sysflow icon indicating copy to clipboard operation
sysflow copied to clipboard
verified publisher icon sysflow-telemetry

Script name appears in Exe args

Open dcarolloz opened this issue 2 years ago • 0 comments

Indicate project libsysflow

Describe the bug When executing a script, the script name appears in the Exe args field

To reproduce Steps to reproduce the behavior:

  1. Build and run sf-collector example
  2. Create and run a bash script from terminal

Expected behavior The script name should appear only in the Exe field (as done with binaries)

Environment (please complete the following information):

  • OS: Ubuntu 20.04.4 LTS
  • kernel: 5.4.0-128-generic
  • SysFlow version: v0.5.1 (from master branch)
  • Configurations (if applicable): eBPF driver

sf-collector example log

****************************************************************
Header: Exporter , IP , File name 
Process: PID 13246 Creation Time, 1688462767702306855, Exe /usr/bin/bash, Exe Args , User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 13246, OpFlags 1, Ret 14128
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 14128 Creation Time, 1688462920057048358, Exe /usr/bin/bash, Exe Args , User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 14128, OpFlags 1, Ret 0
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 14128 Creation Time, 1688462920057048358, Exe /home/vagrant/script.sh, Exe Args ./script.sh, User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 14128, OpFlags 2, Ret 0
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 14128 Creation Time, 1688462920057048358, Exe /home/vagrant/script.sh, Exe Args ./script.sh, User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /etc/ld.so.cache
File Flow: TID 14128, OpFlags: 9344, OpenFlags 4097, FD 3
****************************************************************

dcarolloz avatar Jul 04 '23 12:07 dcarolloz