You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Update live_response/process/procfs_information.yaml to collect the following artifacts:
"ls -l /proc/[0-9]*/cwd" is one of my go-to items for detecting suspicious processes-- when the CWD is /tmp/.ICEd-unix/fooTWUX67 you know you have a problem
"cat /proc/%line%/stack" can sometimes reveal details of process behavior-- e.g., waiting on a socket, etc
"cat /proc/%line%/status" has lots of extra process detail, including PPID etc
The following new artifacts were added:
- ls -l /proc/<PID>/cwd
- cat /proc/<PID>/stack
- cat /proc/<PID>/status
Issue #35
Signed-off-by: Thiago Canozzo Lahr <tclahr@br.ibm.com>
Update live_response/process/procfs_information.yaml to collect the following artifacts:
Please refer to discussion #34
The text was updated successfully, but these errors were encountered: