admin tools

references:
20 Command Line Tools to Monitor Linux Performance
20 Linux System Monitoring Tools Every SysAdmin Should Know
Top 25 Best Linux Performance Monitoring and Debugging Tools
http://www.thegeekstuff.com/2010/12/50-unix-linux-sysadmin-tutorials
16 commands to check hardware information on Linux
Best UNIX shell-based tools
* alebcay/awesome-shell
* zh-cn
nosarthur/awesome-shell
* rockerBOO/awesome-neovim
jlevy/the-art-of-command-line
Learn Enough Command Line to Be Dangerous
Shell Style Guide
Use Bash Strict Mode (Unless You Love Debugging)
others
bayandin/awesome-awesomeness
emijrp/awesome-awesome
kahun/awesome-sysadmin
My Minimalist Over-powered Linux Setup Guide
* devynspencer/cute_commands.sh

encryption

gpg

[!NOTE|label:references:]
* The GNU Privacy Handbook
* The GNU Privacy Guard Manual
GPG入门教程
GPG(GnuPG)入门
FlowCrypt: PGP Encryption for Gmail

basic knowledge

[!NOTE|label:references:]
to show --dump-options: gpg --dump-options

letters indicating
[!TIP|label:references:]
- 简明 GPG 概念
- GPG 密钥的能力中， [C]、[S]、[A] 均属于签名方案，只有 [E] 是加密方案
- The GNU Privacy Guard Manual : 4.2.1 How to change the configuration
- OpenPGP Message Format : 5.2.3.21. Key Flags
- How are the GPG usage flags defined in the key details listing?
- Anatomy of a GPG Key
LETTER
MEANING
flag
CONSTANT
COMMENTS
[C]
Certification
0x01
PUBKEY_USAGE_CERT
认证其他秘钥/给其他证书签名
[S]
Signing
0x02
PUBKEY_USAGE_SIG
签名,如给文件添加数字签名, 给 git commit 签名
[A]
Authenticate
0x20
PUBKEY_USAGE_AUTH
身份验证, 如 ssh 登录
[E]
Encryption
0x04 or 0x08
PUBKEY_USAGE_ENC
加密, 如给文件加密, 给邮件加密

create new key

[!NOTE|label:references:]
Generating GPG Keys
How to create GPG keypairs
Generating a new GPG key

$ gpg --full-generate-key

$ gpg --batch --gen-key <<EOF
%no-protection
Key-Type:1
Key-Length:2048
Subkey-Type:1
Subkey-Length:2048
Name-Real: <John Doe>
Name-Email: <john.doe@domain.com>
Expire-Date:0
EOF

list keys

secret keys

$ gpg --list-secret-keys --keyid-format=long
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
[keyboxd]
---------
sec   ed25519/505104FC7CD6CA33 2024-05-08 [SC]
      00D2F41050BF7D9BE6B27545505104FC7CD6CA33
uid                 [ultimate] marslo <marslo.jiao@gmail.com>
ssb   cv25519/188C36434D6B9F66 2024-05-08 [E]

public keys

$ gpg --list-public-keys --keyid-format=long
[keyboxd]
---------
pub   ed25519/5C0980808D968494 2024-05-08 [SC]
      6AADCD68E268DEF623C4DD7E5C0980808D968494
uid                 [ultimate] marslo <marslo.jiao@gmail.com>
sub   cv25519/F065036D0FF76ABA 2024-05-08 [E]

list KEYID

$ gpg --list-keys --with-colons |
      awk -F: '$1 == "pub" && ($2 == "e" || $2 == "r" || $2 == "u") { print $5 }'

with fingerprint

$ gpg --list-secret-keys --with-colons --fingerprint
sec:u:255:22:5C0980808D968494:1715138996:::u:::scESC:::+::ed25519:::0:
fpr:::::::::6AADCD68E268DEF623C4DD7E5C0980808D968494:
grp:::::::::DA2F273B9FCDBCE44E8F5B1590CC29F774C557A5:
uid:u::::1715138996::689D1C164C7C46F315D0FF60C5CDE6E509C6D853::marslo <marslo.jiao@gmail.com>::::::::::0:
ssb:u:255:18:F065036D0FF76ABA:1715138996::::::e:::+::cv25519::
fpr:::::::::B6550514914F4E14976755BBF065036D0FF76ABA:
grp:::::::::C55CD6EE8B06EC939090352069AB9D37CFA0C7FA:

# list fingerprint only
$ gpg --list-keys --with-colons | awk -F: '$1 == "fpr" { print $10 }'
6AADCD68E268DEF623C4DD7E5C0980808D968494
B6550514914F4E14976755BBF065036D0FF76ABA

# or
$ gpg --list-secret-keys --with-colons --fingerprint | sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p'
6AADCD68E268DEF623C4DD7E5C0980808D968494
B6550514914F4E14976755BBF065036D0FF76ABA

remove keys

remove all keys

$ gpg --yes --delete-secret-and-public-key "marslo"
gpg (GnuPG) 2.4.5; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

sec  ed25519/133597088DEF3074 2024-05-08 marslo (marslo) <marslo.jiao@gmail.com>

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y

pub  ed25519/133597088DEF3074 2024-05-08 marslo (marslo) <marslo.jiao@gmail.com>
Delete this key from the keyring? (y/N) y

or via --batch

$ gpg --list-keys --with-colons \
    | awk -F: '$1 == "pub" && ($2 == "e" || $2 == "r" || $2 == "u") { print $5 }' \
    | xargs gpg --batch --yes --delete-secret-and-public-key

