我正在努力找出尝试使用 tcpdump 的 -z 标志运行 shell 脚本时出错的地方。似乎没有很多/任何使用此标志的示例。在手册页中,他们突出显示使用 gzip 作为命令,这对我来说效果很好。这是 tcpdump 的 -z 的手册页:
-z postrotate-command
Used in conjunction with the -C or -G options, this will make tcpdump run " postrotate-command file " where file is the savefile being closed after each rotation. For example, specifying -z gzip or -z bzip2 will compress each savefile using gzip or bzip2.
Note that tcpdump will run the command in parallel to the capture, using the lowest priority so that this doesn't disturb the capture process.
And in case you would like to use a command that itself takes flags or different arguments, you can always write a shell script that will take the savefile name as the only argument, make the flags & arguments arrangements and execute the command that you want.
我现在的 shell 脚本非常基本......只是因为我试图找出出错的地方:
test.sh - 该文件是 777 以确保它不是权限问题
#!/bin/sh
cp $1 $1.BAK
第一次尝试:
tcpdump port 53 -i any -U -G 60 -z test.sh -Z root -w tcpdump_files/tcpdump_%M.pcap
...
compresss_savefile: execlp(test.sh, tcpdump_files/tcpdump_02.pcap) failed: No such file or directory.
似乎我需要告诉 tcpdump 执行这个文件:
tcpdump port 53 -i any -U -G 60 -z ./test.sh -Z root -w tcpdump_files/tcpdump_%M.pcap
...
compresss_savefile: execlp(./test.sh, tcpdump_files/tcpdump_02.pcap) failed: Permission denied.
也许完全限定了脚本?没有..
tcpdump port 53 -i any -U -G 60 -z /home/me/test.sh -Z root -w tcpdump_files/tcpdump_%M.pcap
...
compresss_savefile: execlp(/home/me/test.sh, tcpdump_files/tcpdump_02.pcap) failed: Permission denied.
我很可能误解了 -z 标志的参数及其在后台运行的 execlp 的工作原理。我也尝试过这样做,-z '/bin/sh, test.sh'但这给出了 no such file or dir 错误。
答案1
找到了一个解决方案:tcpdump post 脚本权限被拒绝
总结一下:
#if this says enforce then change it to complain
grep tcpdump /sys/kernel/security/apparmor/profiles
#change to complain
aa-complain /usr/sbin/tcpdump
就我而言,我的盒子上没有apparmor。但是执行sudo apt install apparmor-utils并遵循上述步骤解决了我的权限被拒绝的问题。