admin tools

• encryption

  • gpg

    • basic knowledge

    • create new key

    • list keys

    • remove keys

    • export/import keys

    • usage

  • pass

    • env

    • insert

    • generate

    • remove

    • advanced usage

    • plugins

  • OTP

    • pass-otp

  • PGP

  • passwd

• network tools

  • vnstat

  • ipcalc

  • iostat

  • tcpdump

  • dstat

  • strace

  • dtruss

  • sar

  • netcat

  • ip

  • datadog

• others

references:

• 20 Command Line Tools to Monitor Linux Performance
• 20 Linux System Monitoring Tools Every SysAdmin Should Know
• Top 25 Best Linux Performance Monitoring and Debugging Tools
• http://www.thegeekstuff.com/2010/12/50-unix-linux-sysadmin-tutorials
• 16 commands to check hardware information on Linux
• Best UNIX shell-based tools
• * alebcay/awesome-shell

  • * zh-cn
  • nosarthur/awesome-shell
• * rockerBOO/awesome-neovim
• jlevy/the-art-of-command-line
• Learn Enough Command Line to Be Dangerous
• Shell Style Guide
• Use Bash Strict Mode (Unless You Love Debugging)
• others

  • bayandin/awesome-awesomeness
  • emijrp/awesome-awesome
  • kahun/awesome-sysadmin
• My Minimalist Over-powered Linux Setup Guide
• * devynspencer/cute_commands.sh

encryption

gpg

[!NOTE|label:references:]

• * The GNU Privacy Handbook
• * The GNU Privacy Guard Manual
• GPG入门教程
• GPG(GnuPG)入门
• FlowCrypt: PGP Encryption for Gmail

basic knowledge

[!NOTE|label:references:]

• to show --dump-options: gpg --dump-options

• letters indicating

  [!TIP|label:references:]

  • 简明 GPG 概念
  • GPG 密钥的能力中， [C]、[S]、[A] 均属于签名方案，只有 [E] 是加密方案

  • The GNU Privacy Guard Manual : 4.2.1 How to change the configuration
  • OpenPGP Message Format : 5.2.3.21. Key Flags
  • How are the GPG usage flags defined in the key details listing?
  • Anatomy of a GPG Key

  LETTER	MEANING	flag	CONSTANT	COMMENTS
  [C]	Certification	0x01	PUBKEY_USAGE_CERT	认证其他秘钥/给其他证书签名
  [S]	Signing	0x02	PUBKEY_USAGE_SIG	签名,如给文件添加数字签名, 给 git commit 签名
  [A]	Authenticate	0x20	PUBKEY_USAGE_AUTH	身份验证, 如 ssh 登录
  [E]	Encryption	0x04 or 0x08	PUBKEY_USAGE_ENC	加密, 如给文件加密, 给邮件加密

create new key

[!NOTE|label:references:]

• Generating GPG Keys
• How to create GPG keypairs
• Generating a new GPG key

$ gpg --full-generate-key

• or

  $ gpg --batch --gen-key <<EOF
  %no-protection
  Key-Type:1
  Key-Length:2048
  Subkey-Type:1
  Subkey-Length:2048
  Name-Real: <John Doe>
  Name-Email: <john.doe@domain.com>
  Expire-Date:0
  EOF

list keys

• secret keys

  $ gpg --list-secret-keys --keyid-format=long
  gpg: checking the trustdb
  gpg: marginals needed: 3  completes needed: 1  trust model: pgp
  gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
  [keyboxd]
  ---------
  sec   ed25519/505104FC7CD6CA33 2024-05-08 [SC]
        00D2F41050BF7D9BE6B27545505104FC7CD6CA33
  uid                 [ultimate] marslo <marslo.jiao@gmail.com>
  ssb   cv25519/188C36434D6B9F66 2024-05-08 [E]

• public keys

  $ gpg --list-public-keys --keyid-format=long
  [keyboxd]
  ---------
  pub   ed25519/5C0980808D968494 2024-05-08 [SC]
        6AADCD68E268DEF623C4DD7E5C0980808D968494
  uid                 [ultimate] marslo <marslo.jiao@gmail.com>
  sub   cv25519/F065036D0FF76ABA 2024-05-08 [E]

• list KEYID

  $ gpg --list-keys --with-colons |
        awk -F: '$1 == "pub" && ($2 == "e" || $2 == "r" || $2 == "u") { print $5 }'

• with fingerprint

  $ gpg --list-secret-keys --with-colons --fingerprint
  sec:u:255:22:5C0980808D968494:1715138996:::u:::scESC:::+::ed25519:::0:
  fpr:::::::::6AADCD68E268DEF623C4DD7E5C0980808D968494:
  grp:::::::::DA2F273B9FCDBCE44E8F5B1590CC29F774C557A5:
  uid:u::::1715138996::689D1C164C7C46F315D0FF60C5CDE6E509C6D853::marslo <marslo.jiao@gmail.com>::::::::::0:
  ssb:u:255:18:F065036D0FF76ABA:1715138996::::::e:::+::cv25519::
  fpr:::::::::B6550514914F4E14976755BBF065036D0FF76ABA:
  grp:::::::::C55CD6EE8B06EC939090352069AB9D37CFA0C7FA:
  
  # list fingerprint only
  $ gpg --list-keys --with-colons | awk -F: '$1 == "fpr" { print $10 }'
  6AADCD68E268DEF623C4DD7E5C0980808D968494
  B6550514914F4E14976755BBF065036D0FF76ABA
  
  # or
  $ gpg --list-secret-keys --with-colons --fingerprint | sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p'
  6AADCD68E268DEF623C4DD7E5C0980808D968494
  B6550514914F4E14976755BBF065036D0FF76ABA

remove keys

• remove all keys

  $ gpg --yes --delete-secret-and-public-key "marslo"
  gpg (GnuPG) 2.4.5; Copyright (C) 2024 g10 Code GmbH
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.
  
