Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

stap-authorize-signing-cert(8) [suse man page]

STAP-AUTHORIZE-SIGNING-CERT(8)				      System Manager's Manual				    STAP-AUTHORIZE-SIGNING-CERT(8)

NAME

       stap-authorize-signing-cert - systemtap signing authorization utility

SYNOPSIS

       stap-authorize-signing-cert CERTFILE [ DIRNAME ]

DESCRIPTION

       The  staprun program will load modules for members of the group stapusr if they are signed by a trusted signer. A trusted signer is usually
       a systemtap compile server which signs modules when the client (stap-client) specifies the --unprivileged option.

       The trustworthiness of a given signer can not be determined automatically without a trusted certificate authority issuing systemtap signing
       certificates.  This is not practical in everyday use and so, staprun must authenticate servers against its own database of trusted signers.
       In this context, establishing a given signer as trusted means adding that signer's certificate to staprun's database of trusted signers.

       The stap-authorize-signing-cert program adds the given signing certificate to the given certificate database, making that signer a  trusted
       server for staprun when using that database.

ARGUMENTS

       The stap-authorize-signing-cert program accepts two arguments:

       CERTFILE
	      This  is the name of the file containing the certificate of the new trusted signer.  For systemtap compile servers, this is the file
	      named stap.cert which can be found in the server's certificate database.	On the server host, for servers started by the stap-server
	      service,	this  database can be found in /var/lib/stap-server/.systemtap/ssl/server/.  For servers run by other non-root users, this
	      database can be found in $HOME/.systemtap/ssl/server/.  For root users (EUID=0), it can be found in /etc/systemtap/ssl/server.

       DIRNAME
	      This optional argument is the name of the directory containing the certificate database to which the certificate is to be added.	If
	      not  specified,  the default is /etc/systemtap/staprun/.	That is, the default result is that all users on the local host will trust
	      this signer. Note that this default directory is only writable by root.

SAFETY AND SECURITY

       Systemtap is an administrative tool.  It exposes kernel internal data structures and potentially private user information.  See the stap(1)
       manual page for additional information on safety and security.

       Systemtap  uses	Network  Security  Services (NSS) for module signing and verification. The NSS tool certutil is used for the generation of
       certificates. The related certificate databases must be protected in order to maintain the security of the system.  Use	of  the  utilities
       provided  will  help to ensure that the proper protection is maintained. staprun will check for proper access permissions before making use
       of any certificate database.

FILES

       /etc/systemtap/staprun/
	      staprun's trusted signer certificate database.

       /var/lib/stap-server/.systemtap/ssl/server/stap.cert
	      Signing certificate for servers started by the stap-server service.

SEE ALSO

       stap(1), staprun(8), stap-server(8), stap-client(8), NSS, certutil

BUGS

       Use the Bugzilla link of the project web page or our mailing list.  http://sources.redhat.com/systemtap/, <systemtap@sources.redhat.com>.

Red Hat 							    2010-07-05					    STAP-AUTHORIZE-SIGNING-CERT(8)

Check Out this Related Man Page

STAP-MERGE(1)						      General Commands Manual						     STAP-MERGE(1)

NAME

       stap-merge - systemtap per-cpu binary merger

SYNOPSIS

       stap-merge [ OPTIONS ] [ INPUT FILENAMES ]

DESCRIPTION

       The stap-merge executable applies when the -b option has been used while running a stap script.	The -b option will generate files per-cpu,
       based on the timestamp field. Then stap-merge will merge and sort through the per-cpu files based on the timestamp field.

OPTIONS

       The systemtap merge executable supports the following options.

       -v     Verbose mode, displays three extra fields per set of collected data.
	      [cpunumber,sequencenumberofdata,thelengthofthedataset]

       -o OUTPUT_FILENAME

	      Specify the name of the file you would like the output to be redirected into.  If this option is not specified than the output  will
	      be pushed to standard out.

EXAMPLES

	      $ stap -v -b -e 'probe syscall.open { printf("%s(%d) open
",
	      execname(), pid()) }'

       This should result in several stpd_cpu files (each labled with a number representing which cpu the file was produced from).

	      $ stap-merge -v stpd_cpu0 stpd_cpu1

       Running the stap-merge program in the same directory as the stap script earlier in the example, will produce an ordered sequence of packets
       with the three part label for each set of data.	This result will be pushed through the standard output.  An output file  could	have  been
       specified using the "-o" option.

FILES

       Important files and their corresponding paths can be located in the
	      stappaths(7) manual page.

SEE ALSO

       stapprobes(3stap), stapfuncs(3stap), stappaths(7), staprun(8), stapvars(3stap), stapex(3stap), stap-server(8), gdb(1)

BUGS

       Use the Bugzilla link of the project web page or our mailing list.  http://sourceware.org/systemtap/,<systemtap@sourceware.org>.

																     STAP-MERGE(1)
Man Page