# admin tools * [encryption](#encryption) * [gpg](#gpg) * [basic knowledge](#basic-knowledge) * [create new key](#create-new-key) * [list keys](#list-keys) * [remove keys](#remove-keys) * [export/import keys](#exportimport-keys) * [usage](#usage) * [pass](#pass) * [env](#env) * [insert](#insert) * [generate](#generate) * [remove](#remove) * [advanced usage](#advanced-usage) * [plugins](#plugins) * [OTP](#otp) * [pass-otp](#pass-otp) * [PGP](#pgp) * [passwd](#passwd) * [network tools](#network-tools) * [`vnstat`](#vnstat) * [`ipcalc`](#ipcalc) * [`iostat`](#iostat) * [`tcpdump`](#tcpdump) * [`dstat`](#dstat) * [strace](#strace) * [`dtruss`](#dtruss) * [sar](#sar) * [netcat](#netcat) * [`ip`](#ip) * [datadog](#datadog) * [others](#others) {% hint style="info" %} > references: > > * [20 Command Line Tools to Monitor Linux Performance](http://www.tecmint.com/command-line-tools-to-monitor-linux-performance/) > * [20 Linux System Monitoring Tools Every SysAdmin Should Know](http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html) > * [Top 25 Best Linux Performance Monitoring and Debugging Tools](http://thegeekstuff.com/2011/12/linux-performance-monitoring-tools/) > * [http://www.thegeekstuff.com/2010/12/50-unix-linux-sysadmin-tutorials](http://www.thegeekstuff.com/2010/12/50-unix-linux-sysadmin-tutorials/) > * [16 commands to check hardware information on Linux](http://www.binarytides.com/linux-commands-hardware-info/) > * [Best UNIX shell-based tools](https://gist.github.com/mbbx6spp/1429161) > * [\* alebcay/awesome-shell](https://github.com/alebcay/awesome-shell/tree/master) > * [\* zh-cn](https://github.com/alebcay/awesome-shell/blob/master/README_ZH-CN.md) > * [nosarthur/awesome-shell](https://github.com/nosarthur/awesome-shell) > * [\* rockerBOO/awesome-neovim](https://github.com/rockerBOO/awesome-neovim) > * [jlevy/the-art-of-command-line](https://github.com/jlevy/the-art-of-command-line) > * [Learn Enough Command Line to Be Dangerous](https://www.learnenough.com/command-line-tutorial/basics) > * [Shell Style Guide](https://google.github.io/styleguide/shellguide.html) > * [Use Bash Strict Mode (Unless You Love Debugging)](http://redsymbol.net/articles/unofficial-bash-strict-mode/) > * others > * [bayandin/awesome-awesomeness](https://github.com/bayandin/awesome-awesomeness) > * [emijrp/awesome-awesome](https://github.com/emijrp/awesome-awesome) > * [kahun/awesome-sysadmin](https://github.com/kahun/awesome-sysadmin) > * [My Minimalist Over-powered Linux Setup Guide](https://medium.com/@jonyeezs/my-minimal-over-powered-linux-setup-guide-710931efb75b) > * [\* devynspencer/cute\_commands.sh](https://gist.github.com/devynspencer/cfdce35b3230e72214ef) > {% endhint %} ## encryption ### gpg > \[!NOTE|label:references:] > > * [\* The GNU Privacy Handbook](https://www.gnupg.org/gph/en/manual.html) > * [\* The GNU Privacy Guard Manual](https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html) > * [GPG入门教程](https://www.ruanyifeng.com/blog/2013/07/gpg.html) > * [GPG(GnuPG)入门](https://www.cnblogs.com/time-is-life/p/9668999.html) > * [FlowCrypt: PGP Encryption for Gmail](https://flowcrypt.com/) #### basic knowledge > \[!NOTE|label:references:] > > * to show `--dump-options`: `gpg --dump-options` * [letters indicating](https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html) > \[!TIP|label:references:] > > * [简明 GPG 概念](https://zhuanlan.zhihu.com/p/137801979) > * GPG 密钥的能力中, \[C]、\[S]、\[A] 均属于签名方案,只有 \[E] 是加密方案 > * [The GNU Privacy Guard Manual : 4.2.1 How to change the configuration](https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html) > * [OpenPGP Message Format : 5.2.3.21. Key Flags](https://www.rfc-editor.org/rfc/rfc4880#section-5.2.3.21) > * [How are the GPG usage flags defined in the key details listing?](https://unix.stackexchange.com/a/230859/29178) > * [Anatomy of a GPG Key](https://davesteele.github.io/gpg/2014/09/20/anatomy-of-a-gpg-key/) | LETTER | MEANING | flag | CONSTANT | COMMENTS | | ------ | ------------- | ---------------- | ------------------- | ------------------------------ | | `[C]` | Certification | `0x01` | PUBKEY\_USAGE\_CERT | 认证其他秘钥/给其他证书签名 | | `[S]` | Signing | `0x02` | PUBKEY\_USAGE\_SIG | 签名,如给文件添加数字签名, 给 git commit 签名 | | `[A]` | Authenticate | `0x20` | PUBKEY\_USAGE\_AUTH | 身份验证, 如 ssh 登录 | | `[E]` | Encryption | `0x04` or `0x08` | PUBKEY\_USAGE\_ENC | 加密, 如给文件加密, 给邮件加密 | #### create new key > \[!NOTE|label:references:] > > * [Generating GPG Keys](https://www.files.com/docs/encryption/gpg-pgp/generating-gpg-keys) > * [How to create GPG keypairs](https://www.redhat.com/sysadmin/creating-gpg-keypairs) > * [Generating a new GPG key](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key) ```bash $ gpg --full-generate-key ``` * [or](https://superuser.com/a/1360557/112396) ```bash $ gpg --batch --gen-key < Name-Email: Expire-Date:0 EOF ``` #### list keys * secret keys ```bash $ gpg --list-secret-keys --keyid-format=long gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u [keyboxd] --------- sec ed25519/505104FC7CD6CA33 2024-05-08 [SC] 00D2F41050BF7D9BE6B27545505104FC7CD6CA33 uid [ultimate] marslo ssb cv25519/188C36434D6B9F66 2024-05-08 [E] ``` * public keys ```bash $ gpg --list-public-keys --keyid-format=long [keyboxd] --------- pub ed25519/5C0980808D968494 2024-05-08 [SC] 6AADCD68E268DEF623C4DD7E5C0980808D968494 uid [ultimate] marslo sub cv25519/F065036D0FF76ABA 2024-05-08 [E] ``` * list KEYID ```bash $ gpg --list-keys --with-colons | awk -F: '$1 == "pub" && ($2 == "e" || $2 == "r" || $2 == "u") { print $5 }' ``` * with fingerprint ```bash $ gpg --list-secret-keys --with-colons --fingerprint sec:u:255:22:5C0980808D968494:1715138996:::u:::scESC:::+::ed25519:::0: fpr:::::::::6AADCD68E268DEF623C4DD7E5C0980808D968494: grp:::::::::DA2F273B9FCDBCE44E8F5B1590CC29F774C557A5: