Tcpdump
帶有 shell 腳本的 tcpdump -z postrotate-command
我正在努力尋找在嘗試執行帶有 -z 標誌的 tcpdump 的 shell 腳本時哪裡出錯了。似乎沒有很多/任何使用此標誌的範例。在手冊頁中,他們強調使用 gzip 作為命令,這對我來說很好。這是 tcpdump 的 -z 的手冊頁:
-z postrotate-command Used in conjunction with the -C or -G options, this will make tcpdump run " postrotate-command file " where file is the savefile being closed after each rotation. For example, specifying -z gzip or -z bzip2 will compress each savefile using gzip or bzip2. Note that tcpdump will run the command in parallel to the capture, using the lowest priority so that this doesn't disturb the capture process. And in case you would like to use a command that itself takes flags or different arguments, you can always write a shell script that will take the savefile name as the only argument, make the flags & arguments arrangements and execute the command that you want.我現在的shell腳本非常基本……只是因為我試圖找出我出錯的地方:
test.sh - 這個文件是 777 以確保它不是權限問題
#!/bin/sh cp $1 $1.BAK第一次嘗試:
tcpdump port 53 -i any -U -G 60 -z test.sh -Z root -w tcpdump_files/tcpdump_%M.pcap ... compresss_savefile: execlp(test.sh, tcpdump_files/tcpdump_02.pcap) failed: No such file or directory.好像我需要告訴 tcpdump 執行這個文件,所以:
tcpdump port 53 -i any -U -G 60 -z ./test.sh -Z root -w tcpdump_files/tcpdump_%M.pcap ... compresss_savefile: execlp(./test.sh, tcpdump_files/tcpdump_02.pcap) failed: Permission denied.也許完全限定腳本?沒有..
tcpdump port 53 -i any -U -G 60 -z /home/me/test.sh -Z root -w tcpdump_files/tcpdump_%M.pcap ... compresss_savefile: execlp(/home/me/test.sh, tcpdump_files/tcpdump_02.pcap) failed: Permission denied.我很可能誤解了該參數如何適用於 -z 標誌和它在後台執行的 execlp。我也嘗試過這樣做
-z '/bin/sh, test.sh'但是這給出了沒有這樣的文件或目錄錯誤。
找到了一個解決方案:tcpdump post script Permission denied
總結一下:
#if this says enforce then change it to complain grep tcpdump /sys/kernel/security/apparmor/profiles #change to complain aa-complain /usr/sbin/tcpdump就我而言,我的盒子上沒有apparmor。但是
sudo apt install apparmor-utils按照上述步驟進行操作可以解決我的權限被拒絕問題。