or via fingerprint

$ gpg --fingerprint --with-colons ${GPG_KEY} |\
      grep "^fpr" |\
      sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p' |\
      xargs gpg --batch --delete-secret-keys

export/import keys

[!NOTE|label:references:]
How to export a GPG private key and public key to a file
Moving GPG Keys Privately

export

export public key

$ gpg --output public.pgp --armor --export <KEYID>

check content

$ gpg --armor --export <KEYID>

# i.e.:
$ gpg --armor --export marslo
-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----

export secret key

$ gpg --output private.pgp --armor --export-secret-key <KEYID>
# or
$ gpg -o ~/private.asc --export-secret-key <KEYID>

export and ssh

$ gpg --export-secret-key SOMEKEYID | ssh othermachine gpg --import

$ gpg --output public.gpg --export SOMEKEYID && \
$ gpg --output - --export-secret-key SOMEKEYID |\
      cat public.gpg - |\
      gpg --armor --output keys.asc --symmetric --cipher-algo AES256

check content

$ gpg --armor --export-secret-keys <KEYID>

# i.e.:
$ gpg --armor --export-secret-keys marslo
-----BEGIN PGP PRIVATE KEY BLOCK-----
...
-----END PGP PRIVATE KEY BLOCK-----

backup keys

$ gpg --output backupkeys.pgp --armor --export-secret-keys --export-options export-backup <KEYID>
# or
$ gpg --output backupkeys.pgp --armor --export --export-options export-backup <KEYID>

import

[!NOTE|label:references:]
How to import secret keys into GPG keychain
pass and gpg: No public key
How to import secret gpg key (copied from one machine to another)?

# import private key
$ gpg --import private.pgp
gpg: /home/marslo/.gnupg/trustdb.gpg: trustdb created
gpg: key 5C0980808D968494: public key "marslo <marslo.jiao@gmail.com>" imported
gpg: key 5C0980808D968494: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

# list keys
$ gpg --list-keys
/home/marslo/.gnupg/pubring.kbx
-------------------------------
pub   ed25519 2024-05-08 [SC]
      6AADCD68E268DEF623C4DD7E5C0980808D968494
uid           [ unknown] marslo <marslo.jiao@gmail.com>
sub   cv25519 2024-05-08 [E]

# trust
$ gpg --edit-key 6AADCD68E268DEF623C4DD7E5C0980808D968494 trust quit
  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

gpg> Your decision? 5
gpg> Do you really want to set this key to ultimate trust? (y/N) y

# check key again
$ gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/home/marslo/.gnupg/pubring.kbx
-------------------------------
pub   ed25519 2024-05-08 [SC]
      6AADCD68E268DEF623C4DD7E5C0980808D968494
uid           [ultimate] marslo <marslo.jiao@gmail.com>
sub   cv25519 2024-05-08 [E]

import publid key

# import public key
$ gpg --import public.pgp
gpg: key 5C0980808D968494: "marslo <marslo.jiao@gmail.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

trust key

# verify available
$ gpg --edit-key <KEYID>

# trust
$ gpg --edit-key <KEYID>
gpg> trust
gpg> save
gpg> quit

recover from backup keys

$ gpg --import-options restore --import backupkeys.pgp

usage

[!NOTE|label:references:]
GPG使用方法总结（密钥管理，加解密文件）

pass

[!NOTE]
pass: the standard unix password manager
git repo: password-store
video: How to Use Pass Which Is a Command Line Password Manager
How to Use Pass Which Is a Command Line Password Manager
archlinux: pass
compatible clients
Clever uses of pass, the Unix password manager
Configuring Pass, the Standard Unix Password Manager

env

[!NOTE|label:references:]
completion
environment variable
PASSWORD_STORE_DIR
PASSWORD_STORE_KEY
PASSWORD_STORE_GENERATED_LENGTH
PASSWORD_STORE_CHARACTER_SET
PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS
PASSWORD_STORE_CLIP_TIME
PASSWORD_STORE_EXTENSIONS_DIR
PASSWORD_STORE_ENABLE_EXTENSIONS
PASSWORD_STORE_SIGNING_KEY

$ export PASSWORD_STORE_DIR=~/.password-store

install

# osx
$ brew install pass

# ubuntu/debian
$ sudo apt-get install pass

# fedora/rhel
$ sudo yum install pass

init
[!TIP|label:references:]
- How to manage Linux passwords with the pass command
- I try to add passwords to the "pass" password manager. But my attempts fail with "no public key" GPG errors. Why?
- to avoid the issue like:
  $ pass generate test 30 gpg: marslo: skipped: No public key gpg: [stdin]: encryption failed: No public key Password encryption aborted.
```
$ gpg --full-generate-key
```

insert

$ pass insert <NAME>

# i.e.:
$ pass insert test
Enter password for test: abc
Retype password for test: abc
$ pass test
abc

# copy
$ pass -c test
Copied test to clipboard. Will clear in 45 seconds.

generate

[!NOTE|label:references:]
PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS isn't respected
[pass] Provide symbol set as command line argument
How to generate secure passwords using terminal (Mac/Linux) ?
default and envs
PASSWORD_STORE_DIR=$HOME/.password-store
PASSWORD_STORE_EXTENSIONS_DIR=${PASSWORD_STORE_DIR}/.extensions
PASSWORD_STORE_CLIP_TIME=45
PASSWORD_STORE_GENERATED_LENGTH=25
others:
PASSWORD_STORE_CHARACTER_SET='[:alnum:].,!?&*%_~$#^@{}[]()<>|=/\+-'
Vim: word vs WORD
WORD VS. word

customize charset

$ export PASSWORD_STORE_CHARACTER_SET='a-zA-Z0-9'
$ yes | pass generate test 30
The generated password for test is:
HnD7XyeFDtOrw5oDhn22U8AjHVV9cf
$ yes | pass generate test 30
The generated password for test is:
t57PYCw4r0tHSXCa4zW2DVGNuizQ1k