uid:u::::1715138996::689D1C164C7C46F315D0FF60C5CDE6E509C6D853::marslo ::::::::::0: ssb:u:255:18:F065036D0FF76ABA:1715138996::::::e:::+::cv25519:: fpr:::::::::B6550514914F4E14976755BBF065036D0FF76ABA: grp:::::::::C55CD6EE8B06EC939090352069AB9D37CFA0C7FA: # list fingerprint only $ gpg --list-keys --with-colons | awk -F: '$1 == "fpr" { print $10 }' 6AADCD68E268DEF623C4DD7E5C0980808D968494 B6550514914F4E14976755BBF065036D0FF76ABA # or $ gpg --list-secret-keys --with-colons --fingerprint | sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p' 6AADCD68E268DEF623C4DD7E5C0980808D968494 B6550514914F4E14976755BBF065036D0FF76ABA ``` #### remove keys * remove all keys ```bash $ gpg --yes --delete-secret-and-public-key "marslo" gpg (GnuPG) 2.4.5; Copyright (C) 2024 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. sec ed25519/133597088DEF3074 2024-05-08 marslo (marslo) Delete this key from the keyring? (y/N) y This is a secret key! - really delete? (y/N) y pub ed25519/133597088DEF3074 2024-05-08 marslo (marslo) Delete this key from the keyring? (y/N) y ``` * [or via `--batch`](https://superuser.com/a/1631427/112396) ```bash $ gpg --list-keys --with-colons \ | awk -F: '$1 == "pub" && ($2 == "e" || $2 == "r" || $2 == "u") { print $5 }' \ | xargs gpg --batch --yes --delete-secret-and-public-key ``` * [or via fingerprint](https://superuser.com/a/1192732/112396) ```bash $ gpg --fingerprint --with-colons ${GPG_KEY} |\ grep "^fpr" |\ sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p' |\ xargs gpg --batch --delete-secret-keys ``` #### export/import keys > \[!NOTE|label:references:] > > * [How to export a GPG private key and public key to a file](https://unix.stackexchange.com/a/482559/29178) > * [Moving GPG Keys Privately](https://vhs.codeberg.page/post/moving-gpg-keys-privately/) **export** * export public key ```bash $ gpg --output public.pgp --armor --export ``` * check content ```bash $ gpg --armor --export # i.e.: $ gpg --armor --export marslo -----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK----- ``` * export secret key ```bash $ gpg --output private.pgp --armor --export-secret-key # or $ gpg -o ~/private.asc --export-secret-key ``` * [export and ssh](https://unix.stackexchange.com/a/618702/29178) ```bash $ gpg --export-secret-key SOMEKEYID | ssh othermachine gpg --import ``` * [more](https://unix.stackexchange.com/a/618702/29178) ```bash $ gpg --output public.gpg --export SOMEKEYID && \ $ gpg --output - --export-secret-key SOMEKEYID |\ cat public.gpg - |\ gpg --armor --output keys.asc --symmetric --cipher-algo AES256 ``` * check content ```bash $ gpg --armor --export-secret-keys # i.e.: $ gpg --armor --export-secret-keys marslo -----BEGIN PGP PRIVATE KEY BLOCK----- ... -----END PGP PRIVATE KEY BLOCK----- ``` * backup keys ```bash $ gpg --output backupkeys.pgp --armor --export-secret-keys --export-options export-backup # or $ gpg --output backupkeys.pgp --armor --export --export-options export-backup ``` **import** > \[!NOTE|label:references:] > > * [How to import secret keys into GPG keychain](https://unix.stackexchange.com/a/230859/29178) > * [pass and gpg: No public key](https://unix.stackexchange.com/a/232341/29178) > * [How to import secret gpg key (copied from one machine to another)?](https://unix.stackexchange.com/a/184952/29178) ```bash # import private key $ gpg --import private.pgp gpg: /home/marslo/.gnupg/trustdb.gpg: trustdb created gpg: key 5C0980808D968494: public key "marslo " imported gpg: key 5C0980808D968494: secret key imported gpg: Total number processed: 1 gpg: imported: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 # list keys $ gpg --list-keys /home/marslo/.gnupg/pubring.kbx ------------------------------- pub ed25519 2024-05-08 [SC] 6AADCD68E268DEF623C4DD7E5C0980808D968494 uid [ unknown] marslo sub cv25519 2024-05-08 [E] # trust $ gpg --edit-key 6AADCD68E268DEF623C4DD7E5C0980808D968494 trust quit 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu gpg> Your decision? 5 gpg> Do you really want to set this key to ultimate trust? (y/N) y # check key again $ gpg --list-keys gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u /home/marslo/.gnupg/pubring.kbx ------------------------------- pub ed25519 2024-05-08 [SC] 6AADCD68E268DEF623C4DD7E5C0980808D968494 uid [ultimate] marslo sub cv25519 2024-05-08 [E] ``` * import publid key ```bash # import public key $ gpg --import public.pgp gpg: key 5C0980808D968494: "marslo " not changed gpg: Total number processed: 1 gpg: unchanged: 1 ``` * trust key ```bash # verify available $ gpg --edit-key # trust $ gpg --edit-key gpg> trust gpg> save gpg> quit ``` * recover from backup keys ```bash $ gpg --import-options restore --import backupkeys.pgp ``` #### usage > \[!NOTE|label:references:] > > * [GPG使用方法总结(密钥管理,加解密文件)](https://blog.csdn.net/vic_qxz/article/details/127225478) ### pass > \[!NOTE] > > * [pass: the standard unix password manager](https://www.passwordstore.org/) > * [git repo: password-store](https://git.zx2c4.com/password-store/) > * [video: How to Use Pass Which Is a Command Line Password Manager](https://www.youtube.com/watch?v=w34xAnNdliE) > * [How to Use Pass Which Is a Command Line Password Manager](https://nickjanetakis.com/blog/how-to-use-pass-which-is-a-command-line-password-manager) > * [archlinux: pass](https://wiki.archlinux.org/title/Pass) > * [compatible clients](https://www.passwordstore.org/#other) > * [Clever uses of pass, the Unix password manager](https://vitalyparnas.com/guides/pass/#generate) > * [Configuring Pass, the Standard Unix Password Manager](https://ryan.himmelwright.net/post/setting-up-pass/) #### env > \[!NOTE|label:references:] > > * [completion](https://git.zx2c4.com/password-store/tree/src/completion) > * [environment