  sec  ed25519/133597088DEF3074 2024-05-08 marslo (marslo) <marslo.jiao@gmail.com>
  
  Delete this key from the keyring? (y/N) y
  This is a secret key! - really delete? (y/N) y
  
  pub  ed25519/133597088DEF3074 2024-05-08 marslo (marslo) <marslo.jiao@gmail.com>
  Delete this key from the keyring? (y/N) y

• or via --batch

  $ gpg --list-keys --with-colons \
      | awk -F: '$1 == "pub" && ($2 == "e" || $2 == "r" || $2 == "u") { print $5 }' \
      | xargs gpg --batch --yes --delete-secret-and-public-key

• or via fingerprint

  $ gpg --fingerprint --with-colons ${GPG_KEY} |\
        grep "^fpr" |\
        sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p' |\
        xargs gpg --batch --delete-secret-keys

export/import keys

[!NOTE|label:references:]

• How to export a GPG private key and public key to a file
• Moving GPG Keys Privately

export

• export public key

  $ gpg --output public.pgp --armor --export <KEYID>

  • check content

    $ gpg --armor --export <KEYID>
    
    # i.e.:
    $ gpg --armor --export marslo
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    ...
    -----END PGP PUBLIC KEY BLOCK-----

• export secret key

  $ gpg --output private.pgp --armor --export-secret-key <KEYID>
  # or
  $ gpg -o ~/private.asc --export-secret-key <KEYID>

  • export and ssh

    $ gpg --export-secret-key SOMEKEYID | ssh othermachine gpg --import

  • more

    $ gpg --output public.gpg --export SOMEKEYID && \
    $ gpg --output - --export-secret-key SOMEKEYID |\
          cat public.gpg - |\
          gpg --armor --output keys.asc --symmetric --cipher-algo AES256

  • check content

    $ gpg --armor --export-secret-keys <KEYID>
    
    # i.e.:
    $ gpg --armor --export-secret-keys marslo
    -----BEGIN PGP PRIVATE KEY BLOCK-----
    ...
    -----END PGP PRIVATE KEY BLOCK-----

• backup keys

  $ gpg --output backupkeys.pgp --armor --export-secret-keys --export-options export-backup <KEYID>
  # or
  $ gpg --output backupkeys.pgp --armor --export --export-options export-backup <KEYID>

import

[!NOTE|label:references:]

• How to import secret keys into GPG keychain
• pass and gpg: No public key
• How to import secret gpg key (copied from one machine to another)?

# import private key
$ gpg --import private.pgp
gpg: /home/marslo/.gnupg/trustdb.gpg: trustdb created
gpg: key 5C0980808D968494: public key "marslo <marslo.jiao@gmail.com>" imported
gpg: key 5C0980808D968494: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

# list keys
$ gpg --list-keys
/home/marslo/.gnupg/pubring.kbx
-------------------------------
pub   ed25519 2024-05-08 [SC]
      6AADCD68E268DEF623C4DD7E5C0980808D968494
uid           [ unknown] marslo <marslo.jiao@gmail.com>
sub   cv25519 2024-05-08 [E]

# trust
$ gpg --edit-key 6AADCD68E268DEF623C4DD7E5C0980808D968494 trust quit
  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

gpg> Your decision? 5
gpg> Do you really want to set this key to ultimate trust? (y/N) y

# check key again
$ gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/home/marslo/.gnupg/pubring.kbx
-------------------------------
pub   ed25519 2024-05-08 [SC]
      6AADCD68E268DEF623C4DD7E5C0980808D968494
uid           [ultimate] marslo <marslo.jiao@gmail.com>
sub   cv25519 2024-05-08 [E]

• import publid key

  # import public key
  $ gpg --import public.pgp
  gpg: key 5C0980808D968494: "marslo <marslo.jiao@gmail.com>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1

• trust key

  # verify available
  $ gpg --edit-key <KEYID>
  
  # trust
  $ gpg --edit-key <KEYID>
  gpg> trust
  gpg> save
  gpg> quit

• recover from backup keys

  $ gpg --import-options restore --import backupkeys.pgp

usage

[!NOTE|label:references:]

• GPG使用方法总结（密钥管理，加解密文件）

pass

[!NOTE]

• pass: the standard unix password manager
• git repo: password-store
• video: How to Use Pass Which Is a Command Line Password Manager
• How to Use Pass Which Is a Command Line Password Manager
• archlinux: pass
• compatible clients
• Clever uses of pass, the Unix password manager
• Configuring Pass, the Standard Unix Password Manager

env

[!NOTE|label:references:]

• completion
• environment variable

  • PASSWORD_STORE_DIR

  • PASSWORD_STORE_KEY

  • PASSWORD_STORE_GENERATED_LENGTH

  • PASSWORD_STORE_CHARACTER_SET

  • PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS

  • PASSWORD_STORE_CLIP_TIME

  • PASSWORD_STORE_EXTENSIONS_DIR

  • PASSWORD_STORE_ENABLE_EXTENSIONS

  • PASSWORD_STORE_SIGNING_KEY

$ export PASSWORD_STORE_DIR=~/.password-store

• install

  # osx
  $ brew install pass
  
  # ubuntu/debian
  $ sudo apt-get install pass
  
  # fedora/rhel
  $ sudo yum install pass

• init

  [!TIP|label:references:]

  • How to manage Linux passwords with the pass command
  • I try to add passwords to the "pass" password manager. But my attempts fail with "no public key" GPG errors. Why?
  • to avoid the issue like:

    $ pass generate test 30
    gpg: marslo: skipped: No public key
    gpg: [stdin]: encryption failed: No public key
    Password encryption aborted.

