maurorappa · September 27, 2024 18:01
diff --git a/gistfile1.txt b/gistfile1.txt
 bpftrace -e 'tracepoint:syscalls:sys_enter_exec*{ printf("pid: %d, comm: %s, args: ", pid, comm); join(args->argv); }

 ``` 
 pid: 2110851, comm: vmxadmin, args: /usr/bin/whoami
 pid: 2110853, comm: vmx_status, args: sed -nE s/.*is running.../1/p
 pid: 2110854, comm: vmxadmin, args: /usr/bin/whoami
 pid: 2110856, comm: vmxadmin, args: grep -q -i release 6 /etc/redhat-release
 pid: 2110857, comm: vmx_status, args: grep KALEID_TEST2_PATH= /vmx/install/mauro/server/bin/env-instances.sh
 pid: 2110858, comm: vmx_status, args: awk -F = {print $NF}
 pid: 2110859, comm: vmx_status, args: sed -E s/\/opt\/tsa\/bin\/([a-z3]+)_packet_decoder.*/\1/
 pid: 2110860, comm: vmxadmin, args: grep -q -i release 7 /etc/redhat-release
 pid: 2110861, comm: vmxadmin, args: grep -q -i release 8 /etc/redhat-release
 ```
	bpftrace -e 'tracepoint:syscalls:sys_enter_exec*{ printf("pid: %d, comm: %s, args: ", pid, comm); join(args->argv); }

	```
	pid: 2110851, comm: vmxadmin, args: /usr/bin/whoami
	pid: 2110853, comm: vmx_status, args: sed -nE s/.*is running.../1/p
	pid: 2110854, comm: vmxadmin, args: /usr/bin/whoami
	pid: 2110856, comm: vmxadmin, args: grep -q -i release 6 /etc/redhat-release
	pid: 2110857, comm: vmx_status, args: grep KALEID_TEST2_PATH= /vmx/install/mauro/server/bin/env-instances.sh
	pid: 2110858, comm: vmx_status, args: awk -F = {print $NF}
	pid: 2110859, comm: vmx_status, args: sed -E s/\/opt\/tsa\/bin\/([a-z3]+)_packet_decoder.*/\1/
	pid: 2110860, comm: vmxadmin, args: grep -q -i release 7 /etc/redhat-release
	pid: 2110861, comm: vmxadmin, args: grep -q -i release 8 /etc/redhat-release
	```