mxvmem: add option to omit reporting usage from system accounts

mariux64 · Jun 17, 2024 · 738ea05 · 738ea05
1 parent 0da9423
commit 738ea05
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/forensics/mxvmem b/forensics/mxvmem
@@ -229,13 +229,17 @@ class ProcFsHandler():
     self.uptime   = -1
     self.memtotal = -1
     self.age_threshold = age_thresh * 60*60*24 # days
+    self.supr_sys = False # used to suppress system accounts
 
   def set_uptime(self, t):
     self.uptime = t
 
   def set_memtotal(self, m):
     self.memtotal = m
 
+  def suppress_system_acc(self):
+    self.supr_sys = True
+
   def report_append(self, s):
     self.report.append(s)
 
@@ -252,6 +256,7 @@ class ProcFsHandler():
       vmdata = 0
       state = ''
       uid = self.store[p]['uid']
+      if self.supr_sys and (uid < 100 or uid >= 65533): continue
 
       if not uid in self.usermap:
         try:
@@ -422,6 +427,8 @@ def handle_args():
      help='location of forensics logs (/var/log)')
   ap.add_argument('-m', dest='memthresh', metavar='percent' ,
      help='threshold for memory usage report (10%%)', default=10.0, type=float)
+  ap.add_argument('-o', dest='no_sysacc',
+     help='omit system accounts from being reported', action='store_true', default=False)
   ap.add_argument('-q', dest='query', metavar='query' ,
      help='report memory usage for given categories (eg. \'SD\')', default='')
   ap.add_argument('-s', dest='summary',
@@ -480,6 +487,7 @@ if __name__ == '__main__':
 
   pmc = ProcMemClassifier()
   whs = ProcFsHandler(pmc, float(args.durationthresh))
+  if args.no_sysacc: whs.suppress_system_acc()
   psp = ProcStreamParser(whs)
 
   for line in proc: