When a non-reproducible crash occurs in an installed .flatpak package, I can debug it with flatpak-coredumpctl, even if I've solely installed the relevant debug packages after the crash occurred . This is a useful way to retroactive generate a backtrace. With an .AppImage, I see (unofficial) documentation on how to proactively capture a coredump and generate a trace *there* , but that's not useful on another machine, or if unique crashes need to be captured. After all, the unexpected coredumps are the most useful. As an example: ~~~ RokeJulianLockhart@Beedell:~$ coredumpctl debug 63788 PID: 63788 (cursor) UID: 1000 (RokeJulianLockhart) GID: 1000 (RokeJulianLockhart) Signal: 5 (TRAP) Timestamp: Sat 2025-07-05 11:43:55 BST (11min ago) Command Line: /usr/share/cursor/cursor Executable: /usr/share/cursor/cursor Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-appimagelauncher@436976d275e044819cec0d32bc46e97e.service Unit: user@1000.service User Unit: app-appimagelauncher@436976d275e044819cec0d32bc46e97e.service Slice: user-1000.slice Owner UID: 1000 (RokeJulianLockhart) Boot ID: b2f81b0d22aa46928bace43988e7c488 Machine ID: b4f0bef5ffd640fba0ab31fdaa2820b8 Hostname: Beedell.RokeJulianLockhart.desktop.SSV2AY Storage: /var/lib/systemd/coredump/core.cursor.1000.b2f81b0d22aa46928bace43988e7c488.63788.1751712235000000.zst (present) Size on Disk: 1.7M Message: Process 63788 (cursor) of user 1000 dumped core. Module libbrotlicommon.so.1 from rpm brotli-1.1.0-6.fc42.x86_64 Module liblzma.so.5 from rpm xz-5.8.1-2.fc42.x86_64 Module libbrotlidec.so.1 from rpm brotli-1.1.0-6.fc42.x86_64 Module libbz2.so.1 from rpm bzip2-1.0.8-20.fc42.x86_64 Module libdatrie.so.1 from rpm libdatrie-0.2.13-11.fc42.x86_64 Module libjson-glib-1.0.so.0 from rpm json-glib-1.10.6-2.fc42.x86_64 Module libjpeg.so.62 from rpm libjpeg-turbo-3.1.0-2.fc42.x86_64 Module libxml2.so.2 from rpm libxml2-2.12.10-1.fc42.x86_64 Module libgraphite2.so.3 from rpm graphite2-1.3.14-18.fc42.x86_64 Module libXinerama.so.1 from rpm libXinerama-1.1.5-8.fc42.x86_64 Module libXcursor.so.1 from rpm libXcursor-1.2.3-2.fc42.x86_64 Module libwayland-egl.so.1 from rpm wayland-1.23.1-1.fc42.x86_64 Module libwayland-cursor.so.0 from rpm wayland-1.23.1-1.fc42.x86_64 Module libgmp.so.10 from rpm gmp-6.3.0-4.fc42.x86_64 Module libnettle.so.8 from rpm nettle-3.10.1-1.fc42.x86_64 Module libhogweed.so.6 from rpm nettle-3.10.1-1.fc42.x86_64 Module libtasn1.so.6 from rpm libtasn1-4.20.0-1.fc42.x86_64 Module libunistring.so.5 from rpm libunistring-1.1-9.fc42.x86_64 Module libidn2.so.0 from rpm libidn2-2.3.8-1.fc42.x86_64 Module libp11-kit.so.0 from rpm p11-kit-0.25.5-5.fc42.x86_64 Module libcrypto.so.3 from rpm openssl-3.2.4-3.fc42.x86_64 Module libkeyutils.so.1 from rpm keyutils-1.6.3-5.fc42.x86_64 Module libkrb5support.so.0 from rpm krb5-1.21.3-6.fc42.x86_64 Module libcom_err.so.2 from rpm e2fsprogs-1.47.2-3.fc42.x86_64 Module libk5crypto.so.3 from rpm krb5-1.21.3-6.fc42.x86_64 Module libkrb5.so.3 from rpm krb5-1.21.3-6.fc42.x86_64 Module libblkid.so.1 from rpm util-linux-2.40.4-7.fc42.x86_64 