A serious Linux introspection command center for operators, engineers, and incident work.
Trace commands, ports, process trees, file holders, service evidence, and host readiness from one disciplined terminal interface.
Zejtron is a Linux-first command center for terminal introspection. It consolidates functionality from pidnest and Zenlixem into one binary with one release flow.
| Origin | Zejtron command |
|---|---|
| pidnest | zejtron proc |
Zenlixem whoholds |
zejtron holds |
Zenlixem lasttouch |
zejtron touch |
Zenlixem whyopen |
zejtron why |
Zenlixem doctor |
zejtron net |
Zenlixem envpath |
covered by zejtron path |
paru -S zejtron-bin
yay -S zejtron-binTAG=v5.0.0
curl -LO "https://github.com/oxyzenQ/zejtron/releases/download/${TAG}/zejtron-bin-${TAG}-linux-x86_64.tar.gz"
curl -LO "https://github.com/oxyzenQ/zejtron/releases/download/${TAG}/zejtron-bin-${TAG}-linux-x86_64.tar.gz.sha512"
sha512sum --check "zejtron-bin-${TAG}-linux-x86_64.tar.gz.sha512"
tar -xzf "zejtron-bin-${TAG}-linux-x86_64.tar.gz"
sudo install -Dm755 zejtron /usr/local/bin/zejtronFor aarch64 Linux, use zejtron-bin-${TAG}-linux-aarch64.tar.gz.
git clone https://github.com/oxyzenQ/zejtron
cd zejtron
cargo install --path .| Command | Purpose |
|---|---|
path |
Trace command origin |
recent |
Show recently modified files |
port |
Inspect ports and process owners |
proc |
Inspect process trees by user or UID |
holds |
Show processes holding a file, device, or port |
touch |
Inspect last modification evidence for a path |
why |
Explain visible evidence for a path or port |
env |
Snapshot and diff environment variables |
service |
Inspect systemd services |
shell |
Inspect current shell context |
net |
Inspect network interfaces and routing |
git |
Inspect git repository context |
doctor |
Check Zejtron system capability/readiness |
zejtron path sh
zejtron port --tcp --group
zejtron proc --me --depth 1
zejtron holds 53
sudo zejtron holds 53
zejtron touch /etc/resolv.conf
zejtron why /etc/resolv.conf
zejtron doctor
zejtron -V
zejtron --check-update-V and --version print complete version, build, license, and source
metadata. --check-update checks the latest upstream GitHub release; the
--check-updated alias is accepted too.
Zejtron is Linux-first and expects procfs at /proc. Most commands work without systemd: path, recent, port, env, proc, holds, touch, why, and doctor.
service requires systemd and systemctl. touch and why can use filesystem metadata on supported Linux systems, while journal evidence depends on journalctl and systemd journal availability. holds, port, and proc may show more complete details with sudo on hardened systems. net reads from sysfs and procfs without external commands. git requires the git binary and only invokes read-only subcommands.
Zejtron is read-only by design. It does not kill processes, close ports, start or stop services, or modify files. zejtron touch inspects file evidence; it is not shell touch and does not create files or change timestamps.
Trace where a command comes from by scanning PATH, showing all matches, the active match, executable status, symlink targets, and Arch package ownership when pacman is available.
zejtron path shShow recently modified files under a path.
zejtron recent
zejtron recent . --limit 5
zejtron recent ~/src --since 1dShow listening TCP/UDP ports and process owners when discoverable.
zejtron port
zejtron port 3000
zejtron port --tcp --group
zejtron port --udp
zejtron port --all
zejtron port --no-pidShow a clean process tree for a Linux user or UID.
zejtron proc --me
zejtron proc rezky
zejtron proc root --depth 1
zejtron proc rezky --find python
zejtron proc rezky --no-pid
zejtron proc rezky --live --interval 6Show processes holding a file, device, or specific TCP/UDP port.
zejtron holds 3000
zejtron holds /etc/resolv.conf
zejtron holds /dev/nvme0n1Inspect last modification evidence for a path. Metadata shows when a path changed, not who changed it; audit and journal evidence is best-effort.
zejtron touch /etc/resolv.conf
zejtron touch ./README.md
zejtron touch "/path/with spaces/file.txt"Explain visible evidence for a path or port without inferring intent.
zejtron why 53
zejtron why 3000
zejtron why /etc/resolv.conf
zejtron why ./README.mdInspect current environment variables, save named snapshots, and diff a saved snapshot against the current terminal environment.
zejtron env
zejtron env --keys
zejtron env --filter path
zejtron env save base
zejtron env diff base
zejtron env list
zejtron env delete baseInspect systemd service units in a read-only view.
zejtron service
zejtron service --user
zejtron service --failed
zejtron service --all
zejtron service --filter unboundCheck Linux/procfs visibility, visible processes, /proc/net socket parsing, holder scan readiness, optional audit and journal evidence, systemctl/systemd availability, and build metadata.
zejtron doctorInspect current shell context in a read-only view. Reports the parent process, login shell, terminal, shell-related environment variables, and known config file paths for the detected shell.
zejtron shellInspect network interfaces and routing context in a read-only view. Reports interfaces from sysfs with state, MTU, and MAC address. Shows default route from procfs and resolver file status.
zejtron netInspect git repository context in a read-only view. Reports the repository root, branch, working tree status, latest commit, and remote URLs. Only invokes read-only git subcommands. Credentials embedded in remote URLs (e.g. PATs in HTTPS URLs) are redacted as <redacted> in output.
zejtron gitSee ROADMAP.md for the project roadmap and design direction.
pidnest and Zenlixem are superseded by Zejtron. See the origin table above for command mapping.
./check.sh
SKIP_CODESPELL=1 ./check.sh
./version-to.sh vX.Y.ZThe source code is licensed under the MIT License. The Zejtron name and branding are not granted under the MIT License. See TRADEMARK.md.