1 Demonstrations of bashreadline, the Linux eBPF/bcc version. 2 3 4 This prints bash commands from all running bash shells on the system. For 5 example: 6 7 # ./bashreadline 8 TIME PID COMMAND 9 05:28:25 21176 ls -l 10 05:28:28 21176 date 11 05:28:35 21176 echo hello world 12 05:28:43 21176 foo this command failed 13 05:28:45 21176 df -h 14 05:29:04 3059 echo another shell 15 05:29:13 21176 echo first shell again 16 17 The entered command may fail. This is just showing what command lines were 18 entered interactively for bash to process. 19 20 It works by tracing the return of the readline() function using uprobes 21 (specifically a uretprobe). 22
