Re: Capturing System Calls

[tgarris () FRAMELOSS ORG (Todd Garrison)]

You can get *alot* of information in Linux from the /proc  filesystem...

(FreeBSD isn't quite as revealing. - I don't have any solaris around til
tommorow - can someone else see what a sun will give up?)

There was another utility that watches open file descriptors, but I
can't seem to remember what it was called (its damned useful too - works
just like ps)

for example here is named running on a RH6 machine I have

just cd into /proc/<process_id>/

example ala script :)

[root@digirati 22314]# ls -l
total 0
-r--r--r--   1 root     root            0 Jun 22 18:42 cmdline
lrwx------   1 root     root            0 Jun 22 18:42 cwd -> /var/named
-r--------   1 root     root            0 Jun 22 18:42 environ
lrwx------   1 root     root            0 Jun 22 18:42 exe ->
/usr/sbin/named
dr-x------   2 root     root            0 Jun 22 18:42 fd
pr--r--r--   1 root     root            0 Jun 22 18:42 maps
-rw-------   1 root     root            0 Jun 22 18:42 mem
lrwx------   1 root     root            0 Jun 22 18:42 root -> /
-r--r--r--   1 root     root            0 Jun 22 18:42 stat
-r--r--r--   1 root     root            0 Jun 22 18:42 statm
-r--r--r--   1 root     root            0 Jun 22 18:42 status
[root@digirati 22314]# more cmdline
/usr/sbin/named
[root@digirati 22314]# more environ
USERNAME=root^@ENV=/root/.bashrc^@HISTSIZE=1000^@HOSTNAME=digirati^@LOGNAME=root^@HISTFILESIZE=1000^@MAIL=/var/spool/mail/root^@TERM=xter
m^@HOSTTYPE=i386^@PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin/X11:/usr/X11R6/bin:/root/bin^@HOME=/root^@INPUTRC=/e
tc/inputrc^@SHELL=/bin/bash^@USER=root^@OSTYPE=Linux^@_=/usr/sbin/named^@SHLVL=2
[root@digirati 22314]# ls -l fd
total 0
lrwx------   1 root     root           64 Jun 22 18:42 0 -> /dev/null
lrwx------   1 root     root           64 Jun 22 18:42 1 -> /dev/null
lrwx------   1 root     root           64 Jun 22 18:42 2 -> /dev/null
lrwx------   1 root     root           64 Jun 22 18:42 20 ->
socket:[254824]
lrwx------   1 root     root           64 Jun 22 18:42 21 ->
socket:[254825]
lrwx------   1 root     root           64 Jun 22 18:42 22 ->
socket:[254826]
lrwx------   1 root     root           64 Jun 22 18:42 23 ->
socket:[254827]
lrwx------   1 root     root           64 Jun 22 18:42 24 ->
socket:[254828]
lrwx------   1 root     root           64 Jun 22 18:42 25 ->
socket:[254829]
lrwx------   1 root     root           64 Jun 22 18:42 26 ->
socket:[254830]
lrwx------   1 root     root           64 Jun 22 18:42 27 ->
socket:[254831]
lrwx------   1 root     root           64 Jun 22 18:42 28 ->
socket:[254832]
lrwx------   1 root     root           64 Jun 22 18:42 29 ->
socket:[254833]
lrwx------   1 root     root           64 Jun 22 18:42 3 ->
socket:[254817]
lrwx------   1 root     root           64 Jun 22 18:42 4 ->
socket:[254834]
lrwx------   1 root     root           64 Jun 22 18:42 5 ->
socket:[254820]
[root@digirati 22314]# more maps
08048000-080c1000 r-xp 00000000 03:01 143493     /usr/sbin/named
080c1000-080c6000 rw-p 00078000 03:01 143493     /usr/sbin/named
080c6000-08116000 rwxp 00000000 00:00 0
40000000-40012000 r-xp 00000000 03:01 30722      /lib/ld-2.1.1.so
40012000-40013000 rw-p 00011000 03:01 30722      /lib/ld-2.1.1.so
40013000-40014000 rwxp 00000000 00:00 0
40017000-400fd000 r-xp 00000000 03:01 30729      /lib/libc-2.1.1.so
400fd000-40102000 rw-p 000e5000 03:01 30729      /lib/libc-2.1.1.so
40102000-401a8000 rw-p 00000000 00:00 0
bfffb000-c0000000 rwxp ffffc000 00:00 0[root@digirati 22314]# more
status
Name:   named
State:  S (sleeping)
Pid:    22314
PPid:   1
Uid:    0       0       0       0
Gid:    0       0       0       0
FDSize: 32
Groups: 0 1 2 3 4 6 10
VmSize:     2528 kB
VmLck:         0 kB
VmRSS:      1536 kB
VmData:      988 kB
VmStk:        20 kB
VmExe:       484 kB
VmLib:       992 kB
SigPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000000000
SigCgt: 0000000009015a0b
CapInh: 00000000fffffeff
CapPrm: 00000000fffffeff
CapEff: 00000000fffffeff