BPF
BPFtrace
Get all ran bash command
bpftrace -e 'uretprobe:/bin/bash:readline { time("%H:%M:%S ");
printf("%-6d %s %5d (%s) -", pid, str(retval), uid, username);
cat("/proc/%d/environ", pid) ; printf("\n")}'
Get all ran bash command
bpftrace -e 'uretprobe:/bin/bash:readline { time("%H:%M:%S ");
printf("%-6d %s %5d (%s) -", pid, str(retval), uid, username);
cat("/proc/%d/environ", pid) ; printf("\n")}'