variable](https://manpages.ubuntu.com/manpages/noble/man1/pass.1.html#environment%20variables) > * `PASSWORD_STORE_DIR` > * `PASSWORD_STORE_KEY` > * `PASSWORD_STORE_GENERATED_LENGTH` > * `PASSWORD_STORE_CHARACTER_SET` > * `PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS` > * `PASSWORD_STORE_CLIP_TIME` > * `PASSWORD_STORE_EXTENSIONS_DIR` > * `PASSWORD_STORE_ENABLE_EXTENSIONS` > * `PASSWORD_STORE_SIGNING_KEY` ```bash $ export PASSWORD_STORE_DIR=~/.password-store ``` * install ```bash # osx $ brew install pass # ubuntu/debian $ sudo apt-get install pass # fedora/rhel $ sudo yum install pass ``` * init > \[!TIP|label:references:] > > * [How to manage Linux passwords with the pass command](https://www.redhat.com/sysadmin/management-password-store) > * [I try to add passwords to the "pass" password manager. But my attempts fail with "no public key" GPG errors. Why?](/handbook/awesomeshell/admintools.md) > * to avoid the issue like: > > ```bash > $ pass generate test 30 > gpg: marslo: skipped: No public key > gpg: [stdin]: encryption failed: No public key > Password encryption aborted. > ``` ```bash $ gpg --full-generate-key ``` #### insert ```bash $ pass insert # i.e.: $ pass insert test Enter password for test: abc Retype password for test: abc $ pass test abc # copy $ pass -c test Copied test to clipboard. Will clear in 45 seconds. ``` ![pass insert](/files/oIXOl416EMb32rpdOKJp) #### generate > \[!NOTE|label:references:] > > * [PASSWORD\_STORE\_CHARACTER\_SET\_NO\_SYMBOLS isn't respected](https://lists.zx2c4.com/pipermail/password-store/2018-January/003170.html) > * [\[pass\] Provide symbol set as command line argument](https://lists.zx2c4.com/pipermail/password-store/2016-November/002429.html) > * [How to generate secure passwords using terminal (Mac/Linux) ?](https://mnzel.medium.com/how-to-generate-secure-passwords-using-terminal-mac-linux-3e823cff3cac) > * [default and envs](https://git.zx2c4.com/password-store/tree/src/password-store.sh) > * `PASSWORD_STORE_DIR=$HOME/.password-store` > * `PASSWORD_STORE_EXTENSIONS_DIR=${PASSWORD_STORE_DIR}/.extensions` > * `PASSWORD_STORE_CLIP_TIME=45` > * `PASSWORD_STORE_GENERATED_LENGTH=25` > * others: > * `PASSWORD_STORE_CHARACTER_SET='[:alnum:].,!?&*%_~$#^@{}[]()<>|=/\+-'` > * [Vim: word vs WORD](https://stackoverflow.com/a/54588479/2940319) > > ![WORD VS. word](/files/pHE2nuHK8EecbYspo2PN) * customize charset ```bash $ export PASSWORD_STORE_CHARACTER_SET='a-zA-Z0-9' $ yes | pass generate test 30 The generated password for test is: HnD7XyeFDtOrw5oDhn22U8AjHVV9cf $ yes | pass generate test 30 The generated password for test is: t57PYCw4r0tHSXCa4zW2DVGNuizQ1k $ export PASSWORD_STORE_CHARACTER_SET='a-zA-Z0-9()' $ yes | pass generate test 50 The generated password for test is: wof1Hw92QXe(G3)MkMRp5Wx3UCMgHIpt)7ENNn(f8r(ZRcztQ1 $ yes | pass generate test 30 The generated password for test is: 60m2XHtqfTsvfJT(YYV1wKlBBoOJYb ``` * generate qrcode ```bash $ pass generate --qrcode ``` * [generate via `/dev/urandom`](https://lists.zx2c4.com/pipermail/password-store/2016-November/002429.html) ```bash $ head /dev/urandom | tr -dc 'A-Za-z0-9!@#$%^&*()' | head -c 32 && echo xGPqC%MeE2HU3NkH#JeA##RB^YbX49cd $ head /dev/urandom | tr -dc 'A-Za-z0-9!@#$%^&*()?:_-~+<=>' | head -c 32 && echo e?XEGaD68^FNYI5#E^aFVgv:(6_pL>!I $ head /dev/urandom | tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' | head -c 32 && echo +&7oQC ``` * [generate via openssl](https://www.commandlinefu.com/commands/view/4204/generate-random-password) ```bash $ openssl rand -base64 32 DfXwoBz8UAel09qN1rR97luKy+aFuC8N0Fua+YaSW8A= # or: https://www.commandlinefu.com/commands/view/24565/generate-a-random-password-30-characters-long $ openssl rand -rand /dev/urandom -base64 32 ``` #### remove ```bash $ pass rm test -f removed '/Users/marslo/.marslo/.password-store/test.gpg' ``` #### advanced usage > \[!NOTE|label:references:] > > * extensions > * [roddhjav/pass-tomb](https://github.com/roddhjav/pass-tomb) > * [tadfisher/pass-otp)](https://github.com/tadfisher/pass-otp) | [pass-otp.bash.completion](https://github.com/tadfisher/pass-otp/blob/develop/pass-otp.bash.completion) > * [roddhjav/pass-import](https://github.com/roddhjav/pass-import) > * [roddhjav/pass-update](https://github.com/roddhjav/pass-update) > * [roddhjav/pass-audit](https://github.com/roddhjav/pass-audit) > * [ayushnix/pass-coffin](https://github.com/ayushnix/pass-coffin) > * [ayushnix/pass-tessen](https://github.com/ayushnix/pass-tessen) > * additional tools > * [Pass for Alfred](https://alfred.app/workflows/chrisgrieser/pass/) * alfred workflow ```bash $ brew isntall --HEAD pinentry-mac # using pinentry-mac instead of pinentry for alfred workflow $ [[ -d "$HOME/.gnupg" ]] || mkdir "$HOME/.gnupg" $ echo "pinentry-program $(brew --prefix)/bin/pinentry-mac" > $HOME/.gnupg/gpg-agent.conf $ gpgconf --kill gpg-agent # restart the agent ``` * pw ```bash pw() { export PASSWORD_STORE_CLIP_TIME=8 export PASSWORD_STORE_X_SELECTION=primary pass -c2 $1; sleep 5; pass -c $1; sleep 5; pass otp -c $1; exit } ``` * extend ```bash # ~/.bashrc $ alias passred="PASSWORD_STORE_DIR=~/.pass/red pass" $ alias passblue="PASSWORD_STORE_DIR=~/.pass/blue pass" $ cat /usr/share/bash-completion/completions/pass _passred(){ PASSWORD_STORE_DIR=~/.pass/red/ _pass } complete -o filenames -o nospace -F _passred passred _passblue(){ PASSWORD_STORE_DIR=~/.pass/blue/ _pass } complete -o filenames -o nospace -F _passblue passblue $ source /usr/share/bash-completion/completions/pass ``` * git ```bash $ git config --global credential.helper /usr/bin/pass-git-helper $ cat ~/.gitconfig [github.com] target=dev/github [*.fooo-bar.