grepory/gist:82de1557a0a65788cc9398c09433d8e9

## gistfile1.txt
vagrant@vagrant:~$ sudo /usr/share/bcc/tools/execsnoop
PCOMM            PID    PPID   RET ARGS
sshd             2196   893      0 /usr/sbin/sshd -D -R
sh               2198   2196     0
env              2199   2198     0 /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d
run-parts        2199   2198     0 /bin/run-parts --lsbsysinit /etc/update-motd.d
00-header        2200   2199     0 /etc/update-motd.d/00-header
uname            2201   2200     0 /bin/uname -o
uname            2202   2200     0 /bin/uname -r
uname            2203   2200     0 /bin/uname -m
10-help-text     2204   2199     0 /etc/update-motd.d/10-help-text
50-landscape-sy  2205   2199     0 /etc/update-motd.d/50-landscape-sysinfo
grep             2206   2205     0 /bin/grep -c ^processor /proc/cpuinfo
bc               2209   2207     0 /usr/bin/bc
date             2211   2205     0 /bin/date
landscape-sysin  2212   2205     0 /usr/bin/landscape-sysinfo
ldconfig         2213   2212     0 /sbin/ldconfig -p
ldconfig.real    2213   2212     0 /sbin/ldconfig.real -p
ldconfig         2214   2212     0 /sbin/ldconfig -p
ldconfig.real    2214   2212     0 /sbin/ldconfig.real -p
who              2216   2212     0 /usr/bin/who -q
50-motd-news     2217   2199     0 /etc/update-motd.d/50-motd-news
cut              2221   2217     0 /usr/bin/cut -c -80
tr               2220   2217     0 /usr/bin/tr -d \000-\011\013\014\016-\037
80-esm           2222   2199     0 /etc/update-motd.d/80-esm
lsb_release      2223   2222     0 /usr/bin/lsb_release -cs
lsb_release      2224   2222     0 /usr/bin/lsb_release -ds
80-livepatch     2225   2199     0 /etc/update-motd.d/80-livepatch
90-updates-avai  2226   2199     0 /etc/update-motd.d/90-updates-available
cat              2227   2226     0 /bin/cat /var/lib/update-notifier/updates-available
91-release-upgr  2228   2199     0 /etc/update-motd.d/91-release-upgrade
cut              2231   2229     0 /usr/bin/cut -d  -f4
lsb_release      2230   2229     0 /usr/bin/lsb_release -sd
release-upgrade  2228   2199     0 /usr/lib/ubuntu-release-upgrader/release-upgrade-motd
date             2232   2228     0 /bin/date +%s
stat             2233   2228     0 /usr/bin/stat -c %Y /var/lib/ubuntu-release-upgrader/release-upgrade-available
expr             2234   2228     0 /usr/bin/expr 1550074970 + 86400
95-hwe-eol       2235   2199     0 /etc/update-motd.d/95-hwe-eol
update-motd-hwe  2235   2199     0 /usr/lib/update-notifier/update-motd-hwe-eol
apt-config       2236   2235     0 /usr/bin/apt-config shell StateDir Dir::State
dpkg             2237   2236     0 /usr/bin/dpkg --print-foreign-architectures
apt-config       2238   2235     0 /usr/bin/apt-config shell ListDir Dir::State::Lists
dpkg             2239   2238     0 /usr/bin/dpkg --print-foreign-architectures
apt-config       2240   2235     0 /usr/bin/apt-config shell DpkgStatus Dir::State::status
dpkg             2241   2240     0 /usr/bin/dpkg --print-foreign-architectures
apt-config       2242   2235     0 /usr/bin/apt-config shell EtcDir Dir::Etc
dpkg             2243   2242     0 /usr/bin/dpkg --print-foreign-architectures
apt-config       2244   2235     0 /usr/bin/apt-config shell SourceList Dir::Etc::sourcelist
