通過truss命令trace問題
truss這個工具可以幫助大家通過trace來發現和解決很多程式的問題,使用方法很簡單,使用man truss我們就可以獲得很多使用這個命令的幫助. 之前轉帖過一位網友如何更改before login banner, 那麼如何修改檔案是怎麼發現的呢?
首先需要了解一個引數-t,表示呼叫程式syscall的方式。如果瞭解-t後面接那些syscall引數呢?
# truss -c ls > /dev/null
syscall seconds calls errors
execve .00 1
getuidx .00 19
getgidx .00 18
_exit .00 1
close .00 3
kwrite .00 46
klseek .00 2
_getpid .00 1
getdirent64 .00 4
kioctl .00 2 2
open .00 2
statx .00 3
loadquery .00 2
__libc_sbrk .00 2
sbrk .00 3
vmgetinfo .00 1
access .00 1
kfcntl .00 11
__loadx .00 29
---- --- ---
sys totals: .00 151 2
usr time: .00
elapsed: .00
這個我們在一個視窗通過telnet登陸到主機,執行相應的命令:truss -fa -t open -p `ps -ef | grep inetd | grep -v grep | awk '{print $2}'`
在另外一個視窗進行telnet,我們會發現執行truss命令的視窗會產生相應資訊的
# truss -fa -t open -p `ps -ef | grep inetd | grep -v grep | awk '{print $2}'`
200842: psargs: /usr/sbin/inetd
221276: open("/usr/lib/security/methods.cfg", O_RDONLY) = 3
221276: open("/etc/passwd", O_RDONLY) = 3
221276: open("/etc/security/passwd", O_RDONLY) = 4
221276: open("/etc/security/login.cfg.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/login.cfg", O_RDONLY) = 5
221276: open("/etc/security/login.cfg", O_RDONLY) = 5
221276: open("/etc/security/login.cfg", O_RDONLY) = 5
221276: open("/etc/passwd.nm.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/passwd", O_RDONLY) = 5
221276: open("/etc/passwd.id.idx", O_RDWR) Err#2 ENOENT
221276: open("/etc/passwd", O_RDONLY) = 5
221276: open("/usr/lib/security/methods.cfg", O_RDONLY) = 3
221276: open("/etc/passwd.nm.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/passwd", O_RDONLY) = 3
221276: open("/etc/passwd.id.idx", O_RDWR) Err#2 ENOENT
221276: open("/etc/passwd", O_RDONLY) = 3
221276: open("/etc/security/login.cfg.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/login.cfg", O_RDONLY) = 3
221276: open("/etc/security/login.cfg", O_RDONLY) = 3
221276: open("/etc/security/login.cfg", O_RDONLY) = 3
221276: open("/etc/group", O_RDONLY) = 3
221276: open("/etc/security/limits.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/limits", O_RDONLY) = 3
221276: open("/etc/security/limits", O_RDONLY) = 3
221276: open("/etc/security/limits", O_RDONLY) = 3
221276: open("/etc/security/user.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/user", O_RDONLY) = 3
221276: open("/etc/security/user", O_RDONLY) = 3
221276: open("/etc/security/user", O_RDONLY) = 3
221276: open("/etc/security/audit/config.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/audit/config", O_RDONLY) = 3
221276: open("/etc/security/audit/config", O_RDONLY) = 3
221276: open("/etc/security/group.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/group", O_RDONLY) = 3
221276: open("/etc/security/group", O_RDONLY) = 3
221276: open("/etc/security/group", O_RDONLY) = 3
221276: open("/etc/passwd", O_RDONLY) = 3
221276: open("/etc/security/passwd", O_RDONLY) = 4
221276: open("/etc/security/passwd.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/passwd", O_RDONLY) = 5
221276: open("/etc/security/passwd", O_RDONLY) = 5
221276: open("/etc/objrepos/CuAt", O_RDONLY) = 3
221276: open("/etc/objrepos/CuAt.vc", O_RDONLY) = 3
221276: open("/etc/objrepos/CuAt", O_RDWR) = 3
221276: open("/etc/objrepos/CuAt.vc", O_RDWR) = 4
221276: open("/etc/objrepos/CuDv", O_RDONLY) = 3
221276: open("/etc/objrepos/PdDv", O_RDONLY) = 3
221276: open("/etc/objrepos/PdDv.vc", O_RDONLY) = 3
221276: open("/etc/objrepos/CuDv", O_RDWR) = 3
221276: open("/etc/objrepos/PdAt", O_RDONLY) = 3
221276: open("/etc/objrepos/PdAt.vc", O_RDONLY) = 3
221276: open("/etc/objrepos/PdAt", O_RDWR) = 3
221276: open("/etc/objrepos/PdAt.vc", O_RDWR) = 4
221276: open("/etc/resolv.conf", O_RDONLY) Err#2 ENOENT
221276: open("/dev/ptc", O_RDWR) = 3
221276: open("/etc/netsvc.conf", O_RDONLY) = 4
221276: open("/etc/hesiod.conf", O_RDONLY) Err#2 ENOENT
221276: open("/etc/irs.conf", O_RDONLY) Err#2 ENOENT
221276: open("/etc/hosts", O_RDONLY) = 4
221276: open("/etc/objrepos/config_lock", O_RDONLY|O_CREAT) = 4
221276: open("/etc/objrepos/OCSvhost", O_RDONLY) Err#2 ENOENT
221276: open("/dev/pts/5", O_RDWR|O_NOCTTY) = 4
221276: open("/etc/telnet.conf", O_RDONLY) = 5
221276: open("/etc/security/login.cfg", O_RDONLY) = 4
221276: open("/usr/lib/nls/msg/en_US/telnetd.cat", O_RDONLY) = 4
200842: (sleeping...)