*] target=dev/fooo-bar ``` * client ```bash # create local password store $ pass init # enable management of local changes through git $ pass git init # add the the remote git repository as 'origin' $ pass git remote add origin user@server:~/.password-store # push your local pass history $ pass git push -u --all ``` #### plugins * pass-otp > \[!NOTE|label:references:] > > * [#137 Bash completion](https://github.com/tadfisher/pass-otp/issues/137) ```bash # --- install --- # osx $ brew install pass-otp $ brew uses --recursive --installed oath-toolkit pass-otp # --- usage --- ## init $ pass otp insert -e sandbox/otp Enter otpauth:// URI for sandbox/otp: otpauth://totp/totp-secret?secret=sandbox ## show otp code $ pass otp sandbox/otp 148395 ``` ### OTP > \[!NOTE|label:references:] > > * [OATH-Toolkit](https://wiki.gentoo.org/wiki/OATH-Toolkit) > * [Use oathtool Linux command line for 2 step verification (2FA)](https://www.cyberciti.biz/faq/use-oathtool-linux-command-line-for-2-step-verification-2fa/) > * [One-Time-Passwords using oathtool on Ubuntu 14.04(+)](https://nerdyness2012.wordpress.com/2015/01/15/one-time-passwords-using-oathtool-on-ubuntu/) #### pass-otp > \[!NOTE|label:references:] > > * tips: > > ```bash > $ brew which-formula oathtool > oath-toolkit > > $ brew uses --recursive --installed oath-toolkit > pass-otp > ``` ```bash $ oathtool $(openssl rand -hex 16) 848050 ``` ### PGP > \[!NOTE|label:references:] > > * Protecting Code Integrity with PGP > * [Protecting Code Integrity with PGP — Part 1: Basic Concepts and Tools](https://www.linux.com/news/protecting-code-integrity-pgp-part-1-basic-pgp-concepts-and-tools/) | [用 PGP 保护代码完整性(一): 基本概念和工具](https://linux.cn/article-9524-1.html) > * [Protecting Code Integrity with PGP — Part 2: Generating Your Master Key](https://www.linux.com/news/protecting-code-integrity-pgp-part-2-generating-and-protecting-your-master-pgp-key/) | [用 PGP 保护代码完整性(二):生成你的主密钥](https://linux.cn/article-9529-1.html) > * [Protecting Code Integrity with PGP — Part 3: Generating PGP Subkeys](https://www.linux.com/news/protecting-code-integrity-pgp-part-3-generating-pgp-subkeys/) | [用 PGP 保护代码完整性(三):生成 PGP 子密钥](https://linux.cn/article-9607-1.html) > * [Protecting Code Integrity with PGP — Part 4: Moving Your Master Key to Offline Storage](https://www.linux.com/news/protecting-code-integrity-pgp-part-4-moving-your-master-key-offline-storage/) | [用 PGP 保护代码完整性(四):将主密钥移到离线存储中](https://linux.cn/article-10402-1.html) > * [Protecting Code Integrity with PGP — Part 5: Moving Subkeys to a Hardware Device](https://www.linux.com/training-tutorials/protecting-code-integrity-pgp-part-5-moving-subkeys-hardware-device) | [用 PGP 保护代码完整性(五):将子密钥移到一个硬件设备中](https://linux.cn/article-10415-1.html) > * [Protecting Code Integrity with PGP — Part 6: Using PGP with Git](https://www.linux.com/news/protecting-code-integrity-pgp-part-6-using-pgp-git/) | [用 PGP 保护代码完整性(六):在 Git 上使用 PGP](https://linux.cn/article-10421-1.html) > * [Protecting Code Integrity with PGP — Part 7: Protecting Online Accounts](https://www.linux.com/news/protecting-code-integrity-pgp-part-7-protecting-online-accounts/) | [用 PGP 保护代码完整性(七):保护在线帐户](https://linux.cn/article-10432-1.html) ### passwd > \[!NOTE|label:references:] > > * [Managing Linux users with the passwd command](https://www.redhat.com/sysadmin/managing-users-passwd) ## network tools > \[!NOTE|label:see also:] > > * [iMarslo : linux/network](https://github.com/marslo/ibook/blob/marslo/docs/linux/network.html) ### `vnstat` ![vnstat](/files/-MHqOij78m_El5qWred1) ```bash $ vnstat -l 1 -i en7 Monitoring en7... (press CTRL-C to stop) rx: 4.10 kbit/s 21.00 KiB tx: 0 bit/s 6.00 KiB^C en7 / traffic statistics rx | tx --------------------------------------+------------------ bytes 21.00 KiB | 6.00 KiB --------------------------------------+------------------ max 53.25 kbit/s | 12.29 kbit/s average 17.20 kbit/s | 4.92 kbit/s min 0 bit/s | 0 bit/s --------------------------------------+------------------ packets 60 | 52 --------------------------------------+------------------ max 15 p/s | 16 p/s average 6 p/s | 5 p/s min 2 p/s | 0 p/s --------------------------------------+------------------ time 10 seconds ``` ### `ipcalc` ![ipcalc](/files/-MHvRsj1vw5tuVMBy2PK) ```bash $ ipcalc 10.25.130.2/23 Address: 10.25.130.2 00001010.00011001.1000001 0.00000010 Netmask: 255.255.254.0 = 23 11111111.11111111.1111111 0.00000000 Wildcard: 0.0.1.255 00000000.00000000.0000000 1.11111111 => Network: 10.25.130.0/23 00001010.00011001.1000001 0.00000000 HostMin: 10.25.130.1 00001010.00011001.1000001 0.00000001 HostMax: 10.25.131.254 00001010.00011001.1000001 1.11111110 Broadcast: 10.25.131.255 00001010.00011001.1000001 1.11111111 Hosts/Net: 510 Class A, Private Internet $ ipcalc 10.25.131.1/23 Address: 10.25.131.1 00001010.00011001.1000001 1.00000001 Netmask: 255.255.254.0 = 23 11111111.11111111.1111111 0.00000000 Wildcard: 0.0.1.255 00000000.00000000.0000000 1.11111111 => Network: 10.25.130.0/23 00001010.00011001.1000001 0.00000000 HostMin: 10.25.130.1 00001010.00011001.1000001 0.00000001 HostMax: 10.25.131.254 00001010.00011001.1000001 1.11111110 Broadcast: 10.25.131.255 00001010.00011001.1000001 1.11111111 Hosts/Net: 510 Class A, Private Internet ``` ### `iostat` ```bash $ iostat disk0 cpu load average KB/t tps MB/s us sy id 1m 5m 15m 19.85 37 0.72 3 1 96 1.78 1.90 1.69 ``` ### `tcpdump` > \[!NOTE|label:references:] > > * [\* Tcpdump](https://www.kancloud.cn/pshizhsysu/linux/1799754) ```bash $ sudo tcpdump -A -i en7 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en7, link-type EN10MB (Ethernet), capture size 262144 bytes 00:33:02.787671 IP 10.25.130.117.53629 > a23-43-240-92.deploy.static.akamaitechnologies.com.https: Flags [.], ack 697481089, win 2048, length 0 E..(....@... ..u.+.\.}..r...)...P...:... 00:33:02.790119 IP 10.25.130.117.51541 > sh-vdc01.mycompany.com.domain: 53089+ PTR? 92.240.43.23.in-addr.arpa. (43) E..GP....._. ..u &t..U.5.3...a...........92.240.43.23.in-addr.arpa..... 00:33:02.812866 ARP, Request who-has gw-voice-idf.cdu-cn.mycompany.com tell gw-vg224-idf.cdu-cn.mycompany.com, length 46 .... .... 13 packets captured 25 packets received by filter 0 packets dropped by kernel ``` * [or](https://superuser.com/a/1567926/112396) ```bash $ sudo tcpdump -n -i any src or dst target.ip.address [ -v ] # i.e. $ sudo tcpdump -n -i any src or dst git.domain.com -v tcpdump: data link type PKTAP tcpdump: listening on any, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes 00:02:55.698822 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52) 10.25.130.104.63447 > 10.69.78.140.29418: Flags [F.], cksum 0x8fe0 (correct), seq 2566890566, ack 4019765769, win 2058, options [nop,nop,TS val 1955309758 ecr 154499413], length 0 ``` ### `dstat` ![dstat](/files/-MHqOijByECODCPn4Z3Z) ### strace > \[!NOTE|label:references:] > > * [I have a tab completion that hangs, is it possible to use strace to find out what is going on?](https://unix.stackexchange.com/a/525582/29178) > * [Resolve nested aliases to their source commands](https://unix.stackexchange.com/a/441389/29178) > * [What's the difference between <<, <<< and < < in bash?](https://askubuntu.com/a/678919) | LINUX | MACOS | COMPARISON | | ---------------------------------- | ------------------------------------------------------------ | ---------------------------- | | `strace` | `dtruss`/`dtrace` | System Call Tracking Tool | | `ltrace` | `dyldtrace` | Dynamic Link Library Tracing | | Flexible | Limited by System Integrity Protection | Kernel Module Support | | Regular users can partially use it | Most features require root access or `CSRUTIL` configuration | Permission Requirements | | high | Reliance on BSD-specific syntax | Script Portability | ```bash $ ... run cmd ... # or $ pid=$(echo ??) $ sudo strace -fp ${pid} -o log # or $ sudo -v $ sudo strace -fp $$ -o log & # -- more -- $ set -o functrace xtrace $ PS4=' ${BASH_SOURCE}:$FUNCNAME:$LINENO: ' ``` * [intercept stdout/stderr of another process](https://www.commandlinefu.com/commands/view/5410/intercept-stdoutstderr-of-another-process) ```bash $ strace -ff -e trace=write -e write=1,2 -p SOME_PID # https://www.commandlinefu.com/commands/view/5450/intercept-stdoutstderr-of-another-process $ strace -ff -e write=1,2 -s 1024 -p PID 2>&1 | grep "^ |" | cut -c11-60 | sed -e 's/ //g' | xxd -r -p # https://www.commandlinefu.com/commands/view/6743/intercept-stdoutstderr-of-another-process-or-disowned-process $ strace -e write=1,2 -p $PID 2>&1 | sed -un "/^ |/p" | sed -ue "s/^.\{9\}\(.\{50\}\).\+/\1/g" -e 's/ //g' | xxd -r -p ``` * [debug script](https://askubuntu.com/a/678919/92979) ```bash $ strace -e clone,execve,pipe,dup2 \ -f bash -c 'cat <(/bin/true) <(/bin/false) <(/bin/echo)' execve("/usr/bin/bash", ["bash", "-c", "cat <(/bin/true) <(/bin/false) <"...], 0x7fff9b9c6f98 /* 75 vars */) = 0 pipe([3, 4]) = 0 dup2(3, 63) = 63 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f7cf6a8ca10) = 289963 strace: Process 289963 attached [pid 289962] pipe([3, 4]) = 0 [pid 289962] dup2(3, 62) = 62 [pid 289962] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289963] dup2(4, 1) = 1 [pid 289962] <... clone resumed>, child_tidptr=0x7f7cf6a8ca10) = 289964 strace: Process 289964 attached [pid 289963] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289962] pipe([3, 4]) = 0 strace: Process 289965 attached [pid 289963] <... clone resumed>, child_tidptr=0x7f7cf6a8ca10) = 289965 [pid 289962] dup2(3, 61) = 61 [pid 289962] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289964] dup2(4, 1) = 1 [pid 289965] execve("/bin/true", ["/bin/true"], 0x55ec7c007680 /* 73 vars */strace: Process 289966 attached [pid 289962] <... clone resumed>, child_tidptr=0x7f7cf6a8ca10) = 289966 [pid 289964] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289965] <... execve resumed>) = 0 strace: Process 289967 attached [pid 289964] <... clone resumed>, child_tidptr=0x7f7cf6a8ca10) = 289967 [pid 289966] dup2(4, 1) = 1 [pid 289967] execve("/bin/false", ["/bin/false"], 0x55ec7c007af0 /* 73 vars */ [pid 289966] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f7cf6a8ca10) = 289968 [pid 289967] <... execve resumed>) = 0 strace: Process 289968 attached [pid 289962] execve("/usr/bin/cat", ["cat", "/dev/fd/63", "/dev/fd/62", "/dev/fd/61"], 0x55ec7c007bc0 /* 73 vars */ [pid 289968] execve("/bin/echo", ["/bin/echo"], 0x55ec7c007e20 /* 73 vars */ [pid 289962] <... execve resumed>) = 0 [pid 289968] <... execve resumed>) = 0 [pid 289965] +++ exited with 0 +++ [pid 289963] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289965, si_uid=10564, si_status=0, si_utime=0, si_stime=0} --- [pid 289963] +++ exited with 0 +++ [pid 289962] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289963, si_uid=10564, si_status=0, si_utime=0, si_stime=0} --- [pid 289967] +++ exited with 1 +++ [pid 289964] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289967, si_uid=10564, si_status=1, si_utime=0, si_stime=0} --- [pid 289964] +++ exited with 1 +++ [pid 289962] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289964, si_uid=10564, si_status=1, si_utime=0, si_stime=0} --- [pid 289968] +++ exited with 0 +++ [pid 289966] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289968, si_uid=10564, si_status=0, si_utime=0, si_stime=0} --- [pid 289966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289966, si_uid=10564, si_status=0, si_utime=0, si_stime=0} --- +++ exited with 0 +++ ``` * [xtrace](https://unix.stackexchange.com/a/441389/29178) ```bash xtrace() { local eval_cmd printf -v eval_cmd '%q' "${@}" { set -x eval "${eval_cmd}" } 2>&1 | grep '^++' return "${PIPESTATUS[0]}" } ``` ### [`dtruss`](https://stackoverflow.com/a/31045613/2940319) > \[!TIP|label:references:] > > * the MacOS alternatives `strace` > * [Using modified dtruss.sh](https://stackoverflow.com/q/73724074/2940319) ```bash $ sudo