1Demonstrations of bashreadline, the Linux eBPF/bcc version. 2 3 4This prints bash commands from all running bash shells on the system. For 5example: 6 7# ./bashreadline 8TIME PID COMMAND 905:28:25 21176 ls -l 1005:28:28 21176 date 1105:28:35 21176 echo hello world 1205:28:43 21176 foo this command failed 1305:28:45 21176 df -h 1405:29:04 3059 echo another shell 1505:29:13 21176 echo first shell again 16 17The entered command may fail. This is just showing what command lines were 18entered interactively for bash to process. 19 20It works by tracing the return of the readline() function using uprobes 21(specifically a uretprobe). 22