One Hat Cyber Team

Your IP: 216.73.216.144
Server IP: 157.245.143.252
Server: Linux www 6.11.0-9-generic #9-Ubuntu SMP PREEMPT_DYNAMIC Mon Oct 14 13:19:59 UTC 2024 x86_64
Server Software: nginx/1.26.0
PHP Version: 8.3.11
Buat File | Buat Folder

Dir : ~/sbin/

View File Name : pidpersec-bpfcc

#! /usr/bin/python3
# @lint-avoid-python-3-compatibility-imports
#
# pidpersec Count new processes (via fork).
#           For Linux, uses BCC, eBPF. See .c file.
#
# USAGE: pidpersec
#
# Written as a basic example of counting an event.
#
# Copyright (c) 2015 Brendan Gregg.
# Licensed under the Apache License, Version 2.0 (the "License")
#
# 11-Aug-2015   Brendan Gregg   Created this.

from bcc import BPF
from ctypes import c_int
from time import sleep, strftime

# load BPF program
b = BPF(text="""
#include <uapi/linux/ptrace.h>

enum stat_types {
    S_COUNT = 1,
    S_MAXSTAT
};

BPF_ARRAY(stats, u64, S_MAXSTAT);

static void stats_increment(int key) {
    stats.atomic_increment(key);
}

void do_count(struct pt_regs *ctx) { stats_increment(S_COUNT); }
""")
b.attach_kprobe(event="sched_fork", fn_name="do_count")

# stat indexes
S_COUNT = c_int(1)

# header
print("Tracing... Ctrl-C to end.")

# output
while (1):
    try:
        sleep(1)
    except KeyboardInterrupt:
        exit()

    print("%s: PIDs/sec: %d" % (strftime("%H:%M:%S"),
        b["stats"][S_COUNT].value))
    b["stats"].clear()