KUJUNTI.ID MINISH3LL
Path : /proc/self/root/usr/share/doc/bpfcc-tools/examples/doc/
(S)h3ll Cr3at0r :
F!le Upl0ad :
B-Con CMD Config cPanel C-Rdp D-Log Info Jump Mass Ransom Symlink vHost Zone-H
Current File : //proc/self/root/usr/share/doc/bpfcc-tools/examples/doc/filegone_example.txt


Demonstrations of filegone, the Linux eBPF/bcc version.


filegone traces why file gone, either been deleted or renamed
For example:

# ./filegone 
18:30:56 22905   vim               DELETE .fstab.swpx
18:30:56 22905   vim               DELETE .fstab.swp
18:31:00 22905   vim               DELETE .viminfo
18:31:00 22905   vim               RENAME .viminfo.tmp > .viminfo
18:31:00 22905   vim               DELETE .fstab.swp

USAGE message:

usage: filegone.py [-h] [-p PID]

Trace why file gone (deleted or renamed)

optional arguments:
  -h, --help         show this help message and exit
  -p PID, --pid PID  trace this PID only

examples:
    ./filegone           # trace all file gone events
    ./filegone -p 181    # only trace PID 181

© KUJUNTI.ID