Re: Monitor process who is eat my entropy

To: debian-user@lists.debian.org
Subject: Re: Monitor process who is eat my entropy
From: Andy Smith <andy@strugglers.net>
Date: Fri, 11 Jan 2019 20:41:00 +0000
Message-id: <[🔎] 20190111204100.GR4569@bitfolk.com>
In-reply-to: <[🔎] E1gi2Yl-0005BA-RB@enotuniq.net>
References: <[🔎] 7c18d146-981b-f285-c897-edcc2b9579be@unix-solution.de> <[🔎] E1gi2Yl-0005BA-RB@enotuniq.net>

Hello,

On Fri, Jan 11, 2019 at 10:33:39PM +0300, Reco wrote:
> On Fri, Jan 11, 2019 at 08:28:18PM +0100, basti wrote:
> > is there a way to monitor processes that access /dev/urandom
> 
> auditctl -w /dev/urandom -r
> 
> remove it with
> 
> auditctl -D

Note also that one should not really be concerned with reads from
urandom because this does not deplete the entropy pool, i.e. urandom
is inexhaustible.

/dev/random is the one which blocks, but I should think that reading
directly from either device is now deprecated in favour of system
calls, which are not going to open and read a device file. So
tracing that will not provide what is ultimately wanted, though it
does satisfy the letter of the request.

I think getrandom is supposed to be used these days:

    https://manpages.debian.org/stretch/manpages-dev/getrandom.2.en.html

So indeed as you suggest, a different kind of tracing like BPF will
be more appropriate. That's beyond me at that point, though.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

References:
- Monitor process who is eat my entropy
  - From: basti <mailinglist@unix-solution.de>
- Re: Monitor process who is eat my entropy
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: Monitor process who is eat my entropy
Next by Date: Setting a USB for multi usages
Previous by thread: Re: Monitor process who is eat my entropy
Next by thread: Re: Monitor process who is eat my entropy
Index(es):
- Date
- Thread