$ export PASSWORD_STORE_CHARACTER_SET='a-zA-Z0-9()'
$ yes | pass generate test 50
The generated password for test is:
wof1Hw92QXe(G3)MkMRp5Wx3UCMgHIpt)7ENNn(f8r(ZRcztQ1
$ yes | pass generate test 30
The generated password for test is:
60m2XHtqfTsvfJT(YYV1wKlBBoOJYb

generate qrcode
```
$ pass generate <name> --qrcode
```

generate via /dev/urandom

$ head /dev/urandom | tr -dc 'A-Za-z0-9!@#$%^&*()' | head -c 32 && echo
xGPqC%MeE2HU3NkH#JeA##RB^YbX49cd

$ head /dev/urandom | tr -dc 'A-Za-z0-9!@#$%^&*()?:_-~+<=>' | head -c 32 && echo
e?XEGaD68^FNYI5#E^aFVgv:(6_pL>!I

$ head /dev/urandom | tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' | head -c 32 && echo
+&7<o(zfE[WC30v'D[&RH~;qM-8J>oQC

generate via openssl

$ openssl rand -base64 32
DfXwoBz8UAel09qN1rR97luKy+aFuC8N0Fua+YaSW8A=

# or: https://www.commandlinefu.com/commands/view/24565/generate-a-random-password-30-characters-long
$ openssl rand -rand /dev/urandom -base64 32

remove

$ pass rm test -f
removed '/Users/marslo/.marslo/.password-store/test.gpg'

advanced usage

[!NOTE|label:references:]
extensions
roddhjav/pass-tomb
tadfisher/pass-otp) | pass-otp.bash.completion
roddhjav/pass-import
roddhjav/pass-update
roddhjav/pass-audit
ayushnix/pass-coffin
ayushnix/pass-tessen
additional tools
Pass for Alfred

alfred workflow

$ brew isntall --HEAD pinentry-mac

# using pinentry-mac instead of pinentry for alfred workflow
$ [[ -d "$HOME/.gnupg" ]] || mkdir "$HOME/.gnupg"
$ echo "pinentry-program $(brew --prefix)/bin/pinentry-mac" > $HOME/.gnupg/gpg-agent.conf
$ gpgconf --kill gpg-agent                           # restart the agent

pw() {
  export PASSWORD_STORE_CLIP_TIME=8
  export PASSWORD_STORE_X_SELECTION=primary
  pass -c2 $1; sleep 5; pass -c $1; sleep 5; pass otp -c $1; exit
}

extend

# ~/.bashrc
$ alias passred="PASSWORD_STORE_DIR=~/.pass/red pass"
$ alias passblue="PASSWORD_STORE_DIR=~/.pass/blue pass"

$ cat /usr/share/bash-completion/completions/pass
_passred(){
    PASSWORD_STORE_DIR=~/.pass/red/ _pass
}
complete -o filenames -o nospace -F _passred passred
_passblue(){
    PASSWORD_STORE_DIR=~/.pass/blue/ _pass
}
complete -o filenames -o nospace -F _passblue passblue
$ source /usr/share/bash-completion/completions/pass

git

$ git config --global credential.helper /usr/bin/pass-git-helper

$ cat ~/.gitconfig
[github.com]
target=dev/github

[*.fooo-bar.*]
target=dev/fooo-bar

client

# create local password store
$ pass init <gpg key id>
# enable management of local changes through git
$ pass git init
# add the the remote git repository as 'origin'
$ pass git remote add origin user@server:~/.password-store
# push your local pass history
$ pass git push -u --all

plugins

pass-otp

[!NOTE|label:references:]
#137 Bash completion

# --- install ---
# osx
$ brew install pass-otp
$ brew uses --recursive --installed oath-toolkit
pass-otp

# --- usage ---
## init
$ pass otp insert -e sandbox/otp
Enter otpauth:// URI for sandbox/otp: otpauth://totp/totp-secret?secret=sandbox
## show otp code
$ pass otp sandbox/otp
148395

OTP

[!NOTE|label:references:]
OATH-Toolkit
Use oathtool Linux command line for 2 step verification (2FA)
One-Time-Passwords using oathtool on Ubuntu 14.04(+)

pass-otp

[!NOTE|label:references:]

tips:

$ brew which-formula oathtool
oath-toolkit

$ brew uses --recursive --installed oath-toolkit
pass-otp

$ oathtool $(openssl rand -hex 16)
848050

PGP

[!NOTE|label:references:]
Protecting Code Integrity with PGP
Protecting Code Integrity with PGP — Part 1: Basic Concepts and Tools | 用 PGP 保护代码完整性（一）：基本概念和工具
Protecting Code Integrity with PGP — Part 2: Generating Your Master Key | 用 PGP 保护代码完整性（二）：生成你的主密钥
Protecting Code Integrity with PGP — Part 3: Generating PGP Subkeys | 用 PGP 保护代码完整性（三）：生成 PGP 子密钥
Protecting Code Integrity with PGP — Part 4: Moving Your Master Key to Offline Storage | 用 PGP 保护代码完整性（四）：将主密钥移到离线存储中
Protecting Code Integrity with PGP — Part 5: Moving Subkeys to a Hardware Device | 用 PGP 保护代码完整性（五）：将子密钥移到一个硬件设备中
Protecting Code Integrity with PGP — Part 6: Using PGP with Git | 用 PGP 保护代码完整性（六）：在 Git 上使用 PGP
Protecting Code Integrity with PGP — Part 7: Protecting Online Accounts | 用 PGP 保护代码完整性（七）：保护在线帐户

passwd

[!NOTE|label:references:]
Managing Linux users with the passwd command

network tools

[!NOTE|label:see also:]
iMarslo : linux/network

`vnstat`

$ vnstat -l 1 -i en7
Monitoring en7...    (press CTRL-C to stop)

   rx:     4.10 kbit/s   21.00 KiB          tx:         0 bit/s   6.00 KiB^C

 en7  /  traffic statistics
                           rx         |       tx
--------------------------------------+------------------
  bytes                    21.00 KiB  |        6.00 KiB
--------------------------------------+------------------
          max           53.25 kbit/s  |    12.29 kbit/s
      average           17.20 kbit/s  |     4.92 kbit/s
          min                0 bit/s  |         0 bit/s
--------------------------------------+------------------
  packets                         60  |              52
--------------------------------------+------------------
          max                 15 p/s  |          16 p/s
      average                  6 p/s  |           5 p/s
          min                  2 p/s  |           0 p/s
--------------------------------------+------------------
  time                    10 seconds

`ipcalc`

$ ipcalc 10.25.130.2/23
Address:   10.25.130.2          00001010.00011001.1000001 0.00000010
Netmask:   255.255.254.0 = 23   11111111.11111111.1111111 0.00000000
Wildcard:  0.0.1.255            00000000.00000000.0000000 1.11111111
=>
Network:   10.25.130.0/23       00001010.00011001.1000001 0.00000000
HostMin:   10.25.130.1          00001010.00011001.1000001 0.00000001
HostMax:   10.25.131.254        00001010.00011001.1000001 1.11111110
Broadcast: 10.25.131.255        00001010.00011001.1000001 1.11111111
Hosts/Net: 510                   Class A, Private Internet

$ ipcalc 10.25.131.1/23
Address:   10.25.131.1          00001010.00011001.1000001 1.00000001
Netmask:   255.255.254.0 = 23   11111111.11111111.1111111 0.00000000
Wildcard:  0.0.1.255            00000000.00000000.0000000 1.11111111
=>
Network:   10.25.130.0/23       00001010.00011001.1000001 0.00000000
HostMin:   10.25.130.1          00001010.00011001.1000001 0.00000001
HostMax:   10.25.131.254        00001010.00011001.1000001 1.11111110
Broadcast: 10.25.131.255        00001010.00011001.1000001 1.11111111
Hosts/Net: 510                   Class A, Private Internet

`iostat`

$ iostat
              disk0       cpu    load average
    KB/t  tps  MB/s  us sy id   1m   5m   15m
   19.85   37  0.72   3  1 96  1.78 1.90 1.69

`tcpdump`

[!NOTE|label:references:]
* Tcpdump

$ sudo tcpdump -A -i en7
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en7, link-type EN10MB (Ethernet), capture size 262144 bytes
00:33:02.787671 IP 10.25.130.117.53629 > a23-43-240-92.deploy.static.akamaitechnologies.com.https: Flags [.], ack 697481089, win 2048, length 0
E..(....@...
..u.+.\.}..r...)...P...:...
00:33:02.790119 IP 10.25.130.117.51541 > sh-vdc01.mycompany.com.domain: 53089+ PTR? 92.240.43.23.in-addr.arpa. (43)
E..GP....._.
..u
&t..U.5.3...a...........92.240.43.23.in-addr.arpa.....
00:33:02.812866 ARP, Request who-has gw-voice-idf.cdu-cn.mycompany.com tell gw-vg224-idf.cdu-cn.mycompany.com, length 46
....
....
13 packets captured
25 packets received by filter
0 packets dropped by kernel

$ sudo tcpdump -n -i any src or dst target.ip.address [ -v ]

# i.e.
$ sudo tcpdump -n -i any src or dst git.domain.com -v
tcpdump: data link type PKTAP
tcpdump: listening on any, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
00:02:55.698822 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
    10.25.130.104.63447 > 10.69.78.140.29418: Flags [F.], cksum 0x8fe0 (correct), seq 2566890566, ack 4019765769, win 2058, options [nop,nop,TS val 1955309758 ecr 154499413], length 0

`dstat`

strace

[!NOTE|label:references:]
I have a tab completion that hangs, is it possible to use strace to find out what is going on?
Resolve nested aliases to their source commands
What's the difference between <<, <<< and < < in bash?

LINUX

MACOS

COMPARISON

strace

dtruss/dtrace

System Call Tracking Tool

ltrace

dyldtrace

Dynamic Link Library Tracing

Flexible

Limited by System Integrity Protection

Kernel Module Support

Regular users can partially use it

Most features require root access or CSRUTIL configuration

Permission Requirements

high

Reliance on BSD-specific syntax

Script Portability

$ ... run cmd ...