Module libcap.so.2 from rpm libcap-2.73-2.fc42.x86_64 Module libXau.so.6 from rpm libXau-1.0.12-2.fc42.x86_64 Module libdrm.so.2 from rpm libdrm-2.4.125-1.fc42.x86_64 Module libpixman-1.so.0 from rpm pixman-0.46.2-1.fc42.x86_64 Module libxcb-shm.so.0 from rpm libxcb-1.17.0-5.fc42.x86_64 Module libxcb-render.so.0 from rpm libxcb-1.17.0-5.fc42.x86_64 Module libXrender.so.1 from rpm libXrender-0.9.12-2.fc42.x86_64 Module libfreetype.so.6 from rpm freetype-2.13.3-2.fc42.x86_64 Module libpng16.so.16 from rpm libpng-1.6.44-2.fc42.x86_64 Module libthai.so.0 from rpm libthai-0.1.29-10.fc42.x86_64 Module libwayland-client.so.0 from rpm wayland-1.23.1-1.fc42.x86_64 Module libtinysparql-3.0.so.0 from rpm tinysparql-3.9.2-1.fc42.x86_64 Module libcloudproviders.so.0 from rpm libcloudproviders-0.3.6-1.fc42.x86_64 Module libXi.so.6 from rpm libXi-1.8.2-2.fc42.x86_64 Module libepoxy.so.0 from rpm libepoxy-1.5.10-9.fc42.x86_64 Module libgdk_pixbuf-2.0.so.0 from rpm gdk-pixbuf2-2.42.12-10.fc42.x86_64 Module libcairo-gobject.so.2 from rpm cairo-1.18.2-3.fc42.x86_64 Module libfribidi.so.0 from rpm fribidi-1.0.16-2.fc42.x86_64 Module libfontconfig.so.1 from rpm fontconfig-2.16.0-2.fc42.x86_64 Module libpangoft2-1.0.so.0 from rpm pango-1.56.3-1.fc42.x86_64 Module libharfbuzz.so.0 from rpm harfbuzz-10.4.0-1.fc42.x86_64 Module libpangocairo-1.0.so.0 from rpm pango-1.56.3-1.fc42.x86_64 Module libgdk-3.so.0 from rpm gtk3-3.24.49-2.fc42.x86_64 Module libgnutls.so.30 from rpm gnutls-3.8.9-3.fc42.x86_64 Module libavahi-client.so.3 from rpm avahi-0.9~rc2-2.fc42.x86_64 Module libavahi-common.so.3 from rpm avahi-0.9~rc2-2.fc42.x86_64 Module libgssapi_krb5.so.2 from rpm krb5-1.21.3-6.fc42.x86_64 Module libsystemd.so.0 from rpm systemd-257.7-1.fc42.x86_64 Module libplds4.so from rpm nss-3.112.0-1.fc42.x86_64 Module libplc4.so from rpm nss-3.112.0-1.fc42.x86_64 Module libselinux.so.1 from rpm libselinux-3.8-2.fc42.x86_64 Module libmount.so.1 from rpm util-linux-2.40.4-7.fc42.x86_64 Module libz.so.1 from rpm zlib-ng-2.2.4-3.fc42.x86_64 Module libgmodule-2.0.so.0 from rpm glib2-2.84.2-1.fc42.x86_64 Module libffi.so.8 from rpm libffi-3.4.6-5.fc42.x86_64 Module libpcre2-8.so.0 from rpm pcre2-10.45-1.fc42.x86_64 Module libatspi.so.0 from rpm at-spi2-core-2.56.2-1.fc42.x86_64 Module libasound.so.2 from rpm alsa-lib-1.2.14-3.fc42.x86_64 Module libudev.so.1 from rpm systemd-257.7-1.fc42.x86_64 Module libxkbcommon.so.0 from rpm libxkbcommon-1.8.1-1.fc42.x86_64 Module libxcb.so.1 from rpm libxcb-1.17.0-5.fc42.x86_64 Module libexpat.so.1 from rpm expat-2.7.1-1.fc42.x86_64 Module libgbm.so.1 from rpm mesa-25.0.7-2.fc42.x86_64 Module libXrandr.so.2 from rpm libXrandr-1.5.4-5.fc42.x86_64 Module libXfixes.so.3 from rpm libXfixes-6.0.1-5.fc42.x86_64 Module libXext.so.6 from rpm libXext-1.3.6-3.fc42.x86_64 Module libXdamage.so.1 from rpm libXdamage-1.1.6-5.fc42.x86_64 Module libXcomposite.so.1 from rpm libXcomposite-0.4.6-5.fc42.x86_64 Module libX11.so.6 from rpm libX11-1.8.11-1.fc42.x86_64 Module libcairo.so.2 from rpm cairo-1.18.2-3.fc42.x86_64 Module