[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] [PATCH 0/3] Enhancements to virt-ls



virt-ls has felt a little unloved for a long time.  With this patch
series, it turns into quite a useful tool for doing forensics and
monitoring of VMs, and looking for changes to files.

I have added the 'virt-ls -lR' output mode (the combination of -l and -R
was previously unused).  In this mode you get a recursive list of
files and directories, with extra stat information and optionally a
file checksum.

The output is designed to be easily grepped to look for common
patterns.  For example, to display all setuid and setgid executables
in a virtual machine you can do:

  # virt-ls -lR -d guest / | grep '^- [42]'
  - 4755      12544 /bin/cgexec -
  - 4755      32448 /bin/fusermount -
  - 4755      78648 /bin/mount -
  - 4755      43160 /bin/ping -
  - 4755      47888 /bin/ping6 -
  - 4755      34904 /bin/su -
  - 4755      50432 /bin/umount -
  [etc]

To display all public writable directories:

  # virt-ls -lR -d guest / | grep '^d ...7'
  d 1777      12288 /tmp -
  d 1777       4096 /tmp/.ICE-unix -
  d 1777       4096 /tmp/.X11-unix -
  d 1777       4096 /var/tmp -

To display files larger than 10MB in home directories:

  # virt-ls -lR -d myguest /home | awk '$3 > 10*1024*1024'

You can also use this to look for file changes, eg. between a snapshot
and a later version of a VM:

  # virt-ls -lR -a snapshot.img / --uids --time-t --checksum > old
  # virt-ls -lR -a current.img / --uids --time-t --checksum > new
  # diff -u old new | less

There is also a --csv option for serious work.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]