pfiles for Linux

Problem

Someone asked if there is a Linux equivalent of the [http://www.scit.wlv.ac.uk/cgi-bin/mansec?1+pfiles Solaris pfiles] tool. pfiles is a Solaris proc utility that reports information of all open files by the process id. [EugeneTeo Eugene] decided to write a similar tool for Linux using SystemTap. It is based on an example output posted in Red Hat BZ#223489.

TODO:

Scripts

The script is too long to be listed here. Please download the [attachment:pfiles.stp script] (GPL) instead.

Output

$ stap -g pfiles.stp $$
3291:  -bash
  Current rlimit: 256 file descriptors
     0: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR 
     1: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR 
     2: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR 
   255: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR FD_CLOEXEC

$ stap -g pfiles.stp $$ &> output
$ head output 
3291:  -bash
  Current rlimit: 256 file descriptors
     0: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR 
     1: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR 
     2: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR 
   255: S_IFCHR mode:0620 dev:0,11 ino:2 uid:500 gid:500 rdev:136,0
        O_RDWR FD_CLOEXEC

To gather information about sockets, you can use lsof with pfiles. For example:

$ /usr/sbin/lsof -i :1-65535 -P
COMMAND     PID USER   FD   TYPE DEVICE SIZE NODE NAME
mugshot    3148 eteo    9u  IPv4  15146       TCP w.x.y.z:35439->w.x.y.z:5222 (ESTABLISHED)
[...]
ssh        4025 eteo    3u  IPv4  18562       TCP w.x.y.z:38303->w.x.y.z:22 (ESTABLISHED)
pidgin     4038 eteo    7u  IPv4  18722       TCP w.x.y.z:40695->w.x.y.z:5222 (ESTABLISHED)
pidgin     4038 eteo   20u  IPv4  18744       TCP w.x.y.z:36216->w.x.y.z:1863 (ESTABLISHED)
ssh       10206 eteo    3u  IPv4  27165       TCP w.x.y.z:51226->w.x.y.z:22 (ESTABLISHED)

Lessons

You can start writing useful systems tools that are not available in Linux with SystemTap. [http://sources.redhat.com/systemtap/wiki/WSPfiles pfiles] and [http://sources.redhat.com/systemtap/wiki/WSPlimit plimit] are excellent examples.


WarStories