dpkg             2245   2244     0 /usr/bin/dpkg --print-foreign-architectures
find             2246   2235     0 /usr/bin/find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/hwe-eol -print -quit
dirname          2248   2247     0 /usr/bin/dirname /var/lib/update-notifier/hwe-eol
mktemp           2247   2235     0 /bin/mktemp -p /var/lib/update-notifier
hwe-support-sta  2249   2235     0 /usr/bin/hwe-support-status
lsb_release      2250   2249     0 /usr/bin/lsb_release -c -s
dpkg             2251   2249     0 /usr/bin/dpkg --print-foreign-architectures
mv               2252   2235     0 /bin/mv /var/lib/update-notifier/tmp.JO4zpv1P0o /var/lib/update-notifier/hwe-eol
cat              2253   2235     0 /bin/cat /var/lib/update-notifier/hwe-eol
rm               2254   2235     0 /bin/rm -f /var/lib/update-notifier/tmp.JO4zpv1P0o
97-overlayroot   2255   2199     0 /etc/update-motd.d/97-overlayroot
sort             2258   2256     0 /usr/bin/sort -r
grep             2257   2256     0 /bin/grep -E overlayroot|/media/root-ro|/media/root-rw /proc/mounts
98-fsck-at-rebo  2259   2199     0 /etc/update-motd.d/98-fsck-at-reboot
update-motd-fsc  2259   2199     0 /usr/lib/update-notifier/update-motd-fsck-at-reboot
stat             2260   2259     0 /usr/bin/stat -c %Y /var/lib/update-notifier/fsck-at-reboot
awk              2262   2261     0 /usr/bin/awk {print $1} /proc/uptime
date             2261   2259     0 /bin/date -d now - 653.99 seconds +%s
date             2263   2259     0 /bin/date +%s
cat              2264   2259     0 /bin/cat /var/lib/update-notifier/fsck-at-reboot
98-reboot-requi  2265   2199     0 /etc/update-motd.d/98-reboot-required
update-motd-reb  2265   2199     0 /usr/lib/update-notifier/update-motd-reboot-required
bash             2267   2266     0 /bin/bash
locale-check     2269   2268     0 /usr/bin/locale-check C.UTF-8
lesspipe         2271   2270     0 /usr/bin/lesspipe
basename         2272   2271     0 /usr/bin/basename /usr/bin/lesspipe
dirname          2274   2273     0 /usr/bin/dirname /usr/bin/lesspipe
dircolors        2276   2275     0 /usr/bin/dircolors -b
	vagrant@vagrant:~$ sudo /usr/share/bcc/tools/execsnoop
	PCOMM PID PPID RET ARGS
	sshd 2196 893 0 /usr/sbin/sshd -D -R
	sh 2198 2196 0
	env 2199 2198 0 /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d
	run-parts 2199 2198 0 /bin/run-parts --lsbsysinit /etc/update-motd.d
	00-header 2200 2199 0 /etc/update-motd.d/00-header
	uname 2201 2200 0 /bin/uname -o
	uname 2202 2200 0 /bin/uname -r
	uname 2203 2200 0 /bin/uname -m
	10-help-text 2204 2199 0 /etc/update-motd.d/10-help-text
	50-landscape-sy 2205 2199 0 /etc/update-motd.d/50-landscape-sysinfo
	grep 2206 2205 0 /bin/grep -c ^processor /proc/cpuinfo
	bc 2209 2207 0 /usr/bin/bc
	date 2211 2205 0 /bin/date
	landscape-sysin 2212 2205 0 /usr/bin/landscape-sysinfo
	ldconfig 2213 2212 0 /sbin/ldconfig -p
	ldconfig.real 2213 2212 0 /sbin/ldconfig.real -p
	ldconfig 2214 2212 0 /sbin/ldconfig -p
	ldconfig.real 2214 2212 0 /sbin/ldconfig.real -p
	who 2216 2212 0 /usr/bin/who -q
	50-motd-news 2217 2199 0 /etc/update-motd.d/50-motd-news
	cut 2221 2217 0 /usr/bin/cut -c -80
	tr 2220 2217 0 /usr/bin/tr -d \000-\011\013\014\016-\037
