RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-27 15:30:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
8e05e69465
osquery-defense-kit/fd/unexpected-bpf-user.sql
Thomas Stromberg 6df0447760
More tuning, more scripts
2022-09-11 15:07:54 -04:00

11 lines
293 B
SQL
Raw Blame History

SELECT pmm.pid,
p.uid,
p.path AS proc_path,
p.cmdline AS proc_cmdline,
pmm.path AS lib_path
FROM process_memory_map pmm
JOIN processes p ON pmm.pid = p.pid
WHERE (lib_path LIKE "%:bpf%" OR lib_path LIKE "%libbpf%")
AND p.path != '/usr/lib/systemd/systemd'
GROUP BY pmm.pid
Reference in New Issue View Git Blame Copy Permalink