Hi,
I've not had any output from the systemtap script so I don't believe
anything has accessed /dev/random since my last email. I'm running
exim4, spamd, php-fpm, sshd, nginx amongst others.
Same caveat as before - I might have missed something important.
Cheers,
Roger
On Mon, Mar 14, 2016 at 11:23 AM, Roger Light <roger@atchoo.org> wrote:
> Hi,
>
> I listened to some of the ubuntu podcast on the way in to work this
> morning and they mentioned the util "fatrace". Turns out you can't use
> the fanotify functions with /dev, but I've managed to figure out a
> good way of doing this.
>
> Assuming you've got SystemTap (kernel probing functionality, see at
> the end of the email) installed, then try:
>
> sudo stap random_read.stp
>
> where random_read.stp looks like:
>
> probe kernel.function("random_read").call
> {
> printf("%s[%d] len:%d\n", execname(), tid(), $nbytes)
> }
>
> This will print out the executable name, process id and number of
> bytes requested each time a process reads from /dev/random. You can
> verify it with e.g.
>
> dd if=/dev/random of=/dev/null count=1
>
> FWIW, whilst I was testing I was using urandom_read instead and exim
> was reading from there, not from random_read. ymmv. The only thing
> I've seen so far is "dd" :) I'll leave it running and report back if I
> spot anything.
>
> This is the first time I've played with systemtap and I may have
> missed something. I'm not sure that the ".call" should be there for
> example.
>
> Cheers,
>
> Roger
>
>
>
> Installation notes for ubuntu:
>
> apt-get install systemtap
>
> # Install kernel debug symbols, this is less optimal than it could be.
> See https://wiki.ubuntu.com/Kernel/Systemtap#Where_to_get_debug_symbols_for_kernel_X.3F
>
> codename=$(lsb_release -c | awk '{print $2}')
> sudo tee /etc/apt/sources.list.d/ddebs.list << EOF
> deb http://ddebs.ubuntu.com/ ${codename} main restricted universe
> multiverse
> deb http://ddebs.ubuntu.com/ ${codename}-security main restricted
> universe multiverse
> deb http://ddebs.ubuntu.com/ ${codename}-updates main restricted
> universe multiverse
> deb http://ddebs.ubuntu.com/ ${codename}-proposed main restricted
> universe multiverse
> EOF
>
> sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ECDCAD72428D7C01
> sudo apt-get update
> sudo apt-get install linux-image-$(uname -r)-dbgsym
>
>
>
> On Mon, Mar 14, 2016 at 10:24 AM, Andy Smith <andy@bitfolk.com> wrote:
>> On Mon, Mar 14, 2016 at 10:22:28AM +0000, Andy Smith wrote:
>>> $ sudo strace -o open -p $(pgrep exim4) 2>&1 | grep random
>>
>> Hmm, maybe need a -ff on that to follow forks…
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEAREDAAYFAlbmkVMACgkQIJm2TL8VSQuUkgCfdFHtYhq/iJsa3HXykeVA73GH
>> gDMAn13IDR+rDx63BHFGp2HnGuJbTgEE
>> =j5zJ
>> -----END PGP SIGNATURE-----
>>
>> _______________________________________________
>> users mailing list
>> users@lists.bitfolk.com
>> https://lists.bitfolk.com/mailman/listinfo/users
>>
_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users