18. strace — Spying on Processes and Users

strace is your friend. To see what a suspicious process is doing try this 

    strace -p <process id>
To spy on a pseudoterminal, identify the process-id associated with it and 
    strace -e read,write -p <process id>
A Perl wrapper called ttylog is available for the above which nicely formats the output.

...previousup (conts)next...


About this document:

Produced from the SGML: /home/umits/public_html/_unix_security/_reml_grp/diagnostic_forensic_tools.reml
On: 23/10/2005 at 13:29:12
Options: reml2 -i noindex -l long -o html -p multiple