Безопасность: сценарии оболочки для сброса переменной IFS от неправильного использования?
Хотя я считаю, что журнал dmesgявляется лучшим ответом для отслеживания загрузки файла прошивки, существует альтернативный метод отслеживания всех файлов, открытых в определенный период времени. Я оставлю здесь для полноты картины.
Вы всегда можете использовать инструмент трассировки в реальном времени, способный отслеживать вызовы ядра как sysdig.
Итак, после установки с помощью
sudo apt-get install sysdig
Здесь у вас есть трассировка всех файлов, открытых виртуальной машиной Debian 9 после того, как я вставил USB-накопитель ralink wifi. К сожалению файлов прошивки нет, иначе они бы появились в примере.
Формат сценария sysdig достаточно гибок для сужения данных, пользователей и имен файлов по мере необходимости в целях отладки:
$sudo sysdig -p "%12user.name %6proc.pid %12proc.name %3fd.num %fd.typechar %fd.name" evt.type=open
root 339 systemd-udev 12 f /run/udev/queue
root 1483 systemd-udev 6 f /proc/self/oom_score_adj
root 1483 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/uevent
root 1483 systemd-udev -1 f /run/udev/data/c189:1
root 1483 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/descriptors
root 1483 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/idVendor
root 1483 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/idProduct
root 1483 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/manufacturer
root 1483 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/product
root 1483 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/bcdDevice
root 1483 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/serial
root 1483 systemd-udev 6 f /proc/cmdline
root 1483 systemd-udev 6 f /run/udev/data/.#c189:1PS1U2W
root 1483 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/uevent
root 1483 systemd-udev -1 f /run/udev/data/+usb:1-1:1.0
root 1483 systemd-udev 6 f /proc/cmdline
root 1483 systemd-udev 6 f /run/udev/data/.#+usb:1-1:1.0W1sYYW
root 1483 systemd-udev -1 f /sys/module/rt2800usb/initstate
root 1483 systemd-udev 6 f /sys/module/usb_common/initstate
root 1483 systemd-udev 6 f /sys/module/usbcore/initstate
root 1483 systemd-udev -1 f /sys/module/rfkill/initstate
root 1483 systemd-udev 6 f /lib/modules/4.9.0-6-amd64/kernel/net/rfkill/rfkill.ko
root 1483 systemd-udev -1 f /sys/module/crc_ccitt/initstate
root 1483 systemd-udev 13 f /lib/modules/4.9.0-6-amd64/kernel/lib/crc-ccitt.ko
root 1483 systemd-udev -1 f /sys/module/cfg80211/initstate
root 1483 systemd-udev 14 f /lib/modules/4.9.0-6-amd64/kernel/net/wireless/cfg80211.ko
root 1486 systemd-udev 6 f /proc/self/oom_score_adj
root 1486 systemd-udev 6 f /sys/devices/virtual/misc/rfkill/uevent
root 1484 systemd-udev 6 f /proc/self/oom_score_adj
root 1484 systemd-udev -1 f /sys/module/rfkill/uevent
root 1484 systemd-udev -1 f /run/udev/data/+module:rfkill
root 1484 systemd-udev 6 f /proc/cmdline
root 1485 systemd-udev 6 f /proc/self/oom_score_adj
root 1486 systemd-udev -1 f /run/udev/data/c10:56
root 1486 systemd-udev 6 f /proc/cmdline
root 1486 systemd-udev 6 f /run/udev/data/.#c10:56fjUFaV
root 1485 systemd-udev -1 f /sys/class/rfkill/uevent
root 1485 systemd-udev -1 f /run/udev/data/+class:rfkill
root 1485 systemd-udev 6 f /proc/cmdline
root 1487 systemd-udev 6 f /proc/self/oom_score_adj
root 1487 systemd-udev -1 f /sys/module/crc_ccitt/uevent
root 1487 systemd-udev -1 f /run/udev/data/+module:crc_ccitt
root 1487 systemd-udev 6 f /proc/cmdline
root 1488 systemd-udev 6 f /proc/self/oom_score_adj
root 1488 systemd-udev -1 f /sys/module/cfg80211/uevent
root 1488 systemd-udev -1 f /run/udev/data/+module:cfg80211
root 1488 systemd-udev 6 f /proc/cmdline
root 1485 systemd-udev -1 f /sys/class/ieee80211/uevent
root 1485 systemd-udev -1 f /run/udev/data/+class:ieee80211
root 1485 systemd-udev 6 f /proc/cmdline
root 1485 systemd-udev 6 f /sys/devices/platform/regulatory.0/uevent
root 1485 systemd-udev -1 f /run/udev/data/+platform:regulatory.0
root 1485 systemd-udev 6 f /proc/cmdline
root 1485 systemd-udev 6 f /sys/devices/platform/regulatory.0/uevent
root 1485 systemd-udev -1 f /run/udev/data/+platform:regulatory.0
root 1485 systemd-udev 6 f /proc/cmdline
root 1483 systemd-udev -1 f /sys/module/mac80211/initstate
root 1483 systemd-udev 15 f /lib/modules/4.9.0-6-amd64/kernel/net/mac80211/mac80211.ko
root 1485 systemd-udev -1 f /sys/module/mac80211/uevent
root 1485 systemd-udev -1 f /run/udev/data/+module:mac80211
root 1485 systemd-udev 6 f /proc/cmdline
root 1483 systemd-udev -1 f /sys/module/rt2x00lib/initstate
root 1483 systemd-udev 16 f /lib/modules/4.9.0-6-amd64/kernel/drivers/net/wireless/ralink/rt2x00/rt2x00lib.ko
root 1485 systemd-udev -1 f /sys/module/rt2x00lib/uevent
root 1485 systemd-udev -1 f /run/udev/data/+module:rt2x00lib
root 1485 systemd-udev 6 f /proc/cmdline
