-
March 5th, 2008, 10:41 PM
#1
Some nice new tools
Thought i would post about some new tools in 10.5 which can be very useful when looking into odd processes etc.
They are basically pre-built dtrace command line tools.
They are called:
/usr/bin/execsnoop
/usr/bin/opensnoop
/usr/bin/iosnoop
/usr/bin/rwsnoop
Between these you can monitor file opens, file reads and write, process I/O and process executions for all processes on the system.
You have to run them as root as they require to hook into the dtrace area in the kernel.
Using these is far easier than having to write a dtrace program yourself and trying to figure out which of the 30000 odd probes you need to use.
Similar Threads
-
By hardcode121 in forum Newbie Security Questions
Replies: 2
Last Post: November 3rd, 2005, 08:45 AM
-
By warriorfan808 in forum General Computer Discussions
Replies: 5
Last Post: September 22nd, 2005, 05:17 AM
-
By th3>kLuTz in forum Product / Book / Training / Conference Reviews
Replies: 6
Last Post: May 25th, 2004, 09:15 PM
-
By Cybr1d in forum Network Security Discussions
Replies: 3
Last Post: March 5th, 2004, 06:29 AM
-
By Shrekkie in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: May 7th, 2003, 06:23 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|