diff --git a/pages/linux/getfattr.md b/pages/linux/getfattr.md new file mode 100644 index 0000000000..e5fc312228 --- /dev/null +++ b/pages/linux/getfattr.md @@ -0,0 +1,12 @@ +# getfattr + +> Display file names and extended attributes. +> More information: . + +- Retrieve all extended attributes of a file and display them in a detailed format: + +`getfattr -d {{path/to/file}}` + +- Get a specific attribute of a file: + +`getfattr -n user.{{attribute_name}} {{path/to/file}}` diff --git a/pages/linux/setfattr.md b/pages/linux/setfattr.md new file mode 100644 index 0000000000..e9581df120 --- /dev/null +++ b/pages/linux/setfattr.md @@ -0,0 +1,16 @@ +# setfattr + +> Set extended file attributes. +> More information: . + +- Set name of attribute for file: + +`setfattr -n user.{{attribute_name}} {{path/to/file}}` + +- Set a user-defined value of an extended attribute on a file: + +`setfattr -n user.{{attribute_name}} -v "{{value}}" {{path/to/file}}` + +- Remove a specific attribute of a file: + +`setfattr -x user.{{attribute_name}} {{path/to/file}}` diff --git a/pages/linux/sysdig.md b/pages/linux/sysdig.md new file mode 100644 index 0000000000..8607f8c212 --- /dev/null +++ b/pages/linux/sysdig.md @@ -0,0 +1,33 @@ +# sysdig + +> System troubleshooting, analysis and exploration. +> Capture, filter and store systemcalls. +> More information: . + +- Capture all the events from the live system and print them to screen: + +`sysdig` + +- Capture all the events from the live system and save them to disk: + +`sysdig -w {{path/to/file}}.scap` + +- Read events from a file and print them to screen: + +`sysdig -r {{path/to/file}}.scap` + +- Filter and Print all the open system calls invoked by cat: + +`sysdig proc.name=cat and evt.type=open` + +- Register any found plugin and use dummy as input source passing to it open params: + +`sysdig -I dummy:'{{parameter}}'` + +- List the available chisels: + +`sysdig -cl` + +- Use the spy_ip chisel to look at the data exchanged with ip address: + +`sysdig -c spy_ip {{ip_address}}`