# or
$ pid=$(echo ??)
$ sudo strace -fp ${pid} -o log

# or
$ sudo -v
$ sudo strace -fp $$ -o log &

# -- more --
$ set -o functrace xtrace
$ PS4=' ${BASH_SOURCE}:$FUNCNAME:$LINENO: '

intercept stdout/stderr of another process

$ strace -ff -e trace=write -e write=1,2 -p SOME_PID

# https://www.commandlinefu.com/commands/view/5450/intercept-stdoutstderr-of-another-process
$ strace -ff -e write=1,2 -s 1024 -p PID 2>&1 | grep "^ |" | cut -c11-60 | sed -e 's/ //g' | xxd -r -p

# https://www.commandlinefu.com/commands/view/6743/intercept-stdoutstderr-of-another-process-or-disowned-process
$ strace -e write=1,2 -p $PID 2>&1 | sed -un "/^ |/p" | sed -ue "s/^.\{9\}\(.\{50\}\).\+/\1/g" -e 's/ //g' | xxd -r -p

debug script

$ strace -e clone,execve,pipe,dup2 \
         -f bash -c 'cat <(/bin/true) <(/bin/false) <(/bin/echo)'
execve("/usr/bin/bash", ["bash", "-c", "cat <(/bin/true) <(/bin/false) <"...], 0x7fff9b9c6f98 /* 75 vars */) = 0
pipe([3, 4])                            = 0
dup2(3, 63)                             = 63
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f7cf6a8ca10) = 289963
strace: Process 289963 attached
[pid 289962] pipe([3, 4])               = 0
[pid 289962] dup2(3, 62)                = 62
[pid 289962] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 289963] dup2(4, 1)                 = 1
[pid 289962] <... clone resumed>, child_tidptr=0x7f7cf6a8ca10) = 289964
strace: Process 289964 attached
[pid 289963] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 289962] pipe([3, 4])               = 0
strace: Process 289965 attached
[pid 289963] <... clone resumed>, child_tidptr=0x7f7cf6a8ca10) = 289965
[pid 289962] dup2(3, 61)                = 61
[pid 289962] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 289964] dup2(4, 1)                 = 1
[pid 289965] execve("/bin/true", ["/bin/true"], 0x55ec7c007680 /* 73 vars */strace: Process 289966 attached
 <unfinished ...>
[pid 289962] <... clone resumed>, child_tidptr=0x7f7cf6a8ca10) = 289966
[pid 289964] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid 289965] <... execve resumed>)      = 0
strace: Process 289967 attached
[pid 289964] <... clone resumed>, child_tidptr=0x7f7cf6a8ca10) = 289967
[pid 289966] dup2(4, 1)                 = 1
[pid 289967] execve("/bin/false", ["/bin/false"], 0x55ec7c007af0 /* 73 vars */ <unfinished ...>
[pid 289966] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f7cf6a8ca10) = 289968
[pid 289967] <... execve resumed>)      = 0
strace: Process 289968 attached
[pid 289962] execve("/usr/bin/cat", ["cat", "/dev/fd/63", "/dev/fd/62", "/dev/fd/61"], 0x55ec7c007bc0 /* 73 vars */ <unfinished ...>
[pid 289968] execve("/bin/echo", ["/bin/echo"], 0x55ec7c007e20 /* 73 vars */ <unfinished ...>
[pid 289962] <... execve resumed>)      = 0
[pid 289968] <... execve resumed>)      = 0
[pid 289965] +++ exited with 0 +++
[pid 289963] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289965, si_uid=10564, si_status=0, si_utime=0, si_stime=0} ---
[pid 289963] +++ exited with 0 +++
[pid 289962] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289963, si_uid=10564, si_status=0, si_utime=0, si_stime=0} ---
[pid 289967] +++ exited with 1 +++
[pid 289964] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289967, si_uid=10564, si_status=1, si_utime=0, si_stime=0} ---
[pid 289964] +++ exited with 1 +++
[pid 289962] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289964, si_uid=10564, si_status=1, si_utime=0, si_stime=0} ---

[pid 289968] +++ exited with 0 +++
[pid 289966] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289968, si_uid=10564, si_status=0, si_utime=0, si_stime=0} ---
[pid 289966] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289966, si_uid=10564, si_status=0, si_utime=0, si_stime=0} ---
+++ exited with 0 +++

xtrace

xtrace() {
  local eval_cmd
  printf -v eval_cmd '%q' "${@}"
  { set -x
    eval "${eval_cmd}"
  } 2>&1 | grep '^++'
  return "${PIPESTATUS[0]}"
}

`dtruss`

[!TIP|label:references:]
the MacOS alternatives strace
Using modified dtruss.sh

$ sudo dtruss <cmd>

$ sudo dtruss ls
dtrace: system integrity protection is on, some features will not be available

SYSCALL(args)      = return
README.md   artifactory  devops   jenkins  osx    screenshot  vim
SUMMARY.md  cheatsheet   english  linux    programming  tools     virtualization
munmap(0x1155AB000, 0xA0000)     = 0 0
munmap(0x11564B000, 0x8000)    = 0 0
munmap(0x115653000, 0x4000)    = 0 0
munmap(0x115657000, 0x4000)    = 0 0
munmap(0x11565B000, 0x58000)     = 0 0
fsgetpath(0x7FF7BA418580, 0x400, 0x7FF7BA418568)     = 40 0
fsgetpath(0x7FF7BA418580, 0x400, 0x7FF7BA418568)     = 14 0
csrctl(0x0, 0x7FF7BA41898C, 0x4)     = -1 1
__mac_syscall(0x7FF819AD4E1B, 0x2, 0x7FF7BA4187F0)     = 0 0
csrctl(0x0, 0x7FF7BA41899C, 0x4)     = -1 1
__mac_syscall(0x7FF819AD1DA4, 0x5A, 0x7FF7BA418930)    = 0 0
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
open("/\0", 0x20100000, 0x0)     = 3 0
openat(0x3, "System/Cryptexes/OS\0", 0x100000, 0x0)    = 4 0
dup(0x4, 0x0, 0x0)     = 5 0
fstatat64(0x4, 0x7FF7BA4176D1, 0x7FF7BA417AD0)     = 0 0
openat(0x4, "System/Library/dyld/\0", 0x100000, 0x0)     = 6 0
fcntl(0x6, 0x32, 0x7FF7BA417760)     = 0 0
dup(0x6, 0x0, 0x0)     = 7 0
dup(0x5, 0x0, 0x0)     = 8 0
close(0x3)     = 0 0
close(0x5)     = 0 0
close(0x4)     = 0 0
close(0x6)     = 0 0
shared_region_check_np(0x7FF7BA418048, 0x0, 0x0)     = 0 0
fsgetpath(0x7FF7BA4185B0, 0x400, 0x7FF7BA4184E8)     = 83 0
fcntl(0x8, 0x32, 0x7FF7BA4185B0)     = 0 0
close(0x8)     = 0 0
close(0x7)     = 0 0
getfsstat64(0x0, 0x0, 0x2)     = 9 0
getfsstat64(0x106102040, 0x4C38, 0x2)    = 9 0
getattrlist("/\0", 0x7FF7BA4184F0, 0x7FF7BA418460)     = 0 0
stat64("/System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_x86_64h\0", 0x7FF7BA418828, 0x0)    = 0 0
dtrace: error on enabled probe ID 1690 (ID 845: syscall::stat64:return): invalid address (0x0) in action #11 at DIF offset 12
stat64("/usr/local/Cellar/coreutils/9.4/bin/gls\0", 0x7FF7BA417CC0, 0x0)     = 0 0
open("/usr/local/Cellar/coreutils/9.4/bin/gls\0", 0x0, 0x0)    = 3 0
mmap(0x0, 0x33358, 0x1, 0x40002, 0x3, 0x0)     = 0x105B18000 0
fcntl(0x3, 0x32, 0x7FF7BA417DD0)     = 0 0
close(0x3)     = 0 0
munmap(0x105B18000, 0x33358)     = 0 0
stat64("/usr/local/Cellar/coreutils/9.4/bin/gls\0", 0x7FF7BA418220, 0x0)     = 0 0
stat64("/usr/lib/libSystem.B.dylib\0", 0x7FF7BA417230, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libSystem.B.dylib\0", 0x7FF7BA4171E0, 0x0)    = -1 2
stat64("/usr/lib/libSystem.B.dylib\0", 0x7FF7BA417230, 0x0)    = -1 2
stat64("/usr/lib/libobjc.A.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libobjc.A.dylib\0", 0x7FF7BA414E30, 0x0)    = -1 2
stat64("/usr/lib/libobjc.A.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_blocks.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_blocks.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_blocks.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libxpc.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libxpc.dylib\0", 0x7FF7BA414E30, 0x0)  = -1 2
stat64("/usr/lib/system/libxpc.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_trace.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_trace.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_trace.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libcorecrypto.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcorecrypto.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2
stat64("/usr/lib/system/libcorecrypto.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_malloc.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_malloc.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_malloc.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libdispatch.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libdispatch.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libdispatch.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_featureflags.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_featureflags.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_featureflags.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_c.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_c.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libsystem_c.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/libc++.1.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libc++.1.dylib\0", 0x7FF7BA414E30, 0x0)     = -1 2
stat64("/usr/lib/libc++.1.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/libc++abi.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libc++abi.dylib\0", 0x7FF7BA414E30, 0x0)    = -1 2
stat64("/usr/lib/libc++abi.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libdyld.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libdyld.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libdyld.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_info.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_info.dylib\0", 0x7FF7BA414E30, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_info.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_darwin.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_darwin.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_darwin.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_notify.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_notify.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_notify.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_networkextension.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_networkextension.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_networkextension.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_asl.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_asl.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2
stat64("/usr/lib/system/libsystem_asl.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_symptoms.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_symptoms.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_symptoms.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_containermanager.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_containermanager.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_containermanager.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_configuration.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_configuration.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_configuration.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_sandbox.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_sandbox.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_sandbox.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libquarantine.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libquarantine.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2
stat64("/usr/lib/system/libquarantine.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_coreservices.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_coreservices.dylib\0", 0x7FF7BA414E20, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_coreservices.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_m.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_m.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libsystem_m.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libmacho.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libmacho.dylib\0", 0x7FF7BA414E30, 0x0)  = -1 2
