Built off the open source project Osquery
Description: BASH environmental variables.
What The Data Shows: Malware can change variable such as $PATH to get their binaries to be run instead of legitimate copies.
SQL:
SELECT p.name,pe.key,pe.value
FROM processes AS p
JOIN process_envs AS pe
ON p.pid = pe.pid
WHERE p.name = "bash";
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.