lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20120214082656.GA5538@citd.de>
Date:	Tue, 14 Feb 2012 09:26:56 +0100
From:	Matthias Schniedermeyer <ms@...d.de>
To:	Valdis.Kletnieks@...edu
Cc:	Michael Opdenacker <michael.opdenacker@...e-electrons.com>,
	ranjith kumar <ranjithproxy@...il.com>,
	linux-kernel@...r.kernel.org
Subject: Re: how to know list of files accessed

On 13.02.2012 23:44, Valdis.Kletnieks@...edu wrote:
> On Mon, 13 Feb 2012 13:32:56 +0100, Michael Opdenacker said:
> 
> > An easy way is to run your command with 'strace' to trap all the calls
> > to 'open':
> >
> > strace make 2>&1 | grep open
> 
> You really want 'strace -f make' - the -f flag makes it follow forks, which you
> want to do because it's gcc that's doing most of the actual file I/O, not make.
> 
> Oh.  and you want to redirect that grep into a temporary file and be
> prepared to post-process it with perl or something, there's going to be
> *zillions* of open() syscalls.

Inotify is certainly easier.

When inotifywait from inotify-tools is available:
inotifywait -m -r -e open <dir> > files.opened

This monitors recusivly for the "open" event and writes it into 
files.opened.

In my case that is:
wc -l files.opened
1115553 files.opened

And this number of unique files with directories
sort < files.opened | uniq | wc -l
5454

And this number af unique fiels without dirs.
cat files.opened | grep -v ISDIR | sort | uniq | wc -l
3837

I use "O=../compile_dir" to get the output into another dir, if you 
don't do that all newly created files are also counted, as you also 
"open" them.




Bis denn

-- 
Real Programmers consider "what you see is what you get" to be just as 
bad a concept in Text Editors as it is in women. No, the Real Programmer
wants a "you asked for it, you got it" text editor -- complicated, 
cryptic, powerful, unforgiving, dangerous.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