dtruss ``` ```bash $ sudo dtruss ls dtrace: system integrity protection is on, some features will not be available SYSCALL(args) = return README.md artifactory devops jenkins osx screenshot vim SUMMARY.md cheatsheet english linux programming tools virtualization munmap(0x1155AB000, 0xA0000) = 0 0 munmap(0x11564B000, 0x8000) = 0 0 munmap(0x115653000, 0x4000) = 0 0 munmap(0x115657000, 0x4000) = 0 0 munmap(0x11565B000, 0x58000) = 0 0 fsgetpath(0x7FF7BA418580, 0x400, 0x7FF7BA418568) = 40 0 fsgetpath(0x7FF7BA418580, 0x400, 0x7FF7BA418568) = 14 0 csrctl(0x0, 0x7FF7BA41898C, 0x4) = -1 1 __mac_syscall(0x7FF819AD4E1B, 0x2, 0x7FF7BA4187F0) = 0 0 csrctl(0x0, 0x7FF7BA41899C, 0x4) = -1 1 __mac_syscall(0x7FF819AD1DA4, 0x5A, 0x7FF7BA418930) = 0 0 dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28 dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28 dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28 dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28 open("/\0", 0x20100000, 0x0) = 3 0 openat(0x3, "System/Cryptexes/OS\0", 0x100000, 0x0) = 4 0 dup(0x4, 0x0, 0x0) = 5 0 fstatat64(0x4, 0x7FF7BA4176D1, 0x7FF7BA417AD0) = 0 0 openat(0x4, "System/Library/dyld/\0", 0x100000, 0x0) = 6 0 fcntl(0x6, 0x32, 0x7FF7BA417760) = 0 0 dup(0x6, 0x0, 0x0) = 7 0 dup(0x5, 0x0, 0x0) = 8 0 close(0x3) = 0 0 close(0x5) = 0 0 close(0x4) = 0 0 close(0x6) = 0 0 shared_region_check_np(0x7FF7BA418048, 0x0, 0x0) = 0 0 fsgetpath(0x7FF7BA4185B0, 0x400, 0x7FF7BA4184E8) = 83 0 fcntl(0x8, 0x32, 0x7FF7BA4185B0) = 0 0 close(0x8) = 0 0 close(0x7) = 0 0 getfsstat64(0x0, 0x0, 0x2) = 9 0 getfsstat64(0x106102040, 0x4C38, 0x2) = 9 0 getattrlist("/\0", 0x7FF7BA4184F0, 0x7FF7BA418460) = 0 0 stat64("/System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_x86_64h\0", 0x7FF7BA418828, 0x0) = 0 0 dtrace: error on enabled probe ID 1690 (ID 845: syscall::stat64:return): invalid address (0x0) in action #11 at DIF offset 12 stat64("/usr/local/Cellar/coreutils/9.4/bin/gls\0", 0x7FF7BA417CC0, 0x0) = 0 0 open("/usr/local/Cellar/coreutils/9.4/bin/gls\0", 0x0, 0x0) = 3 0 mmap(0x0, 0x33358, 0x1, 0x40002, 0x3, 0x0) = 0x105B18000 0 fcntl(0x3, 0x32, 0x7FF7BA417DD0) = 0 0 close(0x3) = 0 0 munmap(0x105B18000, 0x33358) = 0 0 stat64("/usr/local/Cellar/coreutils/9.4/bin/gls\0", 0x7FF7BA418220, 0x0) = 0 0 stat64("/usr/lib/libSystem.B.dylib\0", 0x7FF7BA417230, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libSystem.B.dylib\0", 0x7FF7BA4171E0, 0x0) = -1 2 stat64("/usr/lib/libSystem.B.dylib\0", 0x7FF7BA417230, 0x0) = -1 2 stat64("/usr/lib/libobjc.A.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libobjc.A.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/libobjc.A.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_blocks.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_blocks.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_blocks.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libxpc.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libxpc.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libxpc.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_trace.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_trace.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_trace.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libcorecrypto.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcorecrypto.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libcorecrypto.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_malloc.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_malloc.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_malloc.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libdispatch.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libdispatch.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libdispatch.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_featureflags.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_featureflags.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_featureflags.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_c.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_c.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_c.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/libc++.1.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libc++.1.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/libc++.1.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/libc++abi.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libc++abi.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/libc++abi.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libdyld.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libdyld.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libdyld.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_info.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_info.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_info.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_darwin.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_darwin.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_darwin.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_notify.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_notify.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_notify.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_networkextension.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_networkextension.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_networkextension.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_asl.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_asl.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_asl.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_symptoms.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_symptoms.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_symptoms.