← 返回命令列表

Linux command

extrace 命令

安全

权限或系统影响较大,执行前请核对目标。

常用示例

Example

sudo extrace

Example

sudo extrace [command]

Example

sudo extrace -d

Example

sudo extrace -l

Example

sudo extrace -u

说明

extrace traces exec() system calls system-wide to monitor program execution on Linux. It captures every time a program is executed, displaying the command line, process hierarchy, and optionally the user, working directory, and environment variables. Unlike strace which traces individual processes, extrace monitors all execution activity on the system or within a specific process tree. It's particularly useful for security auditing to detect suspicious process execution, debugging complex scripts that spawn multiple subprocesses, and understanding system behavior during package installations or automated tasks. The tool uses Linux kernel tracing facilities (ftrace or similar) to capture exec calls with minimal overhead compared to attaching a debugger to each process.

参数

-d
Print working directory
-l
Resolve full executable path
-u
Display user running process
-e
Print environment variables
-p _pid_
Trace only specific PID tree

FAQ

What is the extrace command used for?

extrace traces exec() system calls system-wide to monitor program execution on Linux. It captures every time a program is executed, displaying the command line, process hierarchy, and optionally the user, working directory, and environment variables. Unlike strace which traces individual processes, extrace monitors all execution activity on the system or within a specific process tree. It's particularly useful for security auditing to detect suspicious process execution, debugging complex scripts that spawn multiple subprocesses, and understanding system behavior during package installations or automated tasks. The tool uses Linux kernel tracing facilities (ftrace or similar) to capture exec calls with minimal overhead compared to attaching a debugger to each process.

How do I run a basic extrace example?

Run `sudo extrace` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -d do in extrace?

Print working directory