通过truss命令trace问题 |
您所在的位置:网站首页 › truss命令 › 通过truss命令trace问题 |
truss这个工具可以帮助大家通过trace来发现和解决很多进程的问题,使用方法很简单,使用man truss我们就可以获得很多使用这个命令的帮助. 之前转帖过一位网友如何更改before login banner, 那么如何修改文件是怎么发现的呢? 首先需要了解一个参数-t,表示调用进程syscall的方式。如果了解-t后面接那些syscall参数呢? # truss -c ls > /dev/nullsyscall seconds calls errorsexecve .00 1getuidx .00 19getgidx .00 18_exit .00 1close .00 3kwrite .00 46klseek .00 2_getpid .00 1getdirent64 .00 4kioctl .00 2 2open .00 2statx .00 3loadquery .00 2__libc_sbrk .00 2sbrk .00 3vmgetinfo .00 1access .00 1kfcntl .00 11__loadx .00 29 ---- --- ---sys totals: .00 151 2usr time: .00elapsed: .00 这个我们在一个窗口通过telnet登陆到主机,执行相应的命令:truss -fa -t open -p `ps -ef | grep inetd | grep -v grep | awk '{print $2}'` 在另外一个窗口进行telnet,我们会发现执行truss命令的窗口会产生相应信息的 # truss -fa -t open -p `ps -ef | grep inetd | grep -v grep | awk '{print $2}'`200842: psargs: /usr/sbin/inetd221276: open("/usr/lib/security/methods.cfg", O_RDONLY) = 3221276: open("/etc/passwd", O_RDONLY) = 3221276: open("/etc/security/passwd", O_RDONLY) = 4221276: open("/etc/security/login.cfg.idx", O_RDONLY) Err#2 ENOENT221276: open("/etc/security/login.cfg", O_RDONLY) = 5221276: open("/etc/security/login.cfg", O_RDONLY) = 5221276: open("/etc/security/login.cfg", O_RDONLY) = 5221276: open("/etc/passwd.nm.idx", O_RDONLY) Err#2 ENOENT221276: open("/etc/passwd", O_RDONLY) = 5221276: open("/etc/passwd.id.idx", O_RDWR) Err#2 ENOENT221276: open("/etc/passwd", O_RDONLY) = 5221276: open("/usr/lib/security/methods.cfg", O_RDONLY) = 3221276: open("/etc/passwd.nm.idx", O_RDONLY) Err#2 ENOENT221276: open("/etc/passwd", O_RDONLY) = 3221276: open("/etc/passwd.id.idx", O_RDWR) Err#2 ENOENT221276: open("/etc/passwd", O_RDONLY) = 3221276: open("/etc/security/login.cfg.idx", O_RDONLY) Err#2 ENOENT221276: open("/etc/security/login.cfg", O_RDONLY) = 3221276: open("/etc/security/login.cfg", O_RDONLY) = 3221276: open("/etc/security/login.cfg", O_RDONLY) = 3221276: open("/etc/group", O_RDONLY) = 3221276: open("/etc/security/limits.idx", O_RDONLY) Err#2 ENOENT221276: open("/etc/security/limits", O_RDONLY) = 3221276: open("/etc/security/limits", O_RDONLY) = 3221276: open("/etc/security/limits", O_RDONLY) = 3221276: open("/etc/security/user.idx", O_RDONLY) Err#2 ENOENT221276: open("/etc/security/user", O_RDONLY) = 3221276: open("/etc/security/user", O_RDONLY) = 3221276: open("/etc/security/user", O_RDONLY) = 3221276: open("/etc/security/audit/config.idx", O_RDONLY) Err#2 ENOENT221276: open("/etc/security/audit/config", O_RDONLY) = 3221276: open("/etc/security/audit/config", O_RDONLY) = 3221276: open("/etc/security/group.idx", O_RDONLY) Err#2 ENOENT221276: open("/etc/security/group", O_RDONLY) = 3221276: open("/etc/security/group", O_RDONLY) = 3221276: open("/etc/security/group", O_RDONLY) = 3221276: open("/etc/passwd", O_RDONLY) = 3221276: open("/etc/security/passwd", O_RDONLY) = 4221276: open("/etc/security/passwd.idx", O_RDONLY) Err#2 ENOENT221276: open("/etc/security/passwd", O_RDONLY) = 5221276: open("/etc/security/passwd", O_RDONLY) = 5221276: open("/etc/objrepos/CuAt", O_RDONLY) = 3221276: open("/etc/objrepos/CuAt.vc", O_RDONLY) = 3221276: open("/etc/objrepos/CuAt", O_RDWR) = 3221276: open("/etc/objrepos/CuAt.vc", O_RDWR) = 4221276: open("/etc/objrepos/CuDv", O_RDONLY) = 3221276: open("/etc/objrepos/PdDv", O_RDONLY) = 3221276: open("/etc/objrepos/PdDv.vc", O_RDONLY) = 3221276: open("/etc/objrepos/CuDv", O_RDWR) = 3221276: open("/etc/objrepos/PdAt", O_RDONLY) = 3221276: open("/etc/objrepos/PdAt.vc", O_RDONLY) = 3221276: open("/etc/objrepos/PdAt", O_RDWR) = 3221276: open("/etc/objrepos/PdAt.vc", O_RDWR) = 4221276: open("/etc/resolv.conf", O_RDONLY) Err#2 ENOENT221276: open("/dev/ptc", O_RDWR) = 3221276: open("/etc/netsvc.conf", O_RDONLY) = 4221276: open("/etc/hesiod.conf", O_RDONLY) Err#2 ENOENT221276: open("/etc/irs.conf", O_RDONLY) Err#2 ENOENT221276: open("/etc/hosts", O_RDONLY) = 4221276: open("/etc/objrepos/config_lock", O_RDONLY|O_CREAT) = 4221276: open("/etc/objrepos/OCSvhost", O_RDONLY) Err#2 ENOENT221276: open("/dev/pts/5", O_RDWR|O_NOCTTY) = 4221276: open("/etc/telnet.conf", O_RDONLY) = 5221276: open("/etc/security/login.cfg", O_RDONLY) = 4221276: open("/usr/lib/nls/msg/en_US/telnetd.cat", O_RDONLY) = 4200842: (sleeping...)221276: (sleeping...) 我们看到了其中/etc/security/login.cfg文件 对于进程的跟踪基本上就是这样,非常简单。在实际工作中,可以举一反三。 |
今日新闻 |
推荐新闻 |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |