| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Sep 2006 09:37:45 -0400 From: Theodore Tso <tytso@....edu> To: Dave Edwards <ext2@....lusars.net> Cc: linux-ext4@...r.kernel.org Subject: Re: Newbie ext2 forensics question... On Fri, Sep 29, 2006 at 04:47:38AM +0000, Dave Edwards wrote: > I'm trying to tune a linux system to spin down its (ext2-formatted) disk when > the system is idle. I've worked down to two problematic applications that > periodically spin up the disk, even though the (tiny) file they're writing is > (allegedly) on a tmpfs partition (/tmp/application/datafile, as it happens). If you are using a distribution that has SystemTap preinstalled, something that may be simpler to use would be a SystemTap script which logs which process id's are calling the write system call. Yes, you'll get false negatives for processes writing to pty's and serial devices, et. al. If you only have ext3 filesystems on your system, you can could modify the SystemTap script to print a message including the pid each time there is a call to ext3_file_write(). (With more advanced SystemTap-foo it would be possible to extract out the inode information and print the inode #, but you'd have to contact a SystemTap user's mailing list for help doing something like that. Still, I suspect getting the process ID is hopefully enough for your purposes.) Regards, - Ted - To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists