-1

I'm having a hard time trying to word this correctly (partially why I can't get proper Google results) so I'll explain what I'm looking for.

A while back we stumbled across an issue at work where mount.cifs would freeze. When this happened, if we used ps -ef it would list the frozen process and we discovered that user+pass was being passed as plain text. The freezing issue has since been fixed so I can't replicate this particular behaviour.

I believe I have made it so that a password won't show up as plain text anymore but I can't freeze the process to view the the ps output and confirm. Is there a command/feature in Linux (we use Redhat) that would allow me to log ps -ef output for x amount of time so that I can go back and view the log to make sure that the password isn't being shown as plain text? I do have root access if absolutely necessary.

If answering, please keep in mind I'm fairly noobish to the world of Linux.

PurpleKoolAid
  • 45
  • 7
  • Have you tried looking around in the `/proc` filesystem, as root? – Paul Apr 13 '16 at 17:51
  • @Paul I didn't know about /proc - I'm there now but not sure what I should be looking for? – PurpleKoolAid Apr 13 '16 at 17:54
  • To search the command lines of all running processes for your password: maybe try `grep donuts /proc/[0-9]*/cmdline` but change `donuts` to your password. – Paul Apr 13 '16 at 17:56
  • @Paul I tried that but no dice. By any chance would that require the process to be currently running or would it have past process as well? The mount script executes faster than I am able to run another command to catch it – PurpleKoolAid Apr 13 '16 at 18:02
  • `/proc` is a data store about running processes. – Paul Apr 13 '16 at 18:03
  • `dmesg`, `syslog`, `ps`, `ps aux`, `/proc` for info on past errors, events and processes. Check out `/var/log/` as well. You can add a space before a command in shell to keep it from being saved in `history` (in case you're mounting that way). You can read credentials from a file when using `mount.cifs` via the option `credentials=filename`. Check `man mount.cifs`. Just a bunch of random suggestions/tips :) – jDo Apr 13 '16 at 18:04
  • It is possible to write scripts in your favorite language that poll /proc – Paul Apr 13 '16 at 18:06
  • @jDo thanks I'll check that out - past processes is really what I'm trying to figure out. I've looked into the credentials file option but unfortunately the way everything is setup here that wouldn't be our best solution. – PurpleKoolAid Apr 13 '16 at 18:10
  • @Paul yeah, I'm starting to think I may need to make a script to try and catch it, thanks a lot! – PurpleKoolAid Apr 13 '16 at 18:10

1 Answers1

1

Will executing ps -ef in a loop help you?

You can do watch -n 2 ps -ef . this will run ps -ef every 2 seconds and keep showing the output on your screen which should serve the purpose you are asking for in your question.

All the best!!

Kulvinder Singh
  • 307
  • 1
  • 4