Merge pull request #252 from mariux64/add-forensics

forensics: new timer service to dump user system info
mariux64 · May 12, 2022 · 672adfa · 672adfa
2 parents c6f2a41 + 9475029
commit 672adfa
Show file tree

Hide file tree

Showing 5 changed files with 184 additions and 0 deletions.
diff --git a/forensics/forensics b/forensics/forensics
@@ -0,0 +1,163 @@
+#!/usr/local/system/perl/bin/perl -w
+
+# https://www.kernel.org/doc/html/latest/filesystems/proc.html
+
+use strict;
+
+chdir '/proc';
+
+my %SO;
+my $c = '';
+if ( opendir( my $dh, '.' ) ) {
+
+    # loadavg
+    my $D = '/proc/loadavg';
+    if ( open M, '<', $D ) {
+        print map {"${D} $_"} <M>;
+        close M;
+    }
+
+    # stat
+    $D = '/proc/stat';
+    if ( open M, '<', $D ) {
+        print map {"${D} $_"} <M>;
+        close M;
+    }
+
+    # meminfo
+    $D = '/proc/meminfo';
+    if ( open M, '<', $D ) {
+        print map {"${D} $_"} <M>;
+        close M;
+    }
+
+    # vmstat
+    $D = '/proc/vmstat';
+    if ( open M, '<', $D ) {
+        print map {"${D} $_"} <M>;
+        close M;
+    }
+
+    # slabinfo  += 0.050
+    $D = '/proc/slabinfo';
+    if ( open M, '<', $D ) {
+        print map {"${D} $_"} <M>;
+        close M;
+    }
+
+    # vmallocinfo  += 0.010
+    $D = '/proc/vmallocinfo';
+    if ( open M, '<', $D ) {
+        print map {"${D} $_"} <M>;
+        close M;
+    }
+
+    # interrupts
+    $D = '/proc/interrupts';
+    if ( open M, '<', $D ) {
+        print map {"${D} $_"} <M>;
+        close M;
+    }
+
+    my $pid = 1;
+    my $C   = "/proc/$pid/";
+
+    # mountstats
+    if ( open M, '<', "$pid/mountstats" ) {
+        print map {"${C}mountstats $_"} <M>;
+        close M;
+    }
+
+    # mounts
+    if ( open M, '<', "$pid/mounts" ) {
+        print map {"${C}mounts $_"} <M>;
+        close M;
+    }
+
+    while ( readdir $dh ) {
+        next unless /^\d+$/;
+        my $pid = $_;
+        @_ = stat($pid);
+        next if $_[4] == 0;
+
+        $C = "/proc/$pid/";
+
+        # uid:gid mtime
+        printf "${C}. %d:%d %d\n", $_[4], $_[5], $_[9];
+
+        # exe
+        $_ = readlink("$pid/exe");
+        defined($_) and print "${C}exe $_\n";
+
+        # cwd
+        $_ = readlink("$pid/cwd");
+        defined($_) and print "${C}cwd $_\n";
+
+        # cmdline
+        if ( open M, '<', "$pid/cmdline" ) {
+            $_ = <M>;
+            if (defined) {
+                s/([^ -~])/sprintf("\\x%02x",ord($1))/ge;
+                print "${C}cmdline $_\n";
+            }
+            close M;
+        }
+
+        # environ
+        if ( open M, '<', "$pid/environ" ) {
+            $_ = <M>;
+            if (defined) {
+                s/([^ -~])/sprintf("\\x%02x",ord($1))/ge;
+                print "${C}environ $_\n";
+            }
+            close M;
+        }
+
+        # stat
+        if ( open M, '<', "$pid/stat" ) {
+            print "${C}stat " . <M>;
+            close M;
+        }
+
+        # statm
+        if ( open M, '<', "$pid/statm" ) {
+            print "${C}statm " . <M>;
+            close M;
+        }
+
+        # status
+        if ( open M, '<', "$pid/status" ) {
+            print map {"${C}status $_"} <M>;
+            close M;
+        }
+
+        # io
+        if ( open M, '<', "$pid/io" ) {
+            print map {"${C}io $_"} <M>;
+            close M;
+        }
+
+        # stack
+        if ( open M, '<', "$pid/stack" ) {
+            print map {"${C}stack $_"} <M>;
+            close M;
+        }
+
+        # too expensive : 3.8s vs. 0.1s
+        # smaps_rollup
+        #if ( open M, '<', "$pid/smaps_rollup" ) {
+        #    print map {"${C}smaps_rollup $_"} <M>;
+        #    close M;
+        #}
+
+        if ( opendir( my $fdh, "$pid/fd" ) ) {
+            while ( readdir $fdh ) {
+                next unless /^\d+$/;
+                my $l = readlink("$pid/fd/$_");
+                defined($l) and printf "%sfd/%s $l\n",${C},$_;
+            }
+            closedir($fdh);
+        }
+    }
+    closedir($dh);
+}
diff --git a/forensics/forensicsd b/forensics/forensicsd
@@ -0,0 +1,8 @@
+#! /bin/bash
+# every 10 minutes
+printf -v d "%(%M)T"
+LOG=/var/log/forensics-${d:0:1}0th_min.log
+exec 2>&1
+exec 1>$LOG
+printf "# %(%Y-%m-%d %T)T / %(%s)T / %(%a, %d %b %Y %T %z)T \n"
+exec /usr/sbin/forensics
diff --git a/forensics/forensicsd.service b/forensics/forensicsd.service
@@ -0,0 +1,3 @@
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/forensicsd
diff --git a/forensics/forensicsd.timer b/forensics/forensicsd.timer
@@ -0,0 +1,6 @@
+[Timer]
+OnCalendar=*-*-* *:0,10,20,30,40,50:0
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/install.sh b/install.sh
@@ -248,6 +248,10 @@ install_data misc_systemd_units/fix-lpp.service           "$DESTDIR$systemdunitd
 install_data misc_systemd_units/fix-uring.service         "$DESTDIR$systemdunitdir/fix-uring.service"
 install_exec misc_etc_files/mxq/gpu-policy                "$DESTIDIR$sysconfdir/mxq/gpu-policy"
 install_data misc_etc_files/os-release                    "$DESTDIR$sysconfdir/os-release"
+install_exec forensics/forensics                          "$DESTDIR$usr_sbindir/forensics"
+install_exec forensics/forensicsd                         "$DESTDIR$usr_sbindir/forensicsd"
+install_data forensics/forensicsd.service                 "$DESTDIR$systemdunitdir/forensicsd.service"
+install_data forensics/forensicsd.timer                   "$DESTDIR$systemdunitdir/forensicsd.timer"
 
 postinstall
 exit