-
Notifications
You must be signed in to change notification settings - Fork 13
Tracing with Dtrace
Avi Lumelsky edited this page Apr 10, 2023
·
1 revision
Table of Contents generated with DocToc
There are several methods to create a secimport profile for your modules.
- Using a YAML build
- Using
secure_import
from python:secimport.secure_import(..., log_syscalls=True, destructive=False)
- The log output will contain all the syscalls made by your process.
- Create a secure import based on that log
- Using our dscript to generate a profile:
sudo dtrace -s secimport/templates/default.allowlist.template.d -c "python -m http.server"
- CTRL+C
- Create a secure import based on that log.
- Using
bpftrace
- Using
dtrace
- Tracing the syscalls of a process with pid
12345
dtrace -n 'syscall::: /pid == ($1)/ {@[pid,execname,probefunc]=count()}' 12345
- Tracing the syscalls of a docker container with pid
12345
dtrace -n 'syscall::: /progenyof($1)/ {@[pid,execname,probefunc]=count()}' 12345
- Tracing the syscalls of a process with pid
- Using an
strace
script I contributed to FireJail- A script to list all your application's syscalls using
strace
.
I contributed it tofirejail
a few years ago: - https://github.com/netblue30/firejail/blob/master/contrib/syscalls.sh
-
wget "https://raw.githubusercontent.com/netblue30/firejail/c5d426b245b24d5bd432893f74baec04cb8b59ed/contrib/syscalls.sh" -O syscalls.sh chmod +x syscalls.sh ./syscalls.sh examples/http_request.py
- A script to list all your application's syscalls using