stat64("/usr/lib/system/libmacho.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libcommonCrypto.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcommonCrypto.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libcommonCrypto.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libunwind.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libunwind.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libunwind.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/liboah.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/liboah.dylib\0", 0x7FF7BA414E30, 0x0)     = -1 2
stat64("/usr/lib/liboah.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libcopyfile.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcopyfile.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libcopyfile.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libcompiler_rt.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcompiler_rt.dylib\0", 0x7FF7BA414E30, 0x0)    = -1 2
stat64("/usr/lib/system/libcompiler_rt.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_collections.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_collections.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_collections.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_secinit.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_secinit.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_secinit.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libremovefile.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libremovefile.dylib\0", 0x7FF7BA414E30, 0x0) = -1 2
stat64("/usr/lib/system/libremovefile.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libkeymgr.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libkeymgr.dylib\0", 0x7FF7BA414E30, 0x0)   = -1 2
stat64("/usr/lib/system/libkeymgr.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_dnssd.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_dnssd.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_dnssd.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/usr/lib/system/libcache.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libcache.dylib\0", 0x7FF7BA414E30, 0x0)  = -1 2
stat64("/usr/lib/system/libcache.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/libSystem.B.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/libSystem.B.dylib\0", 0x7FF7BA414E30, 0x0)    = -1 2
stat64("/usr/lib/libSystem.B.dylib\0", 0x7FF7BA414E80, 0x0)    = -1 2
stat64("/usr/lib/system/libsystem_darwindirectory.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
stat64("/System/Volumes/Preboot/Cryptexes/OS/usr/lib/system/libsystem_darwindirectory.dylib\0", 0x7FF7BA414E20, 0x0)     = -1 2
stat64("/usr/lib/system/libsystem_darwindirectory.dylib\0", 0x7FF7BA414E80, 0x0)     = -1 2
open("/dev/dtracehelper\0", 0x2, 0x0)    = 3 0
ioctl(0x3, 0x80086804, 0x7FF7BA416E18)     = 0 0
close(0x3)     = 0 0
open("/usr/local/Cellar/coreutils/9.4/bin/gls\0", 0x0, 0x0)    = 3 0
__mac_syscall(0x7FF819AD4E1B, 0x2, 0x7FF7BA4163D0)     = 0 0
map_with_linking_np(0x7FF7BA415FB0, 0x1, 0x7FF7BA415FE0)     = -1 22
close(0x3)     = 0 0
mprotect(0x105B08000, 0x4000, 0x1)     = 0 0
shared_region_check_np(0xFFFFFFFFFFFFFFFF, 0x0, 0x0)     = 0 0
mprotect(0x106100000, 0x40000, 0x1)    = 0 0
access("/AppleInternal/XBS/.isChrooted\0", 0x0, 0x0)     = -1 2
bsdthread_register(0x7FF819DC9B9C, 0x7FF819DC9B88, 0x2000)     = 1073742303 0
getpid(0x0, 0x0, 0x0)    = 49682 0
shm_open(0x7FF819C6CF42, 0x0, 0x19C6B388)    = 3 0
fstat64(0x3, 0x7FF7BA417340, 0x0)    = 0 0
mmap(0x0, 0x4000, 0x1, 0x40001, 0x3, 0x0)    = 0x105B1A000 0
close(0x3)     = 0 0
ioctl(0x2, 0x4004667A, 0x7FF7BA417404)     = 0 0
mprotect(0x105B23000, 0x1000, 0x0)     = 0 0
mprotect(0x105B2D000, 0x1000, 0x0)     = 0 0
mprotect(0x105B2E000, 0x1000, 0x0)     = 0 0
mprotect(0x105B38000, 0x1000, 0x0)     = 0 0
mprotect(0x105B1E000, 0x98, 0x1)     = 0 0
mprotect(0x105B1E000, 0x98, 0x3)     = 0 0
mprotect(0x105B1E000, 0x98, 0x1)     = 0 0
mprotect(0x105B39000, 0x1000, 0x1)     = 0 0
mprotect(0x105B3A000, 0x98, 0x1)     = 0 0
mprotect(0x105B3A000, 0x98, 0x3)     = 0 0
mprotect(0x105B3A000, 0x98, 0x1)     = 0 0
mprotect(0x105B1E000, 0x98, 0x3)     = 0 0
mprotect(0x105B1E000, 0x98, 0x1)     = 0 0
mprotect(0x105B39000, 0x1000, 0x3)     = 0 0
mprotect(0x105B39000, 0x1000, 0x1)     = 0 0
mprotect(0x106100000, 0x40000, 0x3)    = 0 0
mprotect(0x106100000, 0x40000, 0x1)    = 0 0
issetugid(0x0, 0x0, 0x0)     = 0 0
mprotect(0x106100000, 0x40000, 0x3)    = 0 0
getentropy(0x7FF7BA416C30, 0x20, 0x0)    = 0 0
mprotect(0x106100000, 0x40000, 0x1)    = 0 0
mprotect(0x106100000, 0x40000, 0x3)    = 0 0
mprotect(0x106100000, 0x40000, 0x1)    = 0 0
getattrlist("/usr/local/opt/coreutils/libexec/gnubin/ls\0", 0x7FF7BA4172E0, 0x7FF7BA4172F8)    = 0 0
access("/usr/local/Cellar/coreutils/9.4/bin\0", 0x4, 0x0)    = 0 0
open("/usr/local/Cellar/coreutils/9.4/bin\0", 0x0, 0x0)    = 3 0
fstat64(0x3, 0x7FAEECF042E0, 0x0)    = 0 0
csrctl(0x0, 0x7FF7BA41753C, 0x4)     = 0 0
fcntl(0x3, 0x32, 0x7FF7BA4171F0)     = 0 0
close(0x3)     = 0 0
open("/usr/local/Cellar/coreutils/9.4/bin/Info.plist\0", 0x0, 0x0)     = -1 2
proc_info(0x2, 0xC212, 0xD)    = 64 0
csops_audittoken(0xC212, 0x10, 0x7FF7BA417540)     = -1 22
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
csops(0xC212, 0x0, 0x7FF7BA4179A4)     = 0 0
mprotect(0x106100000, 0x40000, 0x3)    = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_COLLATE\0", 0x0, 0x0)    = 3 0
fcntl_nocancel(0x3, 0x3, 0x0)    = 0 0
getrlimit(0x1008, 0x7FF7BA417D10, 0x0)     = 0 0
fstat64(0x3, 0x7FF7BA417C88, 0x0)    = 0 0
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x3)    = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_CTYPE\0", 0x0, 0x0)    = 3 0
fcntl_nocancel(0x3, 0x3, 0x0)    = 0 0
fstat64(0x3, 0x7FF7BA417DD0, 0x0)    = 0 0
fstat64(0x3, 0x7FF7BA417BD8, 0x0)    = 0 0
lseek(0x3, 0x0, 0x1)     = 0 0
lseek(0x3, 0x0, 0x0)     = 0 0
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x3)    = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MONETARY\0", 0x0, 0x0)     = 3 0
fstat64(0x3, 0x7FF7BA417DD8, 0x0)    = 0 0
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x3)    = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_NUMERIC\0", 0x0, 0x0)    = 3 0
fstat64(0x3, 0x7FF7BA417DD8, 0x0)    = 0 0
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x3)    = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_TIME\0", 0x0, 0x0)     = 3 0
fstat64(0x3, 0x7FF7BA417DD8, 0x0)    = 0 0
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x3)    = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/LC_MESSAGES\0", 0x0, 0x0)     = 3 0
fstat64(0x3, 0x7FF7BA417DD8, 0x0)    = 0 0
dtrace: error on enabled probe ID 1714 (ID 961: syscall::read_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x3)    = 0 0
ioctl(0x1, 0x4004667A, 0x7FF7BA418324)     = 0 0
ioctl(0x1, 0x40087468, 0x7FF7BA4183F0)     = 0 0
open_nocancel(".\0", 0x1100004, 0x0)     = 3 0
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
dtrace: error on enabled probe ID 1741 (ID 573: syscall::sysctl:return): invalid kernel access in action #10 at DIF offset 28
fstatfs64(0x3, 0x7FF7BA417AB0, 0x0)    = 0 0
getdirentries64(0x3, 0x7FAEED80FC00, 0x2000)     = 568 0
close_nocancel(0x3)    = 0 0
sigprocmask(0x1, 0x0, 0x7FF7BA418350)    = 0x0 0
sigaltstack(0x0, 0x7FF7BA418340, 0x0)    = 0 0
fstat64(0x1, 0x7FF7BA416E58, 0x0)    = 0 0
ioctl(0x1, 0x4004667A, 0x7FF7BA416EA4)     = 0 0
dtrace: error on enabled probe ID 1712 (ID 963: syscall::write_nocancel:return): invalid kernel access in action #12 at DIF offset 68
dtrace: error on enabled probe ID 1712 (ID 963: syscall::write_nocancel:return): invalid kernel access in action #12 at DIF offset 68
close_nocancel(0x1)    = 0 0
close_nocancel(0x2)    = 0 0