  $ gpg --full-generate-key

insert

$ pass insert <NAME>

# i.e.:
$ pass insert test
Enter password for test: abc
Retype password for test: abc
$ pass test
abc

# copy
$ pass -c test
Copied test to clipboard. Will clear in 45 seconds.

pass insert

generate

[!NOTE|label:references:]

• PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS isn't respected
• [pass] Provide symbol set as command line argument
• How to generate secure passwords using terminal (Mac/Linux) ?
• default and envs

  • PASSWORD_STORE_DIR=$HOME/.password-store

  • PASSWORD_STORE_EXTENSIONS_DIR=${PASSWORD_STORE_DIR}/.extensions

  • PASSWORD_STORE_CLIP_TIME=45

  • PASSWORD_STORE_GENERATED_LENGTH=25

  • others:

    • PASSWORD_STORE_CHARACTER_SET='[:alnum:].,!?&*%_~$#^@{}[]()<>|=/\+-'

• Vim: word vs WORD

  

  WORD VS. word

• customize charset

  $ export PASSWORD_STORE_CHARACTER_SET='a-zA-Z0-9'
  $ yes | pass generate test 30
  The generated password for test is:
  HnD7XyeFDtOrw5oDhn22U8AjHVV9cf
  $ yes | pass generate test 30
  The generated password for test is:
  t57PYCw4r0tHSXCa4zW2DVGNuizQ1k
  
  $ export PASSWORD_STORE_CHARACTER_SET='a-zA-Z0-9()'
  $ yes | pass generate test 50
  The generated password for test is:
  wof1Hw92QXe(G3)MkMRp5Wx3UCMgHIpt)7ENNn(f8r(ZRcztQ1
  $ yes | pass generate test 30
  The generated password for test is:
  60m2XHtqfTsvfJT(YYV1wKlBBoOJYb

• generate qrcode

  $ pass generate <name> --qrcode

• generate via /dev/urandom

  $ head /dev/urandom | tr -dc 'A-Za-z0-9!@#$%^&*()' | head -c 32 && echo
  xGPqC%MeE2HU3NkH#JeA##RB^YbX49cd
  
  $ head /dev/urandom | tr -dc 'A-Za-z0-9!@#$%^&*()?:_-~+<=>' | head -c 32 && echo
  e?XEGaD68^FNYI5#E^aFVgv:(6_pL>!I
  
  $ head /dev/urandom | tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' | head -c 32 && echo
  +&7<o(zfE[WC30v'D[&RH~;qM-8J>oQC

• generate via openssl

  $ openssl rand -base64 32
  DfXwoBz8UAel09qN1rR97luKy+aFuC8N0Fua+YaSW8A=
  
  # or: https://www.commandlinefu.com/commands/view/24565/generate-a-random-password-30-characters-long
  $ openssl rand -rand /dev/urandom -base64 32

remove

$ pass rm test -f
removed '/Users/marslo/.marslo/.password-store/test.gpg'

advanced usage

[!NOTE|label:references:]

• extensions

  • roddhjav/pass-tomb
  • tadfisher/pass-otp) | pass-otp.bash.completion
  • roddhjav/pass-import
  • roddhjav/pass-update
  • roddhjav/pass-audit
  • ayushnix/pass-coffin
  • ayushnix/pass-tessen
• additional tools

  • Pass for Alfred

• alfred workflow

  $ brew isntall --HEAD pinentry-mac
  
  # using pinentry-mac instead of pinentry for alfred workflow
  $ [[ -d "$HOME/.gnupg" ]] || mkdir "$HOME/.gnupg"
  $ echo "pinentry-program $(brew --prefix)/bin/pinentry-mac" > $HOME/.gnupg/gpg-agent.conf
  $ gpgconf --kill gpg-agent                           # restart the agent

• pw

  pw() {
    export PASSWORD_STORE_CLIP_TIME=8
    export PASSWORD_STORE_X_SELECTION=primary
    pass -c2 $1; sleep 5; pass -c $1; sleep 5; pass otp -c $1; exit
  }

• extend

  # ~/.bashrc
  $ alias passred="PASSWORD_STORE_DIR=~/.pass/red pass"
  $ alias passblue="PASSWORD_STORE_DIR=~/.pass/blue pass"
  
  $ cat /usr/share/bash-completion/completions/pass
  _passred(){
      PASSWORD_STORE_DIR=~/.pass/red/ _pass
  }
  complete -o filenames -o nospace -F _passred passred
  _passblue(){
      PASSWORD_STORE_DIR=~/.pass/blue/ _pass
  }
  complete -o filenames -o nospace -F _passblue passblue
  $ source /usr/share/bash-completion/completions/pass

• git

  $ git config --global credential.helper /usr/bin/pass-git-helper
  
  $ cat ~/.gitconfig
  [github.com]
  target=dev/github
  
  [*.fooo-bar.*]
  target=dev/fooo-bar

  • client

    # create local password store
    $ pass init <gpg key id>
    # enable management of local changes through git
    $ pass git init
    # add the the remote git repository as 'origin'
    $ pass git remote add origin user@server:~/.password-store
    # push your local pass history
    $ pass git push -u --all

plugins

• pass-otp

  [!NOTE|label:references:]

  • #137 Bash completion

  # --- install ---
  # osx
  $ brew install pass-otp
  $ brew uses --recursive --installed oath-toolkit
  pass-otp
  
  # --- usage ---
  ## init
  $ pass otp insert -e sandbox/otp
  Enter otpauth:// URI for sandbox/otp: otpauth://totp/totp-secret?secret=sandbox
  ## show otp code
  $ pass otp sandbox/otp
  148395

OTP

[!NOTE|label:references:]

• OATH-Toolkit
• Use oathtool Linux command line for 2 step verification (2FA)
• One-Time-Passwords using oathtool on Ubuntu 14.04(+)

pass-otp

[!NOTE|label:references:]

• tips:

  $ brew which-formula oathtool
  oath-toolkit
  
  $ brew uses --recursive --installed oath-toolkit
  pass-otp

$ oathtool $(openssl rand -hex 16)
848050

PGP

[!NOTE|label:references:]

• Protecting Code Integrity with PGP

  • Protecting Code Integrity with PGP — Part 1: Basic Concepts and Tools | 用 PGP 保护代码完整性（一）： 基本概念和工具
  • Protecting Code Integrity with PGP — Part 2: Generating Your Master Key | 用 PGP 保护代码完整性（二）：生成你的主密钥
  • Protecting Code Integrity with PGP — Part 3: Generating PGP Subkeys | 用 PGP 保护代码完整性（三）：生成 PGP 子密钥
  • Protecting Code Integrity with PGP — Part 4: Moving Your Master Key to Offline Storage | 用 PGP 保护代码完整性（四）：将主密钥移到离线存储中
  • Protecting Code Integrity with PGP — Part 5: Moving Subkeys to a Hardware Device | 用 PGP 保护代码完整性（五）：将子密钥移到一个硬件设备中
  • Protecting Code Integrity with PGP — Part 6: Using PGP with Git | 用 PGP 保护代码完整性（六）：在 Git 上使用 PGP
  • Protecting Code Integrity with PGP — Part 7: Protecting Online Accounts | 用 PGP 保护代码完整性（七）：保护在线帐户

passwd

[!NOTE|label:references:]

• Managing Linux users with the passwd command

network tools

[!NOTE|label:see also:]

• iMarslo : linux/network

vnstat

vnstat

$ vnstat -l 1 -i en7
Monitoring en7...    (press CTRL-C to stop)

   rx:     4.10 kbit/s   21.00 KiB          tx:         0 bit/s   6.00 KiB^C

 en7  /  traffic statistics
                           rx         |       tx
--------------------------------------+------------------
  bytes                    21.00 KiB  |        6.00 KiB
--------------------------------------+------------------
          max           53.25 kbit/s  |    12.29 kbit/s
      average           17.20 kbit/s  |     4.92 kbit/s
          min                0 bit/s  |         0 bit/s
--------------------------------------+------------------
  packets                         60  |              52
--------------------------------------+------------------
          max                 15 p/s  |          16 p/s
      average                  6 p/s  |           5 p/s
          min                  2 p/s  |           0 p/s
--------------------------------------+------------------
  time                    10 seconds

ipcalc

ipcalc

$ ipcalc 10.25.130.2/23
Address:   10.25.130.2          00001010.00011001.1000001 0.00000010
Netmask:   255.255.254.0 = 23   11111111.11111111.1111111 0.00000000
Wildcard:  0.0.1.255            00000000.00000000.0000000 1.11111111
=>
Network:   10.25.130.0/23       00001010.00011001.1000001 0.00000000
HostMin:   10.25.130.1          00001010.00011001.1000001 0.00000001
HostMax:   10.25.131.254        00001010.00011001.1000001 1.11111110
Broadcast: 10.25.131.255        00001010.00011001.1000001 1.11111111
Hosts/Net: 510                   Class A, Private Internet

$ ipcalc 10.25.131.1/23
Address:   10.25.131.1          00001010.00011001.1000001 1.00000001
Netmask:   255.255.254.0 = 23   11111111.11111111.1111111 0.00000000
Wildcard:  0.0.1.255            00000000.00000000.0000000 1.11111111
=>
Network:   10.25.130.0/23       00001010.00011001.1000001 0.00000000
HostMin:   10.25.130.1          00001010.00011001.1000001 0.00000001
HostMax:   10.25.131.254        00001010.00011001.1000001 1.11111110
Broadcast: 10.25.131.255        00001010.00011001.1000001 1.11111111
Hosts/Net: 510                   Class A, Private Internet

iostat

$ iostat
              disk0       cpu    load average
    KB/t  tps  MB/s  us sy id   1m   5m   15m
   19.85   37  0.72   3  1 96  1.78 1.90 1.69

tcpdump

[!NOTE|label:references:]

• * Tcpdump

$ sudo tcpdump -A -i en7
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en7, link-type EN10MB (Ethernet), capture size 262144 bytes
00:33:02.787671 IP 10.25.130.117.53629 > a23-43-240-92.deploy.static.akamaitechnologies.com.https: Flags [.], ack 697481089, win 2048, length 0
E..(....@...
..u.+.\.}..r...)...P...:...
00:33:02.790119 IP 10.25.130.117.51541 > sh-vdc01.mycompany.com.domain: 53089+ PTR? 92.240.43.23.in-addr.arpa. (43)
E..GP....._.
..u
&t..U.5.3...a...........92.240.43.23.in-addr.arpa.....
00:33:02.812866 ARP, Request who-has gw-voice-idf.cdu-cn.mycompany.com tell gw-vg224-idf.cdu-cn.mycompany.com, length 46
....
....
13 packets captured
25 packets received by filter
0 packets dropped by kernel

• or

  $ sudo tcpdump -n -i any src or dst target.ip.address [ -v ]
  
  # i.e.
  $ sudo tcpdump -n -i any src or dst git.domain.com -v
  tcpdump: data link type PKTAP
  tcpdump: listening on any, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
  00:02:55.698822 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
      10.25.130.104.63447 > 10.69.78.140.29418: Flags [F.], cksum 0x8fe0 (correct), seq 2566890566, ack 4019765769, win 2058, options [nop,nop,TS val 1955309758 ecr 154499413], length 0

dstat

dstat

strace

[!NOTE|label:references:]

• I have a tab completion that hangs, is it possible to use strace to find out what is going on?
• Resolve nested aliases to their source commands
• What's the difference between <<, <<< and < < in bash?