libpango-1.0.so.0 from rpm pango-1.56.3-1.fc42.x86_64 Module libgtk-3.so.0 from rpm gtk3-3.24.49-2.fc42.x86_64 Module libcups.so.2 from rpm cups-2.4.12-3.fc42.x86_64 Module libatk-bridge-2.0.so.0 from rpm at-spi2-core-2.56.2-1.fc42.x86_64 Module libatk-1.0.so.0 from rpm at-spi2-core-2.56.2-1.fc42.x86_64 Module libdbus-1.so.3 from rpm dbus-1.16.0-3.fc42.x86_64 Module libnspr4.so from rpm nss-3.112.0-1.fc42.x86_64 Module libsmime3.so from rpm nss-3.112.0-1.fc42.x86_64 Module libnssutil3.so from rpm nss-3.112.0-1.fc42.x86_64 Module libnss3.so from rpm nss-3.112.0-1.fc42.x86_64 Module libgio-2.0.so.0 from rpm glib2-2.84.2-1.fc42.x86_64 Module libgobject-2.0.so.0 from rpm glib2-2.84.2-1.fc42.x86_64 Module libglib-2.0.so.0 from rpm glib2-2.84.2-1.fc42.x86_64 Stack trace of thread 63788: #0 0x0000555b9189e4a9 n/a (/usr/share/cursor/cursor + 0x64384a9) #1 0x0000555b8dbff5ea n/a (/usr/share/cursor/cursor + 0x27995ea) #2 0x0000555b8dbfdac5 n/a (/usr/share/cursor/cursor + 0x2797ac5) #3 0x0000555b8dbfdf70 n/a (/usr/share/cursor/cursor + 0x2797f70) #4 0x0000555b8d8998f7 n/a (/usr/share/cursor/cursor + 0x24338f7) #5 0x00007f5ed2bc85f5 __libc_start_call_main (libc.so.6 + 0x35f5) #6 0x00007f5ed2bc86a8 __libc_start_main_impl (libc.so.6 + 0x36a8) #7 0x0000555b8d47102a n/a (/usr/share/cursor/cursor + 0x200b02a) ELF object binary architecture: AMD x86-64 GNU gdb (Fedora Linux) 16.3-1.fc42 Copyright (C) 2024 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... /usr/share/cursor/cursor: No such file or directory. This GDB supports auto-downloading debuginfo from the following URLs: Enable debuginfod for this session? (y or [n]) y Debuginfod has been enabled. To make this setting permanent, add 'set debuginfod enabled on' to .gdbinit. warning: Can't open file /usr/share/cursor/libffmpeg.so during file-backed mapping note processing warning: Can't open file /usr/share/cursor/cursor during file-backed mapping note processing [New LWP 63788] Core was generated by `/tmp/.mount_Cursorco8TO2/usr/share/cursor/cursor'. Program terminated with signal SIGTRAP, Trace/breakpoint trap. #0 0x0000555b9189e4a9 in ?? () Missing file(s), try: dnf --enablerepo='*debug*' install /usr/lib/.build-id/79/bae446b9a2d28f83944da3e26fdc4738a35d86 /usr/lib/debug/.build-id/79/bae446b9a2d28f83944da3e26fdc4738a35d86.debug Missing file(s), try: dnf --enablerepo='*debug*' install /usr/lib/.build-id/60/fed38b5df7050dd9cfc6a9ff9082c863370451 /usr/lib/debug/.build-id/60/fed38b5df7050dd9cfc6a9ff9082c863370451.debug (gdb) bt full #0 0x0000555b9189e4a9 in ?? () No symbol table info available. #1 0x0000555b00000001 in ?? () No symbol table info available. #2 0xaaaaaa00ffffffff in ?? () No symbol table info available. #3 0x0000000000000000 in ?? () No symbol table info available. ~~~ ##### Rationale I've already enough information for a bug report to the developers , because I know what action caused it. However, considering the unusual signal, I'd like to be able to better confirm whether a [mis]configuration of mine is relevant, and provide *actionable* information.