root 1483 systemd-udev -1 f /sys/module/rt2800lib/initstate
root 1483 systemd-udev 17 f /lib/modules/4.9.0-6-amd64/kernel/drivers/net/wireless/ralink/rt2x00/rt2800lib.ko
root 1485 systemd-udev -1 f /sys/module/rt2800lib/uevent
root 1485 systemd-udev -1 f /run/udev/data/+module:rt2800lib
root 1485 systemd-udev 6 f /proc/cmdline
root 1483 systemd-udev -1 f /sys/module/rt2x00usb/initstate
root 1483 systemd-udev 18 f /lib/modules/4.9.0-6-amd64/kernel/drivers/net/wireless/ralink/rt2x00/rt2x00usb.ko
root 1485 systemd-udev -1 f /sys/module/rt2x00usb/uevent
root 1485 systemd-udev -1 f /run/udev/data/+module:rt2x00usb
root 1485 systemd-udev 6 f /proc/cmdline
root 1483 systemd-udev -1 f /sys/module/rt2800usb/initstate
root 1483 systemd-udev 19 f /lib/modules/4.9.0-6-amd64/kernel/drivers/net/wireless/ralink/rt2x00/rt2800usb.ko
root 1485 systemd-udev -1 f /sys/module/rt2800usb/uevent
root 1485 systemd-udev -1 f /run/udev/data/+module:rt2800usb
root 1485 systemd-udev 6 f /proc/cmdline
root 1485 systemd-udev -1 f /sys/module/arc4/uevent
root 1485 systemd-udev -1 f /run/udev/data/+module:arc4
root 1485 systemd-udev 6 f /proc/cmdline
root 1485 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/ieee80211/phy0/uevent
root 1485 systemd-udev -1 f /run/udev/data/+ieee80211:phy0
root 1485 systemd-udev 6 f /proc/cmdline
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/net/wlan0/uevent
root 1488 systemd-udev -1 f /run/udev/data/n3
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/idVendor
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/idVendor
root 1488 systemd-udev 6 f /proc/cmdline
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/net/wlan0/address
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/net/wlan0/type
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/net/wlan0/ifindex
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/net/wlan0/iflink
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/net/wlan0/addr_assign_type
root 1484 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/leds/rt2800usb-phy0::radio/uevent
root 1484 systemd-udev -1 f /run/udev/data/+leds:rt2800usb-phy0::radio
root 1484 systemd-udev 6 f /proc/cmdline
root 1487 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/leds/rt2800usb-phy0::assoc/uevent
root 1487 systemd-udev -1 f /run/udev/data/+leds:rt2800usb-phy0::assoc
root 1487 systemd-udev 6 f /proc/cmdline
root 1486 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/leds/rt2800usb-phy0::quality/uevent
root 1486 systemd-udev -1 f /run/udev/data/+leds:rt2800usb-phy0::quality
root 1486 systemd-udev 6 f /proc/cmdline
root 1483 systemd-udev -1 f /sys/bus/usb/drivers/rt2800usb/uevent
root 1483 systemd-udev -1 f /run/udev/data/+drivers:usb:rt2800usb
root 1483 systemd-udev 6 f /proc/cmdline
root 1485 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/ieee80211/phy0/rfkill0/uevent
root 1485 systemd-udev -1 f /run/udev/data/+rfkill:rfkill0
root 1485 systemd-udev 6 f /proc/cmdline
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/acpi_index
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/net/wlan0/dev_port
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/net/wlan0/phys_port_name
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/config
root 1488 systemd-udev 6 d /sys/bus/pci/slots
root 1488 systemd-udev 13 f /sys/bus/pci/slots/230/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/55/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/259/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/164/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/45/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/192/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/35/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/63/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/229/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/53/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/257/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/162/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/43/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/33/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/61/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/227/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/51/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/199/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/160/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/41/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/263/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/225/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/197/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/58/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/261/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/167/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/48/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/195/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/38/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/231/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/56/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/165/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/46/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/193/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/36/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/54/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/258/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/163/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/44/address