LINUX	MACOS	COMPARISON
strace	dtruss/dtrace	System Call Tracking Tool
ltrace	dyldtrace	Dynamic Link Library Tracing
Flexible	Limited by System Integrity Protection	Kernel Module Support
Regular users can partially use it	Most features require root access or CSRUTIL configuration	Permission Requirements
high	Reliance on BSD-specific syntax	Script Portability

$ ... run cmd ...

# or
$ pid=$(echo ??)
$ sudo strace -fp ${pid} -o log

# or
$ sudo -v
$ sudo strace -fp $$ -o log &

# -- more --
$ set -o functrace xtrace
$ PS4=' ${BASH_SOURCE}:$FUNCNAME:$LINENO: '

• intercept stdout/stderr of another process

  $ strace -ff -e trace=write -e write=1,2 -p SOME_PID
  
  # https://www.commandlinefu.com/commands/view/5450/intercept-stdoutstderr-of-another-process
  $ strace -ff -e write=1,2 -s 1024 -p PID 2>&1 | grep "^ |" | cut -c11-60 | sed -e 's/ //g' | xxd -r -p
  
  # https://www.commandlinefu.com/commands/view/6743/intercept-stdoutstderr-of-another-process-or-disowned-process
  $ strace -e write=1,2 -p $PID 2>&1 | sed -un "/^ |/p" | sed -ue "s/^.\{9\}\(.\{50\}\).\+/\1/g" -e 's/ //g' | xxd -r -p

• debug script

  $ strace -e clone,execve,pipe,dup2 \
           -f bash -c 'cat <(/bin/true) <(/bin/false) <(/bin/echo)'
  execve("/usr/bin/bash", ["bash", "-c", "cat <(/bin/true) <(/bin/false) <"...], 0x7fff9b9c6f98 /* 75 vars */) = 0
  pipe([3, 4])                            = 0
  dup2(3, 63)                             = 63
  clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f7cf6a8ca10) = 289963
  strace: Process 289963 attached
  [pid 289962] pipe([3, 4])               = 0
  [pid 289962] dup2(3, 62)                = 62
  [pid 289962] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
  [pid 289963] dup2(4, 1)                 = 1
  [pid 289962] <... clone resumed>, child_tidptr=0x7f7cf6a8ca10) = 289964
  strace: Process 289964 attached
  [pid 289963] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
  [pid 289962] pipe([3, 4])               = 0
  strace: Process 289965 attached
  [pid 289963] <... clone resumed>, child_tidptr=0x7f7cf6a8ca10) = 289965
  [pid 289962] dup2(3, 61)                = 61
  [pid 289962] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
  [pid 289964] dup2(4, 1)                 = 1
  [pid 289965] execve("/bin/true", ["/bin/true"], 0x55ec7c007680 /* 73 vars */strace: Process 289966 attached
   <unfinished ...>
  [pid 289962] <... clone resumed>, child_tidptr=0x7f7cf6a8ca10) = 289966
  [pid 289964] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
  [pid 289965] <... execve resumed>)      = 0
  strace: Process 289967 attached
  [pid 289964] <... clone resumed>, child_tidptr=0x7f7cf6a8ca10) = 289967
  [pid 289966] dup2(4, 1)                 = 1
  [pid 289967] execve("/bin/false", ["/bin/false"], 0x55ec7c007af0 /* 73 vars */ <unfinished ...>
  [pid 289966] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f7cf6a8ca10) = 289968
  [pid 289967] <... execve resumed>)      = 0
  strace: Process 289968 attached
  [pid 289962] execve("/usr/bin/cat", ["cat", "/dev/fd/63", "/dev/fd/62", "/dev/fd/61"], 0x55ec7c007bc0 /* 73 vars */ <unfinished ...>
  [pid 289968] execve("/bin/echo", ["/bin/echo"], 0x55ec7c007e20 /* 73 vars */ <unfinished ...>
  [pid 289962] <... execve resumed>)      = 0
  [pid 289968] <... execve resumed>)      = 0
  [pid 289965] +++ exited with 0 +++
  [pid 289963] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289965, si_uid=10564, si_status=0, si_utime=0, si_stime=0} ---
  [pid 289963] +++ exited with 0 +++
  [pid 289962] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289963, si_uid=10564, si_status=0, si_utime=0, si_stime=0} ---
  [pid 289967] +++ exited with 1 +++
  [pid 289964] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289967, si_uid=10564, si_status=1, si_utime=0, si_stime=0} ---
  [pid 289964] +++ exited with 1 +++
  [pid 289962] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289964, si_uid=10564, si_status=1, si_utime=0, si_stime=0} ---
  
  [pid 289968] +++ exited with 0 +++
  [pid 289966] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289968, si_uid=10564, si_status=0, si_utime=0, si_stime=0} ---
  [pid 289966] +++ exited with 0 +++
  --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289966, si_uid=10564, si_status=0, si_utime=0, si_stime=0} ---
  +++ exited with 0 +++

• xtrace

  xtrace() {
    local eval_cmd
    printf -v eval_cmd '%q' "${@}"
    { set -x
      eval "${eval_cmd}"
    } 2>&1 | grep '^++'
    return "${PIPESTATUS[0]}"
  }

dtruss

[!TIP|label:references:]

• the MacOS alternatives strace

• Using modified dtruss.sh

$ sudo dtruss <cmd>

$ sudo dtruss ls
dtrace: system integrity protection is on, some features will not be available

