master

分支 (36)

标签 (37)

管理

管理

master

yhs_dev

davemarchevsky-patch-5

revert-4264-symtable-preload

davemarchevsky-test-fixes

yhs-dev

davemarchevsky-patch-4

davemarchevsky-patch-3

davemarchevsky-patch-2

davemarchevsky-patch-1

yhs_dev2

gh-pages

tag_v0.10.0

tag_v0.9.0

tag_v0.8.0

tag_v0.7.0

python3-testing

tag_v0.6.1

fedora-28-support

ubuntu1804-deps

v0.28.0

v0.27.0

v0.26.0

v0.25.0

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

bcc
/
tools
/
bashreadline_example.txt

Demonstrations of bashreadline, the Linux eBPF/bcc version.


This prints bash commands from all running bash shells on the system. For
example:

# ./bashreadline
TIME      PID    COMMAND
05:28:25  21176  ls -l
05:28:28  21176  date
05:28:35  21176  echo hello world
05:28:43  21176  foo this command failed
05:28:45  21176  df -h
05:29:04  3059   echo another shell
05:29:13  21176  echo first shell again

When running the script on Arch Linux, you may need to specify the location
of libreadline.so library:

# ./bashreadline -s /lib/libreadline.so
TIME      PID    COMMAND
11:17:34  28796  whoami
11:17:41  28796  ps -ef
11:17:51  28796  echo "Hello eBPF!"


The entered command may fail. This is just showing what command lines were
entered interactively for bash to process.

It works by tracing the return of the readline() function using uprobes
(specifically a uretprobe).