We have strace to trace programs, ltrace for dynamic libraries, and others. Is there any equivalent for kernel objects, as in tracing just like strace but for a specific .ko? Thanks

I recently met a issue that my sshd keep dead repeatly, I did the following check. 1. from the /var/log/message, I could see the sshd keeped restarting

Apr 23 12:05:39 host1  systemd: Stopping OpenSSH server daemon...
    Apr 23 12:05:39 host1  systemd: Stopped OpenSSH server daemon.
    Apr 23 12:05:39 host1  systemd: Starting OpenSSH server daemon...
    Apr 23 12:05:39 host1  systemd: Started OpenSSH server daemon.

2. from the /var/log/secure, I found that sometimes singal 15 was received by sshd

Apr 23 11:32:52 host1  sshd: Received signal 15; terminating.
    Apr 23 11:32:52 host1  sshd: Server listening on 0.0.0.0 port 36000.
    Apr 23 11:32:52 host1  sshd: Received signal 15; terminating.
    Apr 23 11:32:52 host1  sshd: Server listening on 0.0.0.0 port 36000.

3. I checked sshd -t, there is no syntax errors 4. In order to check who is sending signal 15 to the sshd, I tried the following, how should I tried the next time?

[root@host1 /sys/kernel/debug/tracing/events/signal/signal_deliver]# echo 1 > /sys/kernel/debug/tracing/events/signal/enable
    [root@host1 /sys/kernel/debug/tracing/events/signal/signal_deliver]# echo "sig == 15" > /sys/kernel/debug/tracing/events/signal/filter

Bash has a sometimes-useful feature whereby if you turn on the "-x" option (I believe the symbolic name is xtrace), Bash outputs each line of script as it executes it. I know of two ways to enable this behavior: * In the script itself, say set -x * On the command line, pass the -x option to Bash. Is there any way of turning this option on via environment variables? (In particular, I'm not invoking Bash myself, so I can't pass any options to it, and the script of interest is inside a compressed archive which I don't really feel like rebuilding. If I could set an environment variable, it would presumably be inherited by all child processes...) * The manpage says something about BASHOPTS, but when I try it Bash says that's read-only. (Thanks for not mentioning that in the manpage.) * Similarly, SHELLOPTS also seems to be read-only. * You can select *which FD* is used with BASH_XTRACEFD. But I still need to turn tracing on in the first place.

I am using the bpf_printk() helper to print to the kernel debug to trace some BPF programs. The usage is as follows:

#include 

#include 
#include 

#include 

char LICENSE[] SEC("license") = "GPL";

SEC("sk_msg")
int http_state_machine(struct sk_msg_md *msg) {
  long len = (long)msg->data_end - (long)msg->data;
  if (len > 0) {
    bpf_printk("Message length: %ld\n", len);
  }

  return SK_PASS;
}

Then I try to read the trace_pipe via sudo cat /sys/kernel/debug/tracing/trace_pipe > check.log. My goal is to read only the first few lines of the trace, instead of the entire trace. However, this takes a very long time (in the order of minutes) to move all the output into check.log. I learnt from [this](https://unix.stackexchange.com/a/684146/441335) answer, that the output of the trace_pipe is also the same in the static file /sys/kernel/debug/tracing/trace. And the trace file has nearly 10k lines. My question is: How can I clear the entire output of the trace_pipe and/or trace - either by moving the entire output to a new file or discarding the output (after having read the first few lines)?