SYSCALL(args)      = return
README.md   artifactory  devops   jenkins  osx    screenshot  vim
SUMMARY.md  cheatsheet   english  linux    programming  tools     virtualization
munmap(0x1155AB000, 0xA0000)     = 0 0
munmap(0x11564B000, 0x8000)    = 0 0
munmap(0x115653000, 0x4000)    = 0 0
munmap(0x115657000, 0x4000)    = 0 0
munmap(0x11565B000, 0x58000)     = 0 0
fsgetpath(0x7FF7BA418580, 0x400, 0x7FF7BA418568)     = 40 0
fsgetpath(0x7FF7BA418580, 0x400, 0x7FF7BA418568)     = 14 0
csrctl(0x0, 0x7FF7BA41898C, 0x4)     = -1 1
__mac_syscall(0x7FF819AD4E1B, 0x2, 0x7FF7BA4187F0)     = 0 0
csrctl(0x0, 0x7FF7BA41899C, 0x4)     = -1 1
__mac_syscall(0x7FF819AD1DA4, 0x5A, 0x7FF7BA418930)    = 0 0
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
open("/\0", 0x20100000, 0x0)     = 3 0
openat(0x3, "System/Cryptexes/OS\0", 0x100000, 0x0)    = 4 0
dup(0x4, 0x0, 0x0)     = 5 0
fstatat64(0x4, 0x7FF7BA4176D1, 0x7FF7BA417AD0)     = 0 0
openat(0x4, "System/Library/dyld/\0", 0x100000, 0x0)     = 6 0
fcntl(0x6, 0x32, 0x7FF7BA417760)     = 0 0
dup(0x6, 0x0, 0x0)     = 7 0
dup(0x5, 0x0, 0x0)     = 8 0
close(0x3)     = 0 0
close(0x5)     = 0 0
close(0x4)     = 0 0
close(0x6)     = 0 0
shared_region_check_np(0x7FF7BA418048, 0x0, 0x0)     = 0 0
fsgetpath(0x7FF7BA4185B0, 0x400, 0x7FF7BA4184E8)     = 83 0
fcntl(0x8, 0x32, 0x7FF7BA4185B0)     = 0 0
close(0x8)     = 0 0
close(0x7)     = 0 0
getfsstat64(0x0, 0x0, 0x2)     = 9 0
getfsstat64(0x106102040, 0x4C38, 0x2)    = 9 0
getattrlist("/\0", 0x7FF7BA4184F0, 0x7FF7BA418460)     = 0 0
stat64("/System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_x86_64h\0", 0x7FF7BA418828, 0x0)    = 0 0
dtrace: error on enabled probe ID 1690 (ID 845: syscall::stat64:return): invalid address (0x0) in action #11 at DIF offset 12
stat64("/usr/local/Cellar/coreutils/9.4/bin/gls\0", 0x7FF7BA417CC0, 0x0)     = 0 0
open("/usr/local/Cellar/coreutils/9.4/bin/gls\0", 0x0, 0x0)    = 3 0
mmap(0x0, 0x33358, 0x1, 0x40002, 0x3, 0x0)     = 0x105B18000 0
fcntl(0x3, 0x32, 0x7FF7BA417DD0)     = 0 0
close(0x3)     = 0 0
munmap(0x105B18000, 0x33358)     = 0 0
stat64("/usr/local/Cellar/coreutils/9.4/bin/gls\0", 0x7FF7BA418220, 0x0)     = 0 0
stat64("/usr/lib/libSystem.B.dylib\0", 0x7FF7BA417230, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libSystem.B.dylib\0", 0x7FF7BA4171E0, 0x0)    = -1 2
stat64("/usr/lib/libSystem.B.dylib\0", 0x7FF7BA417230, 0x0)    = -1 2
stat64("/usr/lib/libobjc.A.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libobjc.A.dylib\0", 0x7FF7BA414E30, 0x0)    = -1 2
stat64("/usr/lib/libobjc.A.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_blocks.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_blocks.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_blocks.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libxpc.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libxpc.dylib\0", 0x7FF7BA414E30, 0x0)  = -1 2
stat64("/usr/lib/system/libxpc.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_trace.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_trace.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_trace.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libcorecrypto.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcorecrypto.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2
stat64("/usr/lib/system/libcorecrypto.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_malloc.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_malloc.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_malloc.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libdispatch.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libdispatch.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libdispatch.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_featureflags.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_featureflags.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_featureflags.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_c.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_c.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libsystem_c.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/libc++.1.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libc++.1.dylib\0", 0x7FF7BA414E30, 0x0)     = -1 2
stat64("/usr/lib/libc++.1.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/libc++abi.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libc++abi.dylib\0", 0x7FF7BA414E30, 0x0)    = -1 2
stat64("/usr/lib/libc++abi.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libdyld.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libdyld.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libdyld.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_info.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_info.dylib\0", 0x7FF7BA414E30, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_info.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_darwin.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_darwin.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_darwin.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_notify.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_notify.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_notify.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_networkextension.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_networkextension.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_networkextension.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_asl.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_asl.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2
stat64("/usr/lib/system/libsystem_asl.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_symptoms.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_symptoms.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_symptoms.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_containermanager.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_containermanager.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_containermanager.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_configuration.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_configuration.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_configuration.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_sandbox.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_sandbox.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_sandbox.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libquarantine.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libquarantine.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2
stat64("/usr/lib/system/libquarantine.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_coreservices.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_coreservices.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_coreservices.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_m.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_m.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libsystem_m.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libmacho.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libmacho.dylib\0", 0x7FF7BA414E30, 0x0)  = -1 2
