Web lists-archives.com

Re: Monitor process who is eat my entropy




Hello,

On Fri, Jan 11, 2019 at 10:33:39PM +0300, Reco wrote:
> On Fri, Jan 11, 2019 at 08:28:18PM +0100, basti wrote:
> > is there a way to monitor processes that access /dev/urandom
> 
> auditctl -w /dev/urandom -r
> 
> remove it with
> 
> auditctl -D

Note also that one should not really be concerned with reads from
urandom because this does not deplete the entropy pool, i.e. urandom
is inexhaustible.

/dev/random is the one which blocks, but I should think that reading
directly from either device is now deprecated in favour of system
calls, which are not going to open and read a device file. So
tracing that will not provide what is ultimately wanted, though it
does satisfy the letter of the request.

I think getrandom is supposed to be used these days:

    https://manpages.debian.org/stretch/manpages-dev/getrandom.2.en.html

So indeed as you suggest, a different kind of tracing like BPF will
be more appropriate. That's beyond me at that point, though.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting