我正在努力寻找在尝试运行带有 -z 标志的 tcpdump 的 shell 脚本时哪里出错了。似乎没有很多/任何使用此标志的示例。在手册页中,他们强调使用 gzip 作为命令,这对我来说很好。这是 tcpdump 的 -z 的手册页:
-z postrotate-command
Used in conjunction with the -C or -G options, this will make tcpdump run " postrotate-command file " where file is the savefile being closed after each rotation. For example, specifying -z gzip or -z bzip2 will compress each savefile using gzip or bzip2.
Note that tcpdump will run the command in parallel to the capture, using the lowest priority so that this doesn't disturb the capture process.
And in case you would like to use a command that itself takes flags or different arguments, you can always write a shell script that will take the savefile name as the only argument, make the flags & arguments arrangements and execute the command that you want.
我现在的shell脚本非常基本......只是因为我试图找出我出错的地方:
test.sh - 这个文件是 777 以确保它不是权限问题
#!/bin/sh
cp $1 $1.BAK
第一次尝试:
tcpdump port 53 -i any -U -G 60 -z test.sh -Z root -w tcpdump_files/tcpdump_%M.pcap
...
compresss_savefile: execlp(test.sh, tcpdump_files/tcpdump_02.pcap) failed: No such file or directory.
好像我需要告诉 tcpdump 执行这个文件,所以:
tcpdump port 53 -i any -U -G 60 -z ./test.sh -Z root -w tcpdump_files/tcpdump_%M.pcap
...
compresss_savefile: execlp(./test.sh, tcpdump_files/tcpdump_02.pcap) failed: Permission denied.
也许完全限定脚本?没有..
tcpdump port 53 -i any -U -G 60 -z /home/me/test.sh -Z root -w tcpdump_files/tcpdump_%M.pcap
...
compresss_savefile: execlp(/home/me/test.sh, tcpdump_files/tcpdump_02.pcap) failed: Permission denied.
我很可能误解了该参数如何适用于 -z 标志和它在后台运行的 execlp。我也尝试过这样做-z '/bin/sh, test.sh'
但是这给出了没有这样的文件或目录错误。
找到了一个解决方案:tcpdump post script Permission denied
总结一下:
就我而言,我的盒子上没有apparmor。但是
sudo apt install apparmor-utils
按照上述步骤进行操作可以解决我的权限被拒绝问题。