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_containermanager.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_containermanager.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_containermanager.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_configuration.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_configuration.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_configuration.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_sandbox.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_sandbox.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_sandbox.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libquarantine.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libquarantine.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libquarantine.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_coreservices.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_coreservices.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_coreservices.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_m.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_m.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_m.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libmacho.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libmacho.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libmacho.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libcommonCrypto.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcommonCrypto.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libcommonCrypto.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libunwind.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libunwind.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libunwind.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/liboah.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/liboah.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/liboah.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libcopyfile.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcopyfile.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libcopyfile.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libcompiler_rt.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcompiler_rt.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libcompiler_rt.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_collections.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_collections.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_collections.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_secinit.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_secinit.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_secinit.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libremovefile.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libremovefile.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libremovefile.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libkeymgr.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libkeymgr.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libkeymgr.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_dnssd.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_dnssd.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_dnssd.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libcache.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcache.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/system/libcache.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/libSystem.B.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libSystem.B.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2 stat64("/usr/lib/libSystem.B.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_darwindirectory.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_darwindirectory.dylib\0", 0x7FF7BA414E20, 0x0) = -1 2 stat64("/usr/lib/system/libsystem_darwindirectory.dylib\0", 0x7FF7BA414E80, 0x0) = -1 2 open("/dev/dtracehelper\0", 0x2, 0x0) = 3 0 ioctl(0x3, 0x80086804, 0x7FF7BA416E18) = 0 0 close(0x3) = 0 0 open("/usr/local/Cellar/coreutils/9.4/bin/gls\0", 0x0, 0x0) = 3 0 __mac_syscall(0x7FF819AD4E1B, 0x2, 0x7FF7BA4163D0) = 0 0 map_with_linking_np(0x7FF7BA415FB0, 0x1, 0x7FF7BA415FE0) = -1 22 close(0x3) = 0 0 mprotect(0x105B08000, 0x4000, 0x1) = 0 0 shared_region_check_np(0xFFFFFFFFFFFFFFFF, 0x0, 0x0) = 0 0 mprotect(0x106100000, 0x40000, 0x1) = 0 0 access("/AppleInternal/XBS/.isChrooted\0", 0x0, 0x0) = -1 2 bsdthread_register(0x7FF819DC9B9C, 0x7FF819DC9B88, 0x2000) = 1073742303 0 getpid(0x0, 0x0, 0x0) = 49682 0 shm_open(0x7FF819C6CF42, 0x0, 0x19C6B388) = 3 0 fstat64(0x3, 0x7FF7BA417340, 0x0) = 0 0 mmap(0x0, 0x4000, 0x1, 0x40001, 0x3, 0x0) = 0x105B1A000 0 close(0x3) = 0 0 ioctl(0x2, 0x4004667A, 0x7FF7BA417404) = 0 0 mprotect(0x105B23000, 0x1000, 0x0) = 0 0 mprotect(0x105B2D000, 0x1000, 0x0) = 0 0 mprotect(0x105B2E000, 0x1000, 0x0) = 0 0 mprotect(0x105B38000, 0x1000, 0x0) = 0 0 mprotect(0x105B1E000, 0x98, 0x1) = 0 0 mprotect(0x105B1E000, 0x98, 0x3) = 0 0 mprotect(0x105B1E000, 0x98, 0x1) = 0 0 mprotect(0x105B39000, 0x1000, 0x1) = 0 0 mprotect(0x105B3A000, 0x98, 0x1) = 0 0 mprotect(0x105B3A000, 0x98, 0x3) = 0 0 mprotect(0x105B3A000, 0x98, 0x1) = 0 0 mprotect(0x105B1E000, 0x98, 0x3) = 0 0 mprotect(0x105B1E000, 0x98, 0x1) = 0 0 mprotect(0x105B39000, 0x1000, 0x3) = 0 0 mprotect(0x105B39000, 0x1000, 0x1) = 0 0 mprotect(0x106100000, 0x40000, 0x3) = 0 0 mprotect(0x106100000, 0x40000, 0x1) = 0 0 issetugid(0x0, 0x0, 0x0) = 0 0 mprotect(0x106100000, 0x40000, 0x3) = 0 0 getentropy(0x7FF7BA416C30, 0x20, 0x0) = 0 0 mprotect(0x106100000, 0x40000, 0x1) = 0 0 mprotect(0x106100000, 0x40000, 0x3) = 0 0 mprotect(0x106100000, 0x40000, 0x1) = 0 0 getattrlist("/usr/local/opt/coreutils/libexec/gnubin/ls\0", 0x7FF7BA4172E0, 0x7FF7BA4172F8) = 0 0 access("/usr/local/Cellar/coreutils/9.4/bin\0", 0x4, 0x0) = 0 0 open("/usr/local/Cellar/coreutils/9.4/bin\0", 0x0, 0x0) = 3 0 fstat64(0x3, 0x7FAEECF042E0, 0x0) = 0 0 csrctl(0x0, 0x7FF7BA41753C, 0x4) = 0 0 fcntl(0x3, 0x32, 0x7FF7BA4171F0) = 0 0 close(0x3) = 0 0 open("/usr/local/Cellar/coreutils/9.4/bin/Info.plist\0", 0x0, 0x0) = -1 2 proc_info(0x2, 0xC212, 0xD) = 64 0 csops_audittoken(0xC212, 0x10, 0x7FF7BA417540) = -1 22 dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28 dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28 csops(0xC212, 0x0, 0x7FF7BA4179A4) = 0 0 mprotect(0x106100000, 0x40000, 0x3) = 0 0 open_nocancel("/usr/share/locale/en_US.UTF-8/LC_COLLATE\0", 0x0, 0x0) = 3 0 fcntl_nocancel(0x3, 0x3, 0x0) = 0 0 getrlimit(0x1008, 0x7FF7BA417D10, 0x0) = 0 0 fstat64(0x3, 0x7FF7BA417C88, 0x0) = 0 0 dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 open_nocancel("/usr/share/locale/en_US.UTF-8/LC_CTYPE\0", 0x0, 0x0) = 3 0 fcntl_nocancel(0x3, 0x3, 0x0) = 0 0 fstat64(0x3, 0x7FF7BA417DD0, 0x0) = 0 0 fstat64(0x3, 0x7FF7BA417BD8, 0x0) = 0 0 lseek(0x3, 0x0, 0x1) = 0 0 lseek(0x3, 0x0, 0x0) = 0 0 dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MONETARY\0", 0x0, 0x0) = 3 0 fstat64(0x3, 0x7FF7BA417DD8, 0x0) = 0 0 dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 open_nocancel("/usr/share/locale/en_US.UTF-8/LC_NUMERIC\0", 0x0, 0x0) = 3 0 fstat64(0x3, 0x7FF7BA417DD8, 0x0) = 0 0 dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 open_nocancel("/usr/share/locale/en_US.UTF-8/LC_TIME\0", 0x0, 0x0) = 3 0 fstat64(0x3, 0x7FF7BA417DD8, 0x0) = 0 0 dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/LC_MESSAGES\0", 0x0, 0x0) = 3 0 fstat64(0x3, 0x7FF7BA417DD8, 0x0) = 0 0 dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x3) = 0 0 ioctl(0x1, 0x4004667A, 0x7FF7BA418324) = 0 0 ioctl(0x1, 0x40087468, 0x7FF7BA4183F0) = 0 0 open_nocancel(".\0", 0x1100004, 0x0) = 3 0 dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28 dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28 fstatfs64(0x3, 0x7FF7BA417AB0, 0x0) = 0 0 getdirentries64(0x3, 0x7FAEED80FC00, 0x2000) = 568 0 close_nocancel(0x3) = 0 0 sigprocmask(0x1, 0x0, 0x7FF7BA418350) = 0x0 0 sigaltstack(0x0, 0x7FF7BA418340, 0x0) = 0 0 fstat64(0x1, 0x7FF7BA416E58, 0x0) = 0 0 ioctl(0x1, 0x4004667A, 0x7FF7BA416EA4) = 0 0 dtrace: error on enabled probe ID 1712 (ID 963: syscall::write_nocancel:return): invalid kernel access in action #12 at DIF offset 68 dtrace: error on enabled probe ID 1712 (ID 963: syscall::write_nocancel:return): invalid kernel access in action #12 at DIF offset 68 close_nocancel(0x1) = 0 0 close_nocancel(0x2) = 0 0 ``` * troubleshooting * [`dtrace: system integrity protection is on`](https://stackoverflow.com/a/60910410/2940319) > \[!TIP] > > * [\* iMarlso: osx/system integrity protection](https://github.com/marslo/ibook/blob/marslo/docs/osx/osx.html#system-integrity-protection) ``` # csrutil disable # or # csrutil enable --without dtrace # or # csrutil enable --without dtrace --without debug ``` ### sar ### netcat > \[!NOTE|label:references:] > > * [the netcat command in linux](https://www.baeldung.com/linux/netcat-command) * check particular port ```bash $ nc -zv 127.0.0.1 22 Connection to 127.0.0.1 port 22 [tcp/ssh] succeeded! ``` * check ports in range ```bash $ nc -znv -w 1 127.0.0.1 20-30 nc: connectx to 127.0.0.1 port 20 (tcp) failed: Connection refused nc: connectx to 127.0.0.1 port 21 (tcp) failed: Connection refused Connection to 127.0.0.1 port 22 [tcp/*] succeeded! nc: connectx to 127.0.0.1 port 23 (tcp) failed: Connection refused nc: connectx to 127.0.0.1 port 24 (tcp) failed: Connection refused nc: connectx to 127.0.0.1 port 25 (tcp) failed: Connection refused nc: connectx to 127.0.0.1 port 26 (tcp) failed: Connection refused nc: connectx to 127.0.0.1 port 27 (tcp) failed: Connection refused nc: connectx to 127.0.0.1 port 28 (tcp) failed: Connection refused ``` * running simple web server ```bash $ cat > index.html << Simple Netcat Server

Welcome to simple netcat server!

EOF $ echo -e "HTTP/1.1 200 OK\n\n$(cat index.html)" | nc -l 1234 ``` * or getting more ```bash $ while true; do echo -e "HTTP/1.1 200 OK\n\n$(cat index.html)" | nc -l -w 1 1234; done GET / HTTP/1.1 Host: localhost:1234 Connection: keep-alive sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "macOS" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,en-US;q=0.7 GET /favicon.ico HTTP/1.1 Host: localhost:1234 Connection: keep-alive sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 sec-ch-ua-platform: "macOS" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://localhost:1234/ Accept-Encoding: gzip, deflate, br Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,en-US;q=0.7 ... ``` ![netcat web service](/files/rrsKduRZLZtZsBE3baEq) * [reverse proxy with netcat](https://www.baeldung.com/linux/netcat-command#reverse-proxy-with-netcat) * [emulating netcat -e](https://www.commandlinefu.com/commands/view/11061/emulating-netcat-e-netcat-traditional-or-netcat-openbsd-with-the-gnu-netcat) ```bash $ mkfifo foo ; nc -lk 2600 0foo ``` ### `ip` ```bash $ ip addr show | sed -nE "s/inet\s(.*)\/[0-9]+.*\s(\w+)/\2 \1/p" lo0 127.0.0.1 en0 192.168.1.71 # for linux $ ip addr show | sed -nE "s/inet\s(.*)\/[0-9]+.*\s(\w+)/\2 \1/p" | column -to ' => ' lo0 => 127.0.0.1 en0 => 192.168.1.71 ``` ### [datadog](https://www.datadoghq.com/) ## others > \[!NOTE|label:references:] > > * [完全指南:在 Linux 中如何打印和管理打印机](https://linux.cn/article-9538-1.html) > * [440+ 个免费的编程 & 计算机科学的在线课程](https://linux.cn/article-9443-1.html) > * [在 Linux 上用 DNS 实现简单的负载均衡](https://linux.cn/article-9777-1.html) > * [Python 字节码介绍](https://linux.cn/article-9816-1.html) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://imarslo.gitbook.io/handbook/awesomeshell/admintools.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.