aboutsummaryrefslogtreecommitdiff
path: root/Man/man1m/shellsnoop.1m
diff options
context:
space:
mode:
Diffstat (limited to 'Man/man1m/shellsnoop.1m')
-rw-r--r--Man/man1m/shellsnoop.1m99
1 files changed, 99 insertions, 0 deletions
diff --git a/Man/man1m/shellsnoop.1m b/Man/man1m/shellsnoop.1m
new file mode 100644
index 000000000000..a533ab0e1c1f
--- /dev/null
+++ b/Man/man1m/shellsnoop.1m
@@ -0,0 +1,99 @@
+.TH shellsnoop 1m "$Date:: 2007-08-05 #$" "USER COMMANDS"
+.SH NAME
+shellsnoop \- snoop live shell activity. Uses DTrace.
+.SH SYNOPSIS
+.B shellsnoop
+[\-hqsv] [\-p PID] [\-u UID]
+.SH DESCRIPTION
+A program to print read/write details from shells,
+such as keystrokes and command outputs.
+
+This program sounds somewhat dangerous (snooping keystrokes), but is
+no more so than /usr/bin/truss, and both need root or dtrace privileges to
+run. In fact, less dangerous, as we only print visible text (not password
+text, for example). Having said that, it goes without saying that this
+program shouldn't be used for breeching privacy of other users.
+
+This was written as a tool to demonstrate the capabilities of DTrace.
+
+Since this uses DTrace, only the root user or users with the
+dtrace_kernel privilege can run this command.
+.SH OS
+Solaris
+.SH STABILITY
+stable - this script uses the syscall provider.
+.SH OPTIONS
+.TP
+\-q
+quiet, only print data
+.TP
+\-s
+include start time, us
+.TP
+\-v
+include start time, string
+.TP
+\-p PID
+PID to snoop
+.TP
+\-u UID
+user ID to snoop
+.PP
+.SH EXAMPLES
+.TP
+Default output,
+#
+.B shellsnoop
+.TP
+human readable timestamps,
+#
+.B shellsnoop
+\-v
+.TP
+watch this PID only,
+#
+.B shellsnoop
+\-p 1892
+.TP
+watch this PID data only,
+#
+.B shellsnoop
+\-qp 1892
+.PP
+.SH FIELDS
+.TP
+UID
+user ID
+.TP
+PID
+process ID
+.TP
+PPID
+parent process ID
+.TP
+COMM
+command name
+.TP
+DIR
+direction (R read, W write)
+.TP
+TEXT
+text contained in the read/write
+.TP
+TIME
+timestamp for the command, us
+.TP
+STRTIME
+timestamp for the command, string
+.PP
+.SH DOCUMENTATION
+See the DTraceToolkit for further documentation under the
+Docs directory. The DTraceToolkit docs may include full worked
+examples with verbose descriptions explaining the output.
+.SH EXIT
+shellsnoop will run forever until Ctrl\-C is hit.
+.SH AUTHOR
+Brendan Gregg
+[Sydney, Australia]
+.SH SEE ALSO
+dtrace(1M)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-19 02:08:02 +0000