lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060929133745.GC5016@thunk.org>
Date:	Fri, 29 Sep 2006 09:37:45 -0400
From:	Theodore Tso <tytso@....edu>
To:	Dave Edwards <ext2@....lusars.net>
Cc:	linux-ext4@...r.kernel.org
Subject: Re: Newbie ext2 forensics question...

On Fri, Sep 29, 2006 at 04:47:38AM +0000, Dave Edwards wrote:
> I'm trying to tune a linux system to spin down its (ext2-formatted) disk when
> the system is idle. I've worked down to two problematic applications that
> periodically spin up the disk, even though the (tiny) file they're writing is
> (allegedly) on a tmpfs partition (/tmp/application/datafile, as it happens).

If you are using a distribution that has SystemTap preinstalled,
something that may be simpler to use would be a SystemTap script which
logs which process id's are calling the write system call.  Yes,
you'll get false negatives for processes writing to pty's and serial
devices, et. al.  If you only have ext3 filesystems on your system,
you can could modify the SystemTap script to print a message including
the pid each time there is a call to ext3_file_write().

(With more advanced SystemTap-foo it would be possible to extract out
the inode information and print the inode #, but you'd have to contact
a SystemTap user's mailing list for help doing something like that.
Still, I suspect getting the process ID is hopefully enough for your
purposes.)

Regards,

						- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