troubleshooting

dtrace: system integrity protection is on

[!TIP]
* iMarlso: osx/system integrity protection

# csrutil disable
# or
# csrutil enable --without dtrace
# or
# csrutil enable --without dtrace --without debug

sar

netcat

[!NOTE|label:references:]
the netcat command in linux

check particular port

$ nc -zv 127.0.0.1 22
Connection to 127.0.0.1 port 22 [tcp/ssh] succeeded!

check ports in range

$ nc -znv -w 1 127.0.0.1 20-30
nc: connectx to 127.0.0.1 port 20 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 21 (tcp) failed: Connection refused
Connection to 127.0.0.1 port 22 [tcp/*] succeeded!
nc: connectx to 127.0.0.1 port 23 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 24 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 25 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 26 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 27 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 28 (tcp) failed: Connection refused

running simple web server

$ cat > index.html <<<EOF
<!DOCTYPE html>
<html>
    <head>
        <title>Simple Netcat Server</title>
    </head>
    <body>
        <h1>Welcome to simple netcat server!<h1>
    </body>
    </body>
<html>
EOF

$ echo -e "HTTP/1.1 200 OK\n\n$(cat index.html)" | nc -l 1234

or getting more

$ while true; do echo -e "HTTP/1.1 200 OK\n\n$(cat index.html)" | nc -l -w 1 1234; done
GET / HTTP/1.1
Host: localhost:1234
Connection: keep-alive
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,en-US;q=0.7

GET /favicon.ico HTTP/1.1
Host: localhost:1234
Connection: keep-alive
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "macOS"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: http://localhost:1234/
Accept-Encoding: gzip, deflate, br
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,en-US;q=0.7
...

reverse proxy with netcat

emulating netcat -e

$ mkfifo foo ; nc -lk 2600 0<foo | /bin/bash 1>foo

`ip`

$ ip addr show | sed -nE "s/inet\s(.*)\/[0-9]+.*\s(\w+)/\2 \1/p"
  lo0 127.0.0.1
  en0 192.168.1.71

# for linux
$ ip addr show | sed -nE "s/inet\s(.*)\/[0-9]+.*\s(\w+)/\2 \1/p" | column -to ' => '
lo0 => 127.0.0.1
en0 => 192.168.1.71

datadog

others

[!NOTE|label:references:]
完全指南：在 Linux 中如何打印和管理打印机
440+ 个免费的编程 & 计算机科学的在线课程
在 Linux 上用 DNS 实现简单的负载均衡
Python 字节码介绍

Previousdevops Nextssh

Last updated 8 months ago