221276: (sleeping...)
我們看到了其中/etc/security/login.cfg檔案
對於程式的跟蹤基本上就是這樣,非常簡單。在實際工作中,可以舉一反三。
首先需要了解一個引數-t,表示呼叫程式syscall的方式。如果瞭解-t後面接那些syscall引數呢?
# truss -c ls > /dev/null
syscall seconds calls errors
execve .00 1
getuidx .00 19
getgidx .00 18
_exit .00 1
close .00 3
kwrite .00 46
klseek .00 2
_getpid .00 1
getdirent64 .00 4
kioctl .00 2 2
open .00 2
statx .00 3
loadquery .00 2
__libc_sbrk .00 2
sbrk .00 3
vmgetinfo .00 1
access .00 1
kfcntl .00 11
__loadx .00 29
---- --- ---
sys totals: .00 151 2
usr time: .00
elapsed: .00
這個我們在一個視窗通過telnet登陸到主機,執行相應的命令:truss -fa -t open -p `ps -ef | grep inetd | grep -v grep | awk '{print $2}'`
在另外一個視窗進行telnet,我們會發現執行truss命令的視窗會產生相應資訊的
# truss -fa -t open -p `ps -ef | grep inetd | grep -v grep | awk '{print $2}'`
200842: psargs: /usr/sbin/inetd
221276: open("/usr/lib/security/methods.cfg", O_RDONLY) = 3
221276: open("/etc/passwd", O_RDONLY) = 3
221276: open("/etc/security/passwd", O_RDONLY) = 4
221276: open("/etc/security/login.cfg.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/login.cfg", O_RDONLY) = 5
221276: open("/etc/security/login.cfg", O_RDONLY) = 5
221276: open("/etc/security/login.cfg", O_RDONLY) = 5
221276: open("/etc/passwd.nm.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/passwd", O_RDONLY) = 5
221276: open("/etc/passwd.id.idx", O_RDWR) Err#2 ENOENT
221276: open("/etc/passwd", O_RDONLY) = 5
221276: open("/usr/lib/security/methods.cfg", O_RDONLY) = 3
221276: open("/etc/passwd.nm.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/passwd", O_RDONLY) = 3
221276: open("/etc/passwd.id.idx", O_RDWR) Err#2 ENOENT
221276: open("/etc/passwd", O_RDONLY) = 3
221276: open("/etc/security/login.cfg.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/login.cfg", O_RDONLY) = 3
221276: open("/etc/security/login.cfg", O_RDONLY) = 3
221276: open("/etc/security/login.cfg", O_RDONLY) = 3
221276: open("/etc/group", O_RDONLY) = 3
221276: open("/etc/security/limits.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/limits", O_RDONLY) = 3
221276: open("/etc/security/limits", O_RDONLY) = 3
221276: open("/etc/security/limits", O_RDONLY) = 3
221276: open("/etc/security/user.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/user", O_RDONLY) = 3
221276: open("/etc/security/user", O_RDONLY) = 3
221276: open("/etc/security/user", O_RDONLY) = 3
221276: open("/etc/security/audit/config.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/audit/config", O_RDONLY) = 3
221276: open("/etc/security/audit/config", O_RDONLY) = 3
221276: open("/etc/security/group.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/group", O_RDONLY) = 3
221276: open("/etc/security/group", O_RDONLY) = 3
221276: open("/etc/security/group", O_RDONLY) = 3
221276: open("/etc/passwd", O_RDONLY) = 3
221276: open("/etc/security/passwd", O_RDONLY) = 4
221276: open("/etc/security/passwd.idx", O_RDONLY) Err#2 ENOENT