	80-esm 2222 2199 0 /etc/update-motd.d/80-esm
	lsb_release 2223 2222 0 /usr/bin/lsb_release -cs
	lsb_release 2224 2222 0 /usr/bin/lsb_release -ds
	80-livepatch 2225 2199 0 /etc/update-motd.d/80-livepatch
	90-updates-avai 2226 2199 0 /etc/update-motd.d/90-updates-available
	cat 2227 2226 0 /bin/cat /var/lib/update-notifier/updates-available
	91-release-upgr 2228 2199 0 /etc/update-motd.d/91-release-upgrade
	cut 2231 2229 0 /usr/bin/cut -d -f4
	lsb_release 2230 2229 0 /usr/bin/lsb_release -sd
	release-upgrade 2228 2199 0 /usr/lib/ubuntu-release-upgrader/release-upgrade-motd
	date 2232 2228 0 /bin/date +%s
	stat 2233 2228 0 /usr/bin/stat -c %Y /var/lib/ubuntu-release-upgrader/release-upgrade-available
	expr 2234 2228 0 /usr/bin/expr 1550074970 + 86400
	95-hwe-eol 2235 2199 0 /etc/update-motd.d/95-hwe-eol
	update-motd-hwe 2235 2199 0 /usr/lib/update-notifier/update-motd-hwe-eol
	apt-config 2236 2235 0 /usr/bin/apt-config shell StateDir Dir::State
	dpkg 2237 2236 0 /usr/bin/dpkg --print-foreign-architectures
	apt-config 2238 2235 0 /usr/bin/apt-config shell ListDir Dir::State::Lists
	dpkg 2239 2238 0 /usr/bin/dpkg --print-foreign-architectures
	apt-config 2240 2235 0 /usr/bin/apt-config shell DpkgStatus Dir::State::status
	dpkg 2241 2240 0 /usr/bin/dpkg --print-foreign-architectures
	apt-config 2242 2235 0 /usr/bin/apt-config shell EtcDir Dir::Etc
	dpkg 2243 2242 0 /usr/bin/dpkg --print-foreign-architectures
	apt-config 2244 2235 0 /usr/bin/apt-config shell SourceList Dir::Etc::sourcelist
	dpkg 2245 2244 0 /usr/bin/dpkg --print-foreign-architectures
	find 2246 2235 0 /usr/bin/find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/hwe-eol -print -quit
	dirname 2248 2247 0 /usr/bin/dirname /var/lib/update-notifier/hwe-eol
	mktemp 2247 2235 0 /bin/mktemp -p /var/lib/update-notifier
	hwe-support-sta 2249 2235 0 /usr/bin/hwe-support-status
	lsb_release 2250 2249 0 /usr/bin/lsb_release -c -s
	dpkg 2251 2249 0 /usr/bin/dpkg --print-foreign-architectures
	mv 2252 2235 0 /bin/mv /var/lib/update-notifier/tmp.JO4zpv1P0o /var/lib/update-notifier/hwe-eol
	cat 2253 2235 0 /bin/cat /var/lib/update-notifier/hwe-eol
	rm 2254 2235 0 /bin/rm -f /var/lib/update-notifier/tmp.JO4zpv1P0o
	97-overlayroot 2255 2199 0 /etc/update-motd.d/97-overlayroot
	sort 2258 2256 0 /usr/bin/sort -r
	grep 2257 2256 0 /bin/grep -E overlayroot\|/media/root-ro\|/media/root-rw /proc/mounts
	98-fsck-at-rebo 2259 2199 0 /etc/update-motd.d/98-fsck-at-reboot
	update-motd-fsc 2259 2199 0 /usr/lib/update-notifier/update-motd-fsck-at-reboot
	stat 2260 2259 0 /usr/bin/stat -c %Y /var/lib/update-notifier/fsck-at-reboot
	awk 2262 2261 0 /usr/bin/awk {print $1} /proc/uptime
	date 2261 2259 0 /bin/date -d now - 653.99 seconds +%s
	date 2263 2259 0 /bin/date +%s
	cat 2264 2259 0 /bin/cat /var/lib/update-notifier/fsck-at-reboot
	98-reboot-requi 2265 2199 0 /etc/update-motd.d/98-reboot-required
	update-motd-reb 2265 2199 0 /usr/lib/update-notifier/update-motd-reboot-required
	bash 2267 2266 0 /bin/bash
	locale-check 2269 2268 0 /usr/bin/locale-check C.UTF-8
	lesspipe 2271 2270 0 /usr/bin/lesspipe
	basename 2272 2271 0 /usr/bin/basename /usr/bin/lesspipe
	dirname 2274 2273 0 /usr/bin/dirname /usr/bin/lesspipe
	dircolors 2276 2275 0 /usr/bin/dircolors -b