#!/bin/bash
touch /tmp/sn2 /tmp/sn4 /tmp/sn6 /tmp/sn3
redir=/dev/null
which lsof >&/dev/null
lsofs=$?
def=$1
[ x"$def" == x ] && def=5
[ $lsofs -ne 0 ] && def=$(($def-4))
[ $def -lt 1 ] && def=1
while [ 1 == 1 ]; do
echo ""
date > $redir
sleep $def
if [ $lsofs -ne 0 ]; then
find /proc/*/fd/* -type l -perm /222 2>/dev/null -exec ls -logLd {} \; > /tmp/sn1
new=`diff /tmp/sn1 /tmp/sn2|grep '<'|awk '{print $NF}'`
for f in $new; do
if [ -e "$f" ]; then
fl=`ls -log "$f"|cut -d'>' -f2-`
sz=`stat -Lc%s "$f"`
[ `echo "$fl"|egrep -c "pipe:|socket:|/dev/"` -eq 0 ] && echo "WRITE $sz $fl" > $redir
fi
done
find /proc/*/fd/* -type l -perm 500 2>/dev/null -exec ls -logLd {} \; > /tmp/sn3
new=`diff /tmp/sn3 /tmp/sn4|grep '<'|awk '{print $NF}'`
for f in $new; do
if [ -e "$f" ]; then
fl=`ls -log "$f"|cut -d'>' -f2-`
sz=`stat -Lc%s "$f"`
[ `echo "$fl"|egrep -c "pipe:|socket:|/dev/|/proc"` -eq 0 ] && echo "READ $sz $fl" > $redir
fi
done
else
lsof -Pn|grep "[0-9][ruw] .*REG "|awk '{print substr($4,length($4),1)" "$9" "$7}'|grep -v "/proc/"|sort -u > /tmp/sn1
diff /tmp/sn1 /tmp/sn2|grep '<'|sed -e s/"^. r"/READ/ -e s/"^. w"/WRITE/ -e s/"^. u"/READWRITE/ > $redir
touch /tmp/sn3
fi
ps -eo user,pid,ppid,cmd|grep -v " $$ " > /tmp/sn5
diff /tmp/sn5 /tmp/sn6|grep '^<'|sed s/"^. "/"PROCESS "/ > $redir
mv /tmp/sn3 /tmp/sn4; mv /tmp/sn1 /tmp/sn2; mv /tmp/sn5 /tmp/sn6
redir=`tty`
done
浙公网安备 33010602011771号