221276: open("/etc/security/passwd", O_RDONLY) = 5
221276: open("/etc/security/passwd", O_RDONLY) = 5
221276: open("/etc/objrepos/CuAt", O_RDONLY) = 3
221276: open("/etc/objrepos/CuAt.vc", O_RDONLY) = 3
221276: open("/etc/objrepos/CuAt", O_RDWR) = 3
221276: open("/etc/objrepos/CuAt.vc", O_RDWR) = 4
221276: open("/etc/objrepos/CuDv", O_RDONLY) = 3
221276: open("/etc/objrepos/PdDv", O_RDONLY) = 3
221276: open("/etc/objrepos/PdDv.vc", O_RDONLY) = 3
221276: open("/etc/objrepos/CuDv", O_RDWR) = 3
221276: open("/etc/objrepos/PdAt", O_RDONLY) = 3
221276: open("/etc/objrepos/PdAt.vc", O_RDONLY) = 3
221276: open("/etc/objrepos/PdAt", O_RDWR) = 3
221276: open("/etc/objrepos/PdAt.vc", O_RDWR) = 4
221276: open("/etc/resolv.conf", O_RDONLY) Err#2 ENOENT
221276: open("/dev/ptc", O_RDWR) = 3
221276: open("/etc/netsvc.conf", O_RDONLY) = 4
221276: open("/etc/hesiod.conf", O_RDONLY) Err#2 ENOENT
221276: open("/etc/irs.conf", O_RDONLY) Err#2 ENOENT
221276: open("/etc/hosts", O_RDONLY) = 4
221276: open("/etc/objrepos/config_lock", O_RDONLY|O_CREAT) = 4
221276: open("/etc/objrepos/OCSvhost", O_RDONLY) Err#2 ENOENT
221276: open("/dev/pts/5", O_RDWR|O_NOCTTY) = 4
221276: open("/etc/telnet.conf", O_RDONLY) = 5
221276: open("/etc/security/login.cfg", O_RDONLY) = 4
221276: open("/usr/lib/nls/msg/en_US/telnetd.cat", O_RDONLY) = 4
200842: (sleeping...)
221276: (sleeping...)
我們看到了其中/etc/security/login.cfg檔案
對於程式的跟蹤基本上就是這樣,非常簡單。在實際工作中,可以舉一反三。
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/12361284/viewspace-365975/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 【TRACE】如果通過10046跟蹤資料庫效能問題資料庫
- Trace檔案過量生成問題解決
- 使用truss、strace或ltrace診斷軟體問題
- Oracle Trace檔案過量生成問題解決Oracle
- 通過addm分析io問題
- 【TRACE】SQL*Net trace 通過windows客戶端設定,你不得不防SQLWindows客戶端
- 通過trace檔案重新建立控制檔案
- 通過關閉trace再次產生日誌檔案
- 通過sql trace比較常規 not in 、minus、not exists效率SQL
- solaris11使用truss解決系統命令hang住
- 通過幾個問題深入淺出VueVue
- 通過Observable解決搜尋框問題
- 通過 sysprocesses 解決Sql死鎖問題SQL
- 通過註解完美解決混淆問題
- 使用 grpcurl 通過命令列訪問 gRPC 服務RPC命令列
- 通過shell指令碼快速定位active session問題指令碼Session
- alter database backup controlfile to trace的問題Database
- postgres_fdw 無法通過域名 訪問外部表問題
- 解決Mysql中只能通過localhost登陸不能通過ip登陸的問題MySqllocalhost
- 通過命令curl 操作ElasticSearch指南Elasticsearch
- 通過git bisect快速定位大型工程中的問題Git
- eclipse(4.9)通過代理更新軟體的問題!Eclipse
- Dbutils的QueryRunner無法通過中文查詢問題
- 集合框架-通過Object轉型問題引入泛型框架Object泛型
- Android 通過httpclient 呼叫碰到的問題總結AndroidHTTPclient
- [BUG反饋]新增模組無法通過URL訪問的問題
- 06、MySQL Case-通過optimizer_trace看優化器行為MySql優化
- 通過例項學習 tcpdump 命令TCP
- Maven通過命令建立web專案MavenWeb
- 通過幾個問題深入分析Vue中的keyVue
- vue通過url下載檔案,直接預覽問題Vue
- SpringBoot中通過CORS解決跨域問題Spring BootCORS跨域
- 通過oracle類比MySQL中的位元組字元問題OracleMySql字元
- 運用Log和Trace檔案排除Oracle Net問題Oracle
- 控制檔案全部丟失,無備份,通過異機trace恢復
- 使用emca命令列配置EM並通過瀏覽器訪問EM示例命令列瀏覽器
- windows 通過cmd命令(netsh wlan命令)連線wifiWindowsWiFi
- 解決tomcat伺服器下,只能通過localhost,而不能通過127.0.0.1或者本地ip地址訪問的問題Tomcat伺服器localhost127.0.0.1