Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
KIT-CERT
Linux-Forensic-Checklist
Commits
8900adbf
Commit
8900adbf
authored
Sep 23, 2015
by
Heiko Reese
Browse files
Turns out: this does not work at all :-)
parent
afed4406
Changes
1
Hide whitespace changes
Inline
Side-by-side
Linux-Forensics-Checklist.md
View file @
8900adbf
...
...
@@ -246,23 +246,10 @@ gdb -nh -batch -ex gcore -p ${PID}
```
We have not found a way to dump the cores directly into an unnamed pipe and out
into the net. There's a workaround using a named pipe, but you have to find
a good place to put it. We recommend using a tmpfs (either existing or create
a new one for this). As a bonus, this enables us to compress the coredump using
whatever compression software we have available:
```
sh
# change path accordingly
MYFIFO
=
.gcore.fifo
mkfifo
${
MYFIFO
}
# either run this command in the background (append &) or in another shell
cat
${
MYFIFO
}
|
[
gzip
|bzip2|xz|lzop]
-c
>
core.
${
PID
}
gdb
-nh
-batch
-ex
"gcore
${
MYFIFO
}
"
-p
${
PID
}
```
into the net. Using FIFOs does not work because gdb needs to seek within the
file while writing it. Using a tmpfs might fails because some coredumps can get
pretty big. There are nor widely available and stable compressing filesystems
available for linux.
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment