search for: opensnoop

...c WINDOM\nicola.mingotti:*:11103:10513:Nicola Mingotti:/home/WINDOM-nicola.mingotti:/bin/bash === WHAT I TRIED ==== 1] I tried to get out from the domain and in again => not working foo at core1> sudo net ads leave -U XXX foo at core1> suod net ads join -U XXX 2] I tried to inspect with opensnoop what getent is looking at $> sudo opensnoop-bpfcc I saw some systemd got involved so i changed nsswitch.conf like this and reboot ---- /etc/nsswitch.conf ------ passwd:???????? files winbind??? # before has also systemd group:????????? files winbind??? # before had also systemd shadow:????????...

...f these seem to be pulling in LLVM version 7, rather than the version 8 that is in 8.1.1911: [root at localhost ~]# bpftrace bpftrace: error while loading shared libraries: libclangFrontend.so.7: cannot open shared object file: No such file or directory [root at localhost ~]# /usr/share/bcc/tools/opensnoop Traceback (most recent call last): File "/usr/share/bcc/tools/opensnoop", line 19, in <module> from bcc import ArgString, BPF File "/usr/lib/python3.6/site-packages/bcc/__init__.py", line 27, in <module> from .libbcc import lib, bcc_symbol, bcc_symbol_op...

I tried some of the scripts in the toolkit (opensnoop, execsnoop, dtruss), and I keep seeing errors like this: dtrace: error on enabled probe ID 3 (ID 113: syscall::exece:return): invalid kernel access in action #5 at DIF offset 0 Anyone know what could be the problem? TIA This message posted from opensolaris.org

Dear dtrace Experts, I have seen some dtrace utilities like opensnoop and execsnoop etc. My interest is to write a simple script that can snoop the files which uses the 3 syscalls like open,create,unlink. I have gone through dtrace oneliners that can do the same : dtrace -n ''syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0))...

G''Day Folks, I''ve rewritten execsnoop, opensnoop and shellsnoop so that they are wrapped in the Bourne shell to provide command line options (they have all lost their ".d" extensions, but the old versions are still online). They are rather more meaningful tools now. (Eg, I can run shellsnoop with "-qp PID" with the PID of a s...

...re's a load of output which I hope could help identify the cause(s) of this behaviour if anyone's interested. I ran a dtrace script against the sshd processes on the machine and noticed one reading & writing as I pasted in a large quantity of text to a file (/tmp/sshd.test_test): # ./opensnoop -n sshd UID PID CMD D BYTES FILE 12962 9649 sshd R 1056 <unknown> 12962 9649 sshd W 1022 /devices/pseudo/clone at 0:ptm 12962 9649 sshd R 480 <unknown> 12962 9649 sshd W 386 /devices/pseudo/clone at 0:ptm 12962 9649...