I have the following in a script:

` lang-bash
#!/bin/bash

logFile='script.log'
echo -n > $logFile
log="tee -a $logFile"

set -x
scp ... user@host:...
ssh user@host "
  echo '...message...'
  " 2>&1 | $log
{ set +x ;} 2> /dev/null  # avoids trace output of '++ set +x'

` The output is:

` lang-bash
++ ssh user@host '
  echo '\''> ...message...'\''
  '
++ tee -a script.log
> ...message...

` Can the ++ tee ... trace line be suppressed somehow, as well?

So after I realized internet is just connection between routers and every routers have IP address, I want to know route of my already traversed packet. I mean, look this example case: Suppose my device A sending packet to another my device D through internet.

A -> B -> C -> D

* A is my device with public IP 123.321.123.321 * B is stranger router that I don't know what is its IP * C same like B. * D is my device with public IP 12.12.12.12 Suppose I sent simple packet, for example ping in device A.

ping 12.12.12.12

How do I know if PING packet has been routed from another router? I expect there's simple command that will display info like this:

$ ping --trace 12.12.12.12
Sending packet internet gropher...
routing to (device B IP)
routing to (device C IP)
Packet arrive to (12.12.12.12) with 12ms

When setting up the function_graph tracer in Linux (Ubuntu 18), the trace that is stored at /sys/kernel/debug/tracing/trace only stores a couple of seconds before overwriting itself. As the period might be variable, I cannot be saving it with for example cat /sys/kernel/debug/tracing/trace >> total_trace Because it might produce duplicates which are not acceptable during postprocessing. Even worst, it might miss some information. Is there a way I can open the file and just pipe all the new incoming info to another one? Thanks

When ltrace is used for tracing the system calls, I could see that fork() uses sys_clone() rather than sys_fork(). But I couldn't find the linux source where it is defined. My program is: #include main() { int pid,i=0,j=0; pid=fork(); if(pid==0) printf("\nI am child\n"); else printf("\nI am parent\n"); } And ltrace output is: SYS_brk(NULL) = 0x019d0000 SYS_access("/etc/ld.so.nohwcap", 00) = -2 SYS_mmap(0, 8192, 3, 34, 0xffffffff) = 0x7fe3cf84f000 SYS_access("/etc/ld.so.preload", 04) = -2 SYS_open("/etc/ld.so.cache", 0, 01) = 3 SYS_fstat(3, 0x7fff47007890) = 0 SYS_mmap(0, 103967, 1, 2, 3) = 0x7fe3cf835000 SYS_close(3) = 0 SYS_access("/etc/ld.so.nohwcap", 00) = -2 SYS_open("/lib/x86_64-linux-gnu/libc.so.6", 0, 00) = 3 SYS_read(3, "\177ELF\002\001\001", 832) = 832 SYS_fstat(3, 0x7fff470078e0) = 0 SYS_mmap(0, 0x389858, 5, 2050, 3) = 0x7fe3cf2a8000 SYS_mprotect(0x7fe3cf428000, 2097152, 0) = 0 SYS_mmap(0x7fe3cf628000, 20480, 3, 2066, 3) = 0x7fe3cf628000 SYS_mmap(0x7fe3cf62d000, 18520, 3, 50, 0xffffffff) = 0x7fe3cf62d000 SYS_close(3) = 0 SYS_mmap(0, 4096, 3, 34, 0xffffffff) = 0x7fe3cf834000 SYS_mmap(0, 4096, 3, 34, 0xffffffff) = 0x7fe3cf833000 SYS_mmap(0, 4096, 3, 34, 0xffffffff) = 0x7fe3cf832000 SYS_arch_prctl(4098, 0x7fe3cf833700, 0x7fe3cf832000, 34, 0xffffffff) = 0 SYS_mprotect(0x7fe3cf628000, 16384, 1) = 0 SYS_mprotect(0x7fe3cf851000, 4096, 1) = 0 SYS_munmap(0x7fe3cf835000, 103967) = 0 __libc_start_main(0x40054c, 1, 0x7fff47008298, 0x4005a0, 0x400590 fork( SYS_clone(0x1200011, 0, 0, 0x7fe3cf8339d0, 0) = 5967 ) = 5967 puts("\nI am parent" SYS_fstat(1, 0x7fff47008060) = 0 SYS_mmap(0, 4096, 3, 34, 0xffffffff ) = 0x7fe3cf84e000 I am child SYS_write(1, "\n", 1 ) = 1 SYS_write(1, "I am parent\n", 12) = -512 --- SIGCHLD (Child exited) --- SYS_write(1, "I am parent\n", 12I am parent ) = 12 ) = 13 SYS_exit_group(13 +++ exited (status 13) +++

