1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
#! /bin/sh
run(){
echo "== $1 =="
sh -c "$@" || true
}
PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin
export PATH
exec 2>&1
if [ "`id -u`" -ne 0 ]; then
echo
echo WARNING: rerun $0 as root for fuller results.
echo
fi
nss_db_status () {
db_path="$1"
if [ ! -e "$db_path" ]; then
echo "NSS database path '$db_path' does not exist"
return
fi
run "ls '$db_path'"
dbm_files_found=0
sql_files_found=0
secmod_found=0
key3_found=0
cert8_found=0
pkcs11_found=0
key4_found=0
cert9_found=0
if [ -e "$db_path/secmod.db" ]; then
dbm_files_found=$((dbm_files_found + 1))
secmod_found=1
fi
if [ -e "$db_path/key3.db" ]; then
dbm_files_found=$((dbm_files_found + 1))
key3_found=1
fi
if [ -e "$db_path/cert8.db" ]; then
dbm_files_found=$((dbm_files_found + 1))
cert8_found=1
fi
if [ -e "$db_path/pkcs11.txt" ]; then
sql_files_found=$((sql_files_found + 1))
pkcs11_found=1
fi
if [ -e "$db_path/key4.db" ]; then
sql_files_found=$((sql_files_found + 1))
key4_found=1
fi
if [ -e "$db_path/cert9.db" ]; then
sql_files_found=$((sql_files_found + 1))
cert9_found=1
fi
if [ $dbm_files_found = 0 -a $sql_files_found = 0 ]; then
echo "No NSS database found at '$db_path'"
else
if [ $dbm_files_found = 3 ]; then
echo "dbm format NSS database found at '$db_path'"
elif [ $dbm_files_found != 0 ]; then
[ $secmod_found = 0 ] && echo "secmod.db is missing from dbm format NSS database at '$db_path'"
[ $key3_found = 0 ] && echo "key3.db is missing from dbm format NSS database at '$db_path'"
[ $cert8_found = 0 ] && echo "cert8.db is missing from dbm format NSS database at '$db_path'"
fi
if [ $sql_files_found = 3 ]; then
echo "sql format NSS database found at '$db_path'"
elif [ $sql_files_found != 0 ]; then
[ $pkcs11_found = 0 ] && echo "pkcs11.txt is missing from sql format NSS database at '$db_path'"
[ $key4_found = 0 ] && echo "key4.db is missing from sql format NSS database at '$db_path'"
[ $cert9_found = 0 ] && echo "cert9.db is missing from sql format NSS database at '$db_path'"
fi
fi
}
run "id"
run "stap -V"
run "which stap"
run "cat $HOME/.systemtap/rc"
run "which stap-server"
run "locate --regex '/stap(run|io|dyn)?$' | xargs ls -ald"
run "printenv | grep -E '^PATH=|^LD_LIBRARY_PATH=|^SYSTEMTAP_.*=|^XDG_DATA.*=|^NSS.*='"
run "stap -vv --vp 0002 --poison-cache -p4 -e 'probe begin {exit()}'"
run "gcc -v"
run "java -version"
run "uname -a"
run "dmesg | fgrep 'Linux version'"
run "dmesg | grep -E 'stap|systemtap' | tail -n 10"
run "hostname"
run "nslookup `hostname`"
run "cat /etc/hosts"
run "cat /var/log/stap-server/log"
run "cat /proc/cpuinfo | grep -E 'processor|vendor_id|model name|flags|bugs'"
run "cat /sys/kernel/security/lockdown"
if [ -x /usr/bin/dpkg ]; then
# debian/ubuntu
run "dpkg --list | grep -E 'systemtap|elfutils|kernel|linux|gcc|dyninst|java|byteman|avahi|nss|nspr|dejagnu|libdw' | awk '{print \$2,\$3}' | sort"
elif [ -x /usr/bin/rpm -o -x /bin/rpm ]; then
# fedora/rhel/suse/...
run "rpm -qa --qf '%{name}-%{version} %{release}.%{arch}\\t%{buildtime:date}@%{buildhost}\\n' | grep -E 'systemtap|elfutils|kernel|gcc|dyninst|java|byteman|avahi|nss|nspr|dejagnu|libdw' | sort"
elif [ -f /var/log/packages ]; then
# slackware
run "cat /var/log/packages | grep -E 'systemtap|elfutils|kernel|gcc|dyninst|java|byteman|avahi|nss|nspr|dejagnu' | sort -k9"
fi
run "egrep 'PROBE|RANDOMIZE|RELOC|TRACE|MARKER|KALLSYM|_DEBUG_|LOCKDEP|LOCKING|MODULE|FENTRY|_SIG|BPF' /lib/modules/`uname -r`/build/.config | grep -v not.set | sort | fmt -w 80"
run "find /debugfs /proc/sys /sys/kernel /dev -type f -path '*kprobe*' -o -path '*yama*' 2>/dev/null | xargs grep -H ."
run "lsmod"
run "avahi-browse -r -t _stap._tcp"
run "ifconfig -a"
run "ps awux | grep stap"
for dir in /boot /usr/lib/debug/lib/modules/`uname -r` /lib/modules/`uname -r`/build
do
for file in $dir/vmlinuz-`uname -r` $dir/vmlinuz $dir/vmlinux-`uname -r` $dir/vmlinux `locate -r '/vmlinu[xz]' 2>/dev/null`
do
if [ -f $file ]; then
if grep -q ELF $file; then
echo $file
run "(eu-readelf -n $file 2>/dev/null || readelf -n $file 2>/dev/null) | grep Build"
fi
fi
done
done
locate vmlinux.id 2>/dev/null | while read file
do
run "cat $file"
done
run "hexdump -C /sys/kernel/notes"
for file in /sys/module/*/notes/.*build*
do
run "hexdump -C $file"
done
if [ -x /usr/bin/seinfo ]; then
run "seinfo"
fi
if [ -x /usr/sbin/getenforce ]; then
run "getenforce"
fi
if [ -x /usr/sbin/aa-status ]; then
run "aa-status"
fi
echo "== NSS =="
if [ -n "$SYSTEMTAP_DIR" ]; then
nss_db_status "$SYSTEMTAP_DIR/ssl/client"
nss_db_status "$SYSTEMTAP_DIR/ssl/server"
fi
nss_db_status ~/.systemtap/ssl/client
nss_db_status ~/.systemtap/ssl/server
nss_db_status /etc/systemtap/ssl/server
nss_db_status /etc/systemtap/staprun
|
