Attaching 3 probes... TIME PID PPID ARGS 08:57:52.430193 3187374 1971701 ls --color --color=auto -lh execsnoop.bt execsnoop.bt.0 execsnoop.bt.1 08:57:52.441868 3187378 3187375 man ls 08:57:52.473565 3187384 3187378 preconv -e UTF-8 08:57:52.473620 3187384 3187378 preconv -e UTF-8 08:57:52.473658 3187384 3187378 preconv -e UTF-8 08:57:52.473839 3187385 3187378 tbl 08:57:52.473897 3187385 3187378 tbl 08:57:52.473944 3187385 3187378 tbl 08:57:52.474055 3187386 3187378 nroff -mandoc -Tutf8 08:57:52.474107 3187386 3187378 nroff -mandoc -Tutf8 08:57:52.474145 3187386 3187378 nroff -mandoc -Tutf8 08:57:52.474684 3187388 3187378 less 08:57:52.474739 3187388 3187378 less 08:57:52.474780 3187388 3187378 less 08:57:52.475502 3187389 3187386 groff -Tutf8 -mtty-char -mandoc 08:57:52.476717 3187390 3187389 troff -mtty-char -mandoc -Tutf8 08:57:52.476811 3187391 3187389 grotty The output begins by showing an "ls" command, and then the process execution to serve "man ls". The same exec arguments appear multiple times: in this case they are failing as the $PATH variable is walked, until one finally succeeds. This tool can be used to discover unwanted short-lived processes that may be causing performance issues such as latency perturbations. There is another version of this tool in bcc: https://github.com/iovisor/bcc The bcc version provides more fields and command line options.