RWJMurphy · December 16, 2015 06:38
diff --git a/proc_exe_check.sh b/proc_exe_check.sh
 #!/bin/bash

 function check_proc() {
    pid=$1
    link=$(readlink /proc/$pid/exe)
    if [[ "$link" =~ \ \(deleted\)$ ]]; then
        proc_launched=$(stat -c '%y' /proc/$pid)
        binary=${link% (deleted)}
        binary_stat=$(stat $binary | sed 's/^/\t\t/')
        cmdline=$(cat /proc/$pid/cmdline | tr '\000' ' ')
        fds=$(for fd in /proc/$pid/fd/*; do echo -ne "\t\t"; readlink $fd; done)
        maps=$(cat /proc/$pid/maps | awk '$6 ~ /^\// { print "\t\t"$6 }' | sort | uniq)
        echo "PID: $pid"
        echo -e "\tLaunched: $proc_launched"
        echo -e "\tBinary:"
        echo -e "$binary_stat"
        echo -e "\tCmdline:"
        echo -e "\t\t$cmdline"
        echo -e "\tOpen files:"
        echo -e "$fds"
        echo -e "\tmmap'd files:"
        echo -e "$maps"
    fi
 }

 cd /proc
 for pid in *; do
    case $pid in
    [0-9]* )
        check_proc $pid
        ;;
    esac
 done
	#!/bin/bash

	function check_proc() {
	pid=$1
	link=$(readlink /proc/$pid/exe)
	if [[ "$link" =~ \ \(deleted\)$ ]]; then
	proc_launched=$(stat -c '%y' /proc/$pid)
	binary=${link% (deleted)}
	binary_stat=$(stat $binary \| sed 's/^/\t\t/')
	cmdline=$(cat /proc/$pid/cmdline \| tr '\000' ' ')
	fds=$(for fd in /proc/$pid/fd/*; do echo -ne "\t\t"; readlink $fd; done)
	maps=$(cat /proc/$pid/maps \| awk '$6 ~ /^\// { print "\t\t"$6 }' \| sort \| uniq)
	echo "PID: $pid"
	echo -e "\tLaunched: $proc_launched"
	echo -e "\tBinary:"
	echo -e "$binary_stat"
	echo -e "\tCmdline:"
	echo -e "\t\t$cmdline"
	echo -e "\tOpen files:"
	echo -e "$fds"
	echo -e "\tmmap'd files:"
	echo -e "$maps"
	fi
	}

	cd /proc
	for pid in *; do
	case $pid in
	[0-9]* )
	check_proc $pid
	;;
	esac
	done
No results found