Differences between version 14 and predecessor to the previous major change of PerlOneLiners.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 14 | Last edited on Friday, April 9, 2004 10:44:06 am | by AristotlePagaltzis | Revert |
| Older page: | version 13 | Last edited on Thursday, April 8, 2004 5:11:21 pm | by JohnMcPherson | Revert |
@@ -29,13 +29,14 @@
You can use any punctuation as the separator in an __s///__ command, and if you have backslashes or even need literal slashes in your pattern then doing this can increase clarity.
!! List all currently running processes
- perl -pe 'BEGIN {undef$/;chdir"/proc";@ARGV=sort{$a<=>$b}glob("*/cmdline")}
- $ARGV=~/(\d+)/;print "$1\t";s@\0@ @g;$_.="\n";'
-This prints the process ID and command line of every running process on the system (except some "special" kernel processes that lie about/don't have command lines). You might want such a command if you suspect a rootkit or something similar has been installed, and you can't trust your "ps" binary
.
+This is useful if you suspect that ps(1) is not reliable, whether due to a RootKit or some other cause. It
prints the process ID and command line of every running process on the system (except some "special" kernel processes that lie about/don't have command lines).
-Basically, this runs
a loop over all
the files in
/proc/*/cmdline, printing the content of those
files (after printing the leading digits in the filename
, and replacing null characters
with a space). "$/" is a special variable used for the end-
of-line marker, and it
needs to be unset so that even
the empty/unreadable files still cause
the loop to print out the filename. The
__-p__ switch for perl means do the loop
, using
the input of
the rest of
the arguments (assumed to be filenames). We cheat and manually assign @ARGV
in the BEGIN{..} block
. Also
, we need to tell sort to use
a numeric comparison (<=>) instead
of the default string comparison
.
+ perl -0777 -pe 'BEGIN { chdir "/proc"; @ARGV = sort { $
a <=> $b } glob("*/cmdline") }
+ $ARGV =~ m!^(\d+)/!; print "$1\t"; s/\/ /g; $_ .= "\n";'
+
+It runs an implicit
loop over the __
/proc/*/cmdline__
files, by priming __@ARGV__
with a list
of files sorted numerically (which
needs to be done explicitly using __<=>__ --
the default sort is ASCIIbetical) and then employing
the __-p__ switch. __-0777__ forces files to be slurped wholesale. Per file
, the digits that lead
the filename are printed, followed by a tab. Since a null separates
the arguments in these files, all of them are replaced by spaces to make
the output printable
. Finally
, a newline is appended. The print call implicit in the __-p__ switch then takes care
of outputting
the massaged command line
.
----
AddToMe
