设为首页收藏本站
开启辅助访问

通过truss命令trace问题

 您所在的位置:网站首页 truss命令 通过truss命令trace问题

通过truss命令trace问题

2024-02-08 03:05| 来源: 网络整理| 查看: 265

truss这个工具可以帮助大家通过trace来发现和解决很多进程的问题,使用方法很简单,使用man truss我们就可以获得很多使用这个命令的帮助. 之前转帖过一位网友如何更改before login banner, 那么如何修改文件是怎么发现的呢?

首先需要了解一个参数-t,表示调用进程syscall的方式。如果了解-t后面接那些syscall参数呢?

# truss -c ls > /dev/nullsyscall               seconds   calls  errorsexecve                    .00       1getuidx                   .00      19getgidx                   .00      18_exit                     .00       1close                     .00       3kwrite                    .00      46klseek                    .00       2_getpid                   .00       1getdirent64               .00       4kioctl                    .00       2      2open                      .00       2statx                     .00       3loadquery                 .00       2__libc_sbrk               .00       2sbrk                      .00       3vmgetinfo                 .00       1access                    .00       1kfcntl                    .00      11__loadx                   .00      29                         ----     ---    ---sys totals:               .00     151      2usr time:                 .00elapsed:                  .00

这个我们在一个窗口通过telnet登陆到主机,执行相应的命令:truss -fa -t open -p `ps -ef | grep inetd | grep -v grep | awk '{print $2}'`

在另外一个窗口进行telnet,我们会发现执行truss命令的窗口会产生相应信息的

# truss -fa -t open -p `ps -ef | grep inetd | grep -v grep | awk '{print $2}'`200842: psargs: /usr/sbin/inetd221276: open("/usr/lib/security/methods.cfg", O_RDONLY) = 3221276: open("/etc/passwd", O_RDONLY)                   = 3221276: open("/etc/security/passwd", O_RDONLY)          = 4221276: open("/etc/security/login.cfg.idx", O_RDONLY)   Err#2  ENOENT221276: open("/etc/security/login.cfg", O_RDONLY)       = 5221276: open("/etc/security/login.cfg", O_RDONLY)       = 5221276: open("/etc/security/login.cfg", O_RDONLY)       = 5221276: open("/etc/passwd.nm.idx", O_RDONLY)            Err#2  ENOENT221276: open("/etc/passwd", O_RDONLY)                   = 5221276: open("/etc/passwd.id.idx", O_RDWR)              Err#2  ENOENT221276: open("/etc/passwd", O_RDONLY)                   = 5221276: open("/usr/lib/security/methods.cfg", O_RDONLY) = 3221276: open("/etc/passwd.nm.idx", O_RDONLY)            Err#2  ENOENT221276: open("/etc/passwd", O_RDONLY)                   = 3221276: open("/etc/passwd.id.idx", O_RDWR)              Err#2  ENOENT221276: open("/etc/passwd", O_RDONLY)                   = 3221276: open("/etc/security/login.cfg.idx", O_RDONLY)   Err#2  ENOENT221276: open("/etc/security/login.cfg", O_RDONLY)       = 3221276: open("/etc/security/login.cfg", O_RDONLY)       = 3221276: open("/etc/security/login.cfg", O_RDONLY)       = 3221276: open("/etc/group", O_RDONLY)                    = 3221276: open("/etc/security/limits.idx", O_RDONLY)      Err#2  ENOENT221276: open("/etc/security/limits", O_RDONLY)          = 3221276: open("/etc/security/limits", O_RDONLY)          = 3221276: open("/etc/security/limits", O_RDONLY)          = 3221276: open("/etc/security/user.idx", O_RDONLY)        Err#2  ENOENT221276: open("/etc/security/user", O_RDONLY)            = 3221276: open("/etc/security/user", O_RDONLY)            = 3221276: open("/etc/security/user", O_RDONLY)            = 3221276: open("/etc/security/audit/config.idx", O_RDONLY) Err#2  ENOENT221276: open("/etc/security/audit/config", O_RDONLY)    = 3221276: open("/etc/security/audit/config", O_RDONLY)    = 3221276: open("/etc/security/group.idx", O_RDONLY)       Err#2  ENOENT221276: open("/etc/security/group", O_RDONLY)           = 3221276: open("/etc/security/group", O_RDONLY)           = 3221276: open("/etc/security/group", O_RDONLY)           = 3221276: open("/etc/passwd", O_RDONLY)                   = 3221276: open("/etc/security/passwd", O_RDONLY)          = 4221276: open("/etc/security/passwd.idx", O_RDONLY)      Err#2  ENOENT221276: open("/etc/security/passwd", O_RDONLY)          = 5221276: open("/etc/security/passwd", O_RDONLY)          = 5221276: open("/etc/objrepos/CuAt", O_RDONLY)            = 3221276: open("/etc/objrepos/CuAt.vc", O_RDONLY)         = 3221276: open("/etc/objrepos/CuAt", O_RDWR)              = 3221276: open("/etc/objrepos/CuAt.vc", O_RDWR)           = 4221276: open("/etc/objrepos/CuDv", O_RDONLY)            = 3221276: open("/etc/objrepos/PdDv", O_RDONLY)            = 3221276: open("/etc/objrepos/PdDv.vc", O_RDONLY)         = 3221276: open("/etc/objrepos/CuDv", O_RDWR)              = 3221276: open("/etc/objrepos/PdAt", O_RDONLY)            = 3221276: open("/etc/objrepos/PdAt.vc", O_RDONLY)         = 3221276: open("/etc/objrepos/PdAt", O_RDWR)              = 3221276: open("/etc/objrepos/PdAt.vc", O_RDWR)           = 4221276: open("/etc/resolv.conf", O_RDONLY)              Err#2  ENOENT221276: open("/dev/ptc", O_RDWR)                        = 3221276: open("/etc/netsvc.conf", O_RDONLY)              = 4221276: open("/etc/hesiod.conf", O_RDONLY)              Err#2  ENOENT221276: open("/etc/irs.conf", O_RDONLY)                 Err#2  ENOENT221276: open("/etc/hosts", O_RDONLY)                    = 4221276: open("/etc/objrepos/config_lock", O_RDONLY|O_CREAT) = 4221276: open("/etc/objrepos/OCSvhost", O_RDONLY)        Err#2  ENOENT221276: open("/dev/pts/5", O_RDWR|O_NOCTTY)             = 4221276: open("/etc/telnet.conf", O_RDONLY)              = 5221276: open("/etc/security/login.cfg", O_RDONLY)       = 4221276: open("/usr/lib/nls/msg/en_US/telnetd.cat", O_RDONLY) = 4200842:                                 (sleeping...)221276:                                 (sleeping...)

我们看到了其中/etc/security/login.cfg文件

对于进程的跟踪基本上就是这样,非常简单。在实际工作中,可以举一反三。



【本文地址】


今日新闻

推荐新闻

CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3