root 1488 systemd-udev 13 f /sys/bus/pci/slots/34/address
root 1488 systemd-udev 13 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/config
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/uevent
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/bInterfaceNumber
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/bInterfaceClass
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/uevent
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/descriptors
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/idProduct
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/manufacturer
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/product
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/bcdDevice
root 1488 systemd-udev 6 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/serial
root 1488 systemd-udev 6 f /run/udev/data/+usb:1-1:1.0
root 1488 systemd-udev 6 f /run/udev/data/.#n3eBu1Pw
root 1494 systemd-udev 6 f /dev/null
root 1494 ifupdown-hot 3 f /etc/ld.so.cache
root 1494 ifupdown-hot 3 f /lib/x86_64-linux-gnu/libc.so.6
root 1494 ifupdown-hot 3 f /lib/udev/ifupdown-hotplug
root 1494 ifupdown-hot 3 f /dev/null
root 1494 ifupdown-hot 3 f /dev/null
root 1485 systemd-udev -1 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/net/wlan0/queues/rx-0/uevent
root 1485 systemd-udev -1 f /run/udev/data/+queues:rx-0
root 1485 systemd-udev 6 f /proc/cmdline
root 1484 systemd-udev -1 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/net/wlan0/queues/tx-1/uevent
root 1484 systemd-udev -1 f /run/udev/data/+queues:tx-1
root 1484 systemd-udev 6 f /proc/cmdline
root 1487 systemd-udev -1 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/net/wlan0/queues/tx-2/uevent
root 1487 systemd-udev -1 f /run/udev/data/+queues:tx-2
root 1487 systemd-udev 6 f /proc/cmdline
root 1486 systemd-udev -1 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/net/wlan0/queues/tx-3/uevent
root 1486 systemd-udev -1 f /run/udev/data/+queues:tx-3
root 1486 systemd-udev 6 f /proc/cmdline
root 1488 systemd-udev -1 f /sys/devices/pci0000:00/0000:00:11.0/0000:02:02.0/usb1/1-1/1-1:1.0/net/wlan0/queues/tx-0/uevent
root 1488 systemd-udev -1 f /run/udev/data/+queues:tx-0
root 1488 systemd-udev 6 f /proc/cmdline
root 1495 ifupdown-hot 0 f /dev/null
root 1497 grep 3 f /etc/ld.so.cache
root 1497 grep 3 f /lib/x86_64-linux-gnu/libpcre.so.3
root 1497 grep 3 f /lib/x86_64-linux-gnu/libdl.so.2
root 1497 grep 3 f /lib/x86_64-linux-gnu/libc.so.6
root 1497 grep 3 f /lib/x86_64-linux-gnu/libpthread.so.0
root 1496 ifquery 3 f /etc/ld.so.cache
root 1496 ifquery 3 f /lib/x86_64-linux-gnu/libc.so.6
root 1496 ifquery 3 f /etc/network/interfaces
Мы можем дважды подтвердить с помощью lsmodвывод загруженных модулей ядра:
$lsmod
Module Size Used by
arc4 16384 2
**rt2800usb** 28672 0
**rt2x00usb** 24576 1 rt2800usb
**rt2800lib** 94208 1 rt2800usb
**rt2x00lib** 53248 3 rt2800lib,rt2800usb,rt2x00usb
**mac80211** 671744 3 rt2800lib,rt2x00lib,rt2x00usb
**cfg80211** 589824 2 rt2x00lib,mac80211
crc_ccitt 16384 1 rt2800lib
**rfkill** 24576 1 cfg80211
sysdig_probe 430080 0
vmw_vsock_vmci_transport 28672 1
vsock 36864 2 vmw_vsock_vmci_transport
softdog 16384 0
loop 28672 0
crct10dif_pclmul 16384 0
crc32_pclmul 16384 0
vmw_balloon 20480 0
ghash_clmulni_intel 16384 0
intel_rapl_perf 16384 0
sg 32768 0
vmw_vmci 69632 2 vmw_balloon,vmw_vsock_vmci_transport
button 16384 0
ext4 585728 1
crc16 16384 1 ext4
jbd2 106496 1 ext4
crc32c_generic 16384 0
fscrypto 28672 1 ext4
ecb 16384 0
mbcache 16384 2 ext4
sd_mod 49152 4
crc32c_intel 24576 0
aesni_intel 167936 0
aes_x86_64 20480 1 aesni_intel
glue_helper 16384 1 aesni_intel
lrw 16384 1 aesni_intel
gf128mul 16384 1 lrw
ablk_helper 16384 1 aesni_intel
cryptd 24576 3 ablk_helper,ghash_clmulni_intel,aesni_intel
ehci_pci 16384 0
ehci_hcd 81920 1 ehci_pci
usbcore 253952 4 rt2800usb,rt2x00usb,ehci_hcd,ehci_pci
usb_common 16384 1 usbcore
e1000 143360 0
mptspi 24576 3
scsi_transport_spi 32768 1 mptspi
mptscsih 32768 1 mptspi
mptbase 77824 2 mptscsih,mptspi
scsi_mod 225280 5 sd_mod,mptscsih,scsi_transport_spi,sg,mptspi
3
Ilias Karim
30.04.2020, 20:36
Ссылка
0 ответов