stat64("/usr/lib/system/libmacho.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libcommonCrypto.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcommonCrypto.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libcommonCrypto.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libunwind.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libunwind.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libunwind.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/liboah.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/liboah.dylib\0", 0x7FF7BA414E30, 0x0)     = -1 2
stat64("/usr/lib/liboah.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libcopyfile.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcopyfile.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libcopyfile.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libcompiler_rt.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcompiler_rt.dylib\0", 0x7FF7BA414E30, 0x0)    = -1 2
stat64("/usr/lib/system/libcompiler_rt.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_collections.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_collections.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_collections.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_secinit.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_secinit.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_secinit.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libremovefile.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libremovefile.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2
stat64("/usr/lib/system/libremovefile.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libkeymgr.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libkeymgr.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libkeymgr.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_dnssd.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_dnssd.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_dnssd.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libcache.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcache.dylib\0", 0x7FF7BA414E30, 0x0)  = -1 2
stat64("/usr/lib/system/libcache.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/libSystem.B.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libSystem.B.dylib\0", 0x7FF7BA414E30, 0x0)    = -1 2
stat64("/usr/lib/libSystem.B.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_darwindirectory.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_darwindirectory.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_darwindirectory.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
open("/dev/dtracehelper\0", 0x2, 0x0)    = 3 0
ioctl(0x3, 0x80086804, 0x7FF7BA416E18)     = 0 0
close(0x3)     = 0 0
open("/usr/local/Cellar/coreutils/9.4/bin/gls\0", 0x0, 0x0)    = 3 0
__mac_syscall(0x7FF819AD4E1B, 0x2, 0x7FF7BA4163D0)     = 0 0
map_with_linking_np(0x7FF7BA415FB0, 0x1, 0x7FF7BA415FE0)     = -1 22
close(0x3)     = 0 0
mprotect(0x105B08000, 0x4000, 0x1)     = 0 0
shared_region_check_np(0xFFFFFFFFFFFFFFFF, 0x0, 0x0)     = 0 0
mprotect(0x106100000, 0x40000, 0x1)    = 0 0
access("/AppleInternal/XBS/.isChrooted\0", 0x0, 0x0)     = -1 2
bsdthread_register(0x7FF819DC9B9C, 0x7FF819DC9B88, 0x2000)     = 1073742303 0
getpid(0x0, 0x0, 0x0)    = 49682 0
shm_open(0x7FF819C6CF42, 0x0, 0x19C6B388)    = 3 0
fstat64(0x3, 0x7FF7BA417340, 0x0)    = 0 0
mmap(0x0, 0x4000, 0x1, 0x40001, 0x3, 0x0)    = 0x105B1A000 0
close(0x3)     = 0 0
ioctl(0x2, 0x4004667A, 0x7FF7BA417404)     = 0 0
mprotect(0x105B23000, 0x1000, 0x0)     = 0 0
mprotect(0x105B2D000, 0x1000, 0x0)     = 0 0
mprotect(0x105B2E000, 0x1000, 0x0)     = 0 0
mprotect(0x105B38000, 0x1000, 0x0)     = 0 0
mprotect(0x105B1E000, 0x98, 0x1)     = 0 0
mprotect(0x105B1E000, 0x98, 0x3)     = 0 0
mprotect(0x105B1E000, 0x98, 0x1)     = 0 0
mprotect(0x105B39000, 0x1000, 0x1)     = 0 0
mprotect(0x105B3A000, 0x98, 0x1)     = 0 0
mprotect(0x105B3A000, 0x98, 0x3)     = 0 0
mprotect(0x105B3A000, 0x98, 0x1)     = 0 0
mprotect(0x105B1E000, 0x98, 0x3)     = 0 0
mprotect(0x105B1E000, 0x98, 0x1)     = 0 0
mprotect(0x105B39000, 0x1000, 0x3)     = 0 0
mprotect(0x105B39000, 0x1000, 0x1)     = 0 0
mprotect(0x106100000, 0x40000, 0x3)    = 0 0
mprotect(0x106100000, 0x40000, 0x1)    = 0 0
issetugid(0x0, 0x0, 0x0)     = 0 0
mprotect(0x106100000, 0x40000, 0x3)    = 0 0
getentropy(0x7FF7BA416C30, 0x20, 0x0)    = 0 0
mprotect(0x106100000, 0x40000, 0x1)    = 0 0
mprotect(0x106100000, 0x40000, 0x3)    = 0 0
mprotect(0x106100000, 0x40000, 0x1)    = 0 0
getattrlist("/usr/local/opt/coreutils/libexec/gnubin/ls\0", 0x7FF7BA4172E0, 0x7FF7BA4172F8)    = 0 0
access("/usr/local/Cellar/coreutils/9.4/bin\0", 0x4, 0x0)    = 0 0
open("/usr/local/Cellar/coreutils/9.4/bin\0", 0x0, 0x0)    = 3 0
fstat64(0x3, 0x7FAEECF042E0, 0x0)    = 0 0
csrctl(0x0, 0x7FF7BA41753C, 0x4)     = 0 0
fcntl(0x3, 0x32, 0x7FF7BA4171F0)     = 0 0
close(0x3)     = 0 0
open("/usr/local/Cellar/coreutils/9.4/bin/Info.plist\0", 0x0, 0x0)     = -1 2
proc_info(0x2, 0xC212, 0xD)    = 64 0
csops_audittoken(0xC212, 0x10, 0x7FF7BA417540)     = -1 22
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
csops(0xC212, 0x0, 0x7FF7BA4179A4)     = 0 0
mprotect(0x106100000, 0x40000, 0x3)    = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_COLLATE\0", 0x0, 0x0)    = 3 0
fcntl_nocancel(0x3, 0x3, 0x0)    = 0 0
getrlimit(0x1008, 0x7FF7BA417D10, 0x0)     = 0 0
fstat64(0x3, 0x7FF7BA417C88, 0x0)    = 0 0
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x3)    = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_CTYPE\0", 0x0, 0x0)    = 3 0
fcntl_nocancel(0x3, 0x3, 0x0)    = 0 0
fstat64(0x3, 0x7FF7BA417DD0, 0x0)    = 0 0
fstat64(0x3, 0x7FF7BA417BD8, 0x0)    = 0 0
lseek(0x3, 0x0, 0x1)     = 0 0
lseek(0x3, 0x0, 0x0)     = 0 0
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x3)    = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MONETARY\0", 0x0, 0x0)     = 3 0
fstat64(0x3, 0x7FF7BA417DD8, 0x0)    = 0 0
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x3)    = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_NUMERIC\0", 0x0, 0x0)    = 3 0
fstat64(0x3, 0x7FF7BA417DD8, 0x0)    = 0 0
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x3)    = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_TIME\0", 0x0, 0x0)     = 3 0
fstat64(0x3, 0x7FF7BA417DD8, 0x0)    = 0 0
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x3)    = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/LC_MESSAGES\0", 0x0, 0x0)     = 3 0
fstat64(0x3, 0x7FF7BA417DD8, 0x0)    = 0 0
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x3)    = 0 0
ioctl(0x1, 0x4004667A, 0x7FF7BA418324)     = 0 0
ioctl(0x1, 0x40087468, 0x7FF7BA4183F0)     = 0 0
open_nocancel(".\0", 0x1100004, 0x0)     = 3 0
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
fstatfs64(0x3, 0x7FF7BA417AB0, 0x0)    = 0 0
getdirentries64(0x3, 0x7FAEED80FC00, 0x2000)     = 568 0
close_nocancel(0x3)    = 0 0
sigprocmask(0x1, 0x0, 0x7FF7BA418350)    = 0x0 0
sigaltstack(0x0, 0x7FF7BA418340, 0x0)    = 0 0
fstat64(0x1, 0x7FF7BA416E58, 0x0)    = 0 0
ioctl(0x1, 0x4004667A, 0x7FF7BA416EA4)     = 0 0
dtrace: error on enabled probe ID 1712 (ID 963: syscall::write_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1712 (ID 963: syscall::write_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x1)    = 0 0
close_nocancel(0x2)    = 0 0

