artif: collect /proc/*/stat

Added an artifact to collect /proc/*/stat. Its 9th field is the task flags. So, it can help to identify if a process is kernel thread or not.
tclahr · Aug 14, 2024 · 8b2242c · 8b2242c
1 parent 87ae5c2
commit 8b2242c
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/artifacts/live_response/process/procfs_information.yaml b/artifacts/live_response/process/procfs_information.yaml
@@ -202,6 +202,14 @@ artifacts:
     command: cat /proc/%line%/status
     output_directory: /live_response/process/proc/%line%
     output_file: status.txt
+  -
+    description: Collect stat of each process.
+    supported_os: [linux]
+    collector: command
+    foreach: for pid in /proc/[0-9]*; do echo ${pid} | sed -e 's:/proc/::'; done
+    command: cat /proc/%line%/stat
+    output_directory: /live_response/process/proc/%line%
+    output_file: stat.txt
   -
     description: Display the list of UNIX sockets.
     supported_os: [linux]
@@ -230,7 +238,7 @@ artifacts:
     command: astrings /proc/%line%/environ
     output_directory: /live_response/process/proc/%line%
     output_file: environ.txt
-  
+
   # macos
   -
     description: Collect running processes executable path.