I'm trying to debug if my app keeps opened files somewhere in the code. I thought of using strace for that but all of the previous topics (like this one ) were talking about only opened files. While this information is useful, I'm interested in files that were unclosed by the process and it's forks (for understandable reasons). How it can be done?

I was exploring the tracing of commands using set -x (set +x to unset) in bash : > Print a trace of simple commands, for commands, case commands, select > commands, and arithmetic for commands and their arguments or > associated word lists after they are expanded and before they are > executed. The value of the PS4 variable is expanded and the resultant > value is printed before the command and its expanded arguments. Now consider the following, tracing the use of the the bash builtin [echo \[-neE\] \[arg …\]][3] command with and *without* quotes: # set -x # what I typed # echo 'love' # ... + echo love If no matching file names are found, and the shell option nullglob is > disabled, the word is left unchanged. But the thing is that the word in (2) is unquoted love? not 'love?'. The trace shows the state before command execution but *after* expansion, and as we're seeing there is pathname expansion because of ? and there were no matches in the first case(2) we used the special character. So the single quotes appear in that case, just as when we use single quotes(3) ourselves with the same string? Whereas in the other cases there was either a literal or the match was found and accordingly "replaced" the pattern in the command. This seems to be what is meant in the manual section on quote removal right after expansion: > After the preceding expansions, all unquoted occurrences of the > characters ‘\’, ‘'’, and ‘"’ that *did not result* from one of the > above expansions are removed. (my italics) So here(2) we have unquoted occurrences of ' which result from the prior expansion. I did not put them there; bash did, and now they're *not removed* - and we're just before the execution of the command. ---------- *Similar illustration with for* Consider this list used in a for name [ [in [words …] ] ; ] do commands; done loop1 , with no matching file: # for i in love love? 'love?'; do echo $i; done + for i in love 'love?' ''\''love?'\''' + echo love love + for i in love 'love?' ''\''love?'\''' + echo 'love?' love? + for i in love 'love?' ''\''love?'\''' + echo 'love?' love? So the echo command behavior is quite the same but in the case of the items in the for construct, it seems like it's trying to... escape itself quoting my quotes?? I'm uncertain... ---------- **Questions** - Why is an unquoted failed pathname expansion pattern denoted with single quotes in the context(2); expansion is completed anyway and we're going to execute? Again, we've completed expansion already and the pattern failed - nothing should have to expand anymore. I guess what I'm asking is why do we care at this point - the point we're at is just before 3.7.2-4 in the bash manual. Why isn't this left "as is" and expansion is simply turned off for command execution i.e. something like set -f? - (What is the for loop doing with my single quoted item in the list?) ---------- 1. When using such a word list construct with for, it's really a list of items and the values are for convenience really as I find t="0"; for i in 0 0 0 0; do let t++; echo "yes, this is really $t times"; done quite convincing.

For certain reasons I have to delete all files that might indicate that the syatem has once been linked to the internet. I have deleted all the records in browser, and the internet ethernet address. What else I can do, such that no one is able to know that the system has linked to the internet? Can I delete all files in var/log? This is a new system with only the anaconda and relavant pachakges been installed.

I am following bcc Tutorial and trying to execute the trace-bpfcc command: sudo trace-bpfcc 'sys_execve "%s", arg1' The command fails with an error: `cannot attach kprobe, probe entry may not exist Failed to attach BPF program b'probe_sys_execve_1' to kprobe b'sys_execve'` While searching the web, I found that such an error can occur if the symbol __x64_sys_execve is missing in /proc/kallsyms, but I have one there. I don't have any kernel development experience at all, what do I need to do to fix this issue? My distro is Ubuntu 20

I wrote different two different types of queues. Bundled them in different .sos. I have a driver main.c which tests functions offered by those queues. main.c makes use dlfcn.h to load, unload required library at run-time. Both the implementations of queue make use of standard library functions. I wish to list number of mallocs and frees made by my library. So I did ltrace -c ./exe.out but, it could not catch any standard library calls made by my dlopen()ed libraries. All that ltrace could tap in was dl*() calls. I checked SEE ALSO part of man ltrace and so read man ltrace.conf too. But the manual itself is bit obfuscated for beginners like me! - How to trace calls made by dlopen()ed libraries using ltrace utility? - Does configuring /etc/ltrace.conf help me deal this situation?

I want to declare a few *non environment variables* and print them directly afterwards. For example: read domain && web_application_root="${HOME}/www" && domain_dir="${web_application_root}/${domain}/public_html" && **What command should come after the third && to print the output of the last three variable declarations?** The purpose of printing the output is to just neatly show the output of the three commands in one place, ordinal, perhaps in a table-like manner, comfortable to read (much more comfortable than say set -x traces).

I am executing ssh myuser@myserver. **Is there any way to trace all actions performed and the names of files being sourced? (similarly as with bash -x)** PS: I executed bash -x at the command prompt after sshing (spawning another Shell), but I do not know if the sequence of actions is the same as when sshing (see https://unix.stackexchange.com/q/408101/137608)

I'm hunting a malware under my linux .mozilla folder. My first step is try to log all opened files during running of firefox. What do you advice me to use for this purpose ? Strace ? Are there other tools ? not lsof because I don't know if the file will be closed after loading. Thanks.

The script below works perfectly when ran from the CLI but when running it from a cron it fails with the error "/usr/local/sbin/mtr: Failure to start mtr-packet: Invalid argument" Here's the cron entry from root's own crontab: * * * * * /root/trace_to_fpp.sh >/dev/null 2>&1 At first I thought it was a permissions issue but that does not seem to follow the error. Below is the script being used. #! /bin/bash DIR=/var/log/traces/FPP/$(date +%Y-%m-%d)/$(date +"%H")/ DIR_FILE=$DIR$(date +"%M") mkdir -p $DIR /usr/local/sbin/mtr -o "L SRD NBAW JMXI" --report-wide --report-cycles 5 --no-dns --aslookup 1.1.1.1 > $DIR_FILE /usr/local/sbin/mtr -o "L SRD NBAW JMXI" --report-wide --report-cycles 5 --aslookup 1.1.1.1 >> $DIR_FILE This is on CentOS 6, if that's important.

I have opensuse leap 15.0. I installed a libero soc application from microsemi. It is giving me a bizarre problem. When installed libero soc v12, after clicking its desktop icon, it starts normally (flash screen and an expected error message that some license files are missing etc). However I cannot use it for my board kit programming because my board is much older and v12 version does not support older boards. So I installed appropriate libero soc v11.9. However, when I click its desktop icon, it will not start. It only pops the icon on menu bar and vanishes. No flash screen and no any error messages. How do I trace (in linux terminal or alternatively )the start up error messages so I can find out where the source of failure is?

I am using tcpdump to capture packets while being on omegle. However, I have been fairly unsuccessful to get strangers IP. All the IP I see are traced back to either 172.*.*.* which is for google 104.23.*.* for omegle and some servers. Now, commands I've used are tcpdump -nn src 192.168.42.152, which is my src address, Have also tried tcpdump -ttnnvvS for complete raw output. But in vain. Am I doing it wrong? I remember using wireshark and it was pretty easy with it, but don't happen to have wireshark at the moment. Also note that, I am not using the IP for any sort of illegal activity nor am I using it to pull a silly prank on anyone. Wanna help me out a bit here? Are there any other ways except wireshark to do that? Also, ethernet was my only interface hence no -i eth0.