AUTRACE Linux Command
What is Linux autrace Command?
Explanation
autrace COMMAND:The autrace command is a program that will add the audit rules to trace a process similar to strace. This command is similar to strace. It will then execute the program passing arguments to it. The resulting audit information will be in the audit logs if the audit daemon is running or syslog. This command deletes all audit rules prior to executing the target program and after executing it. As a safety precaution, it will not run unless all rules are deleted with auditctl prior to use.
SYNTAX:
autrace program [-r] [program-args]...
OPTION:
Option
Description
-r
Limit syscalls collected to ones needed for analyzing resource
usage. This could help people doing threat modeling. This saves
space in logs.
EXAMPLE:
- The following illustrates a typical session:
autrace /bin/ls /tmpIt will print the output like below:
Waiting to execute: /bin/ls
config-err-dO0gXb orbit-hioxsoftwares unity_support_test.0
lost+found plugtmp
Cleaning up...
Trace complete. You can locate the records with 'ausearch -i -p 11410'
- and for resource usage mode:
autrace -r /bin/ls
Waiting to execute: /bin/ls
A.class Mainclass.class
ActionExample.class MainClass.class
ActionExample.java mainclass.java
ActionExample.java~ Mainclass.java
B.class nestedclass.class
bufferedreader.class nestedclass$Inner.class
CanonDirect.java new
CanonDirect.java~ node
C.class node_modules
configure.scan object
Desktop stringdemo.class
elasticsearch-1.4.2.deb stringdemo.java
foo.txt test
hierarchial_inheritance.java test.pl
Java_Applications xampp-linux-1.8.3-4-installer.run
Mainclass1.class
Cleaning up..
.
Trace complete. You can locate the records with 'ausearch -i -p 11414'
autrace program [-r] [program-args]...
OPTION:
Option
Description
-r
Limit syscalls collected to ones needed for analyzing resource
usage. This could help people doing threat modeling. This saves
space in logs.
EXAMPLE:
- The following illustrates a typical session:
autrace /bin/ls /tmpIt will print the output like below:
Waiting to execute: /bin/ls
config-err-dO0gXb orbit-hioxsoftwares unity_support_test.0
lost+found plugtmp
Cleaning up...
Trace complete. You can locate the records with 'ausearch -i -p 11410'
- and for resource usage mode:
autrace -r /bin/ls
Waiting to execute: /bin/ls
A.class Mainclass.class
ActionExample.class MainClass.class
ActionExample.java mainclass.java
ActionExample.java~ Mainclass.java
B.class nestedclass.class
bufferedreader.class nestedclass$Inner.class
CanonDirect.java new
CanonDirect.java~ node
C.class node_modules
configure.scan object
Desktop stringdemo.class
elasticsearch-1.4.2.deb stringdemo.java
foo.txt test
hierarchial_inheritance.java test.pl
Java_Applications xampp-linux-1.8.3-4-installer.run
Mainclass1.class
Cleaning up..
.
Trace complete. You can locate the records with 'ausearch -i -p 11414'
| Option | Description |
| -r | Limit syscalls collected to ones needed for analyzing resource usage. This could help people doing threat modeling. This saves space in logs. |
- The following illustrates a typical session:
autrace /bin/ls /tmpIt will print the output like below:Waiting to execute: /bin/ls
config-err-dO0gXb orbit-hioxsoftwares unity_support_test.0
lost+found plugtmp
Cleaning up...
Trace complete. You can locate the records with 'ausearch -i -p 11410' - and for resource usage mode:
autrace -r /bin/lsWaiting to execute: /bin/ls
A.class Mainclass.class
ActionExample.class MainClass.class
ActionExample.java mainclass.java
ActionExample.java~ Mainclass.java
B.class nestedclass.class
bufferedreader.class nestedclass$Inner.class
CanonDirect.java new
CanonDirect.java~ node
C.class node_modules
configure.scan object
Desktop stringdemo.class
elasticsearch-1.4.2.deb stringdemo.java
foo.txt test
hierarchial_inheritance.java test.pl
Java_Applications xampp-linux-1.8.3-4-installer.run
Mainclass1.class
Cleaning up..
. Trace complete. You can locate the records with 'ausearch -i -p 11414'