• troubleshooting

  • dtrace: system integrity protection is on

    [!TIP]

    • * iMarlso: osx/system integrity protection

    # csrutil disable
    # or
    # csrutil enable --without dtrace
    # or
    # csrutil enable --without dtrace --without debug

sar

netcat

[!NOTE|label:references:]

• the netcat command in linux

• check particular port

  $ nc -zv 127.0.0.1 22
  Connection to 127.0.0.1 port 22 [tcp/ssh] succeeded!

• check ports in range

  $ nc -znv -w 1 127.0.0.1 20-30
  nc: connectx to 127.0.0.1 port 20 (tcp) failed: Connection refused
  nc: connectx to 127.0.0.1 port 21 (tcp) failed: Connection refused
  Connection to 127.0.0.1 port 22 [tcp/*] succeeded!
  nc: connectx to 127.0.0.1 port 23 (tcp) failed: Connection refused
  nc: connectx to 127.0.0.1 port 24 (tcp) failed: Connection refused
  nc: connectx to 127.0.0.1 port 25 (tcp) failed: Connection refused
  nc: connectx to 127.0.0.1 port 26 (tcp) failed: Connection refused
  nc: connectx to 127.0.0.1 port 27 (tcp) failed: Connection refused
  nc: connectx to 127.0.0.1 port 28 (tcp) failed: Connection refused

• running simple web server

  $ cat > index.html <<<EOF
  <!DOCTYPE html>
  <html>
      <head>
          <title>Simple Netcat Server</title>
      </head>
      <body>
          <h1>Welcome to simple netcat server!<h1>
      </body>
      </body>
  <html>
  EOF
  
  $ echo -e "HTTP/1.1 200 OK\n\n$(cat index.html)" | nc -l 1234

• or getting more

  $ while true; do echo -e "HTTP/1.1 200 OK\n\n$(cat index.html)" | nc -l -w 1 1234; done
  GET / HTTP/1.1
  Host: localhost:1234
  Connection: keep-alive
  sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
  sec-ch-ua-mobile: ?0
  sec-ch-ua-platform: "macOS"
  Upgrade-Insecure-Requests: 1
  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
  Sec-Fetch-Site: none
  Sec-Fetch-Mode: navigate
  Sec-Fetch-User: ?1
  Sec-Fetch-Dest: document
  Accept-Encoding: gzip, deflate, br
  Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,en-US;q=0.7
  
  GET /favicon.ico HTTP/1.1
  Host: localhost:1234
  Connection: keep-alive
  sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
  sec-ch-ua-mobile: ?0
  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
  sec-ch-ua-platform: "macOS"
  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
  Sec-Fetch-Site: same-origin
  Sec-Fetch-Mode: no-cors
  Sec-Fetch-Dest: image
  Referer: http://localhost:1234/
  Accept-Encoding: gzip, deflate, br
  Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,en-US;q=0.7
  ...

  

  netcat web service
• reverse proxy with netcat
• emulating netcat -e

  $ mkfifo foo ; nc -lk 2600 0<foo | /bin/bash 1>foo

ip

$ ip addr show | sed -nE "s/inet\s(.*)\/[0-9]+.*\s(\w+)/\2 \1/p"
  lo0 127.0.0.1
  en0 192.168.1.71

# for linux
$ ip addr show | sed -nE "s/inet\s(.*)\/[0-9]+.*\s(\w+)/\2 \1/p" | column -to ' => '
lo0 => 127.0.0.1
en0 => 192.168.1.71

datadog

others

[!NOTE|label:references:]

• 完全指南：在 Linux 中如何打印和管理打印机
• 440+ 个免费的编程 & 计算机科学的在线课程
• 在 Linux 上用 DNS 实现简单的负载均衡
• Python 字节码介绍