From 8daa497136b621f4a23def09b7bd85cdece440ba Mon Sep 17 00:00:00 2001
From: Dave Germiquet <davegermiquet@trulycanadian.net>
Date: Sat, 7 Jul 2018 14:07:12 -0400
Subject: [PATCH] Added changable process listing. (#787)

* Fixed merge conflict changes

* Implemented dynamic processing from snapshots of systems

* Fixed formatting

Add process in server.py

Added Process into its own class instead of config.
Load in the server class

* Fix formatting

* Update config.py

* Update server.py

* Update server.py

* Update process.py

* Update server.py

* Update base.py

* Update base.py

* Update base.py

* Update protocol.py
---
 bin/createdynamicprocess.py |  38 ++
 cmdoutput.json              | 955 ++++++++++++++++++++++++++++++++++++
 cowrie/commands/base.py     | 243 +++++++--
 cowrie/shell/process.py     |   1 +
 cowrie/shell/server.py      |  23 +-
 cowrie/test/fake_server.py  |   2 +-
 6 files changed, 1222 insertions(+), 40 deletions(-)
 create mode 100644 bin/createdynamicprocess.py
 create mode 100644 cmdoutput.json
 create mode 100644 cowrie/shell/process.py

diff --git a/bin/createdynamicprocess.py b/bin/createdynamicprocess.py
new file mode 100644
index 00000000..f8cf2528
--- /dev/null
+++ b/bin/createdynamicprocess.py
@@ -0,0 +1,38 @@
+import psutil
+import json
+import datetime
+import random
+
+command = {}
+command['command'] = {}
+command['command']['ps'] = []
+
+randomStates = ["Ss", "S<", "D<", "Ss+"]
+for proc in psutil.process_iter():
+    try:
+        info = proc.as_dict(
+            attrs=['pid', 'name', 'cmdline', 'username', 'cpu_percent', 'memory_percent', 'memory_info', 'create_time', 'terminal', 'status', 'cpu_times'])
+    except psutil.NoSuchProcess:
+        pass
+    else:
+        object = {}
+        object['USER'] = info['username']
+        object['PID'] = info['pid']
+        if info['cmdline']:
+            object['COMMAND'] = "/".join(info['cmdline'])
+        else:
+            object['COMMAND'] = '[ ' + info['name'] + ' ]'
+        object['CPU'] = info['cpu_percent']
+        object['MEM'] = info['memory_percent']
+        object['RSS'] = info['memory_info'].rss
+        object['VSZ'] = info['memory_info'].vms
+        object['START'] = datetime.datetime.fromtimestamp(info['create_time']).strftime("%b%d")
+        if info['terminal'] != None:
+            object['TTY'] = str(info['terminal']).replace("/dev/", "")
+        else:
+            object['TTY'] = "?"
+        object['STAT'] = random.choice(randomStates)
+        object['TIME'] = info['cpu_times'].user
+        command['command']['ps'].append(object)
+
+print(json.dumps(command, indent=4, sort_keys=True))
diff --git a/cmdoutput.json b/cmdoutput.json
new file mode 100644
index 00000000..a15fc980
--- /dev/null
+++ b/cmdoutput.json
@@ -0,0 +1,955 @@
+{
+  "command": {
+    "ps": [
+      {
+        "COMMAND": "/lib/systemd/systemd --system --deserialize 20",
+        "CPU": 0.0,
+        "MEM": 0.8852285391357956,
+        "PID": 1,
+        "RSS": 4587520,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.48,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 180281344
+      },
+      {
+        "COMMAND": "[kthreadd]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 2,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[ksoftirqd/0]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 3,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kworker/0:0H]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 5,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[rcu_sched]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 7,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[rcu_bh]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 8,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss+",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[migration/0]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 9,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss+",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[watchdog/0]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 10,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[watchdog/1]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 11,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[migration/1]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 12,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss+",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[ksoftirqd/1]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 13,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kworker/1:0H]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 15,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[khelper]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 16,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kdevtmpfs]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 17,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[netns]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 18,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[khungtaskd]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 19,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[writeback]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 20,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[ksmd]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 21,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[crypto]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 22,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kintegrityd]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 23,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[bioset]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 24,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kblockd]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 25,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss+",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kswapd0]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 27,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[vmstat]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 28,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[fsnotify_mark]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 29,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kthrotld]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 35,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[ipv6_addrconf]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 37,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[deferwq]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 38,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kworker/u4:1]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 39,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[ata_sff]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 74,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kpsmoused]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 75,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss+",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[scsi_eh_0]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 78,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[scsi_tmf_0]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 79,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss+",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kworker/u4:2]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 80,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kworker/1:1H]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 83,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kworker/0:1H]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 88,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[jbd2/sda1-8]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 103,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[ext4-rsv-conver]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 104,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss+",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kauditd]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 135,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss+",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "/lib/systemd/systemd-udevd",
+        "CPU": 0.0,
+        "MEM": 0.42680661708333006,
+        "PID": 141,
+        "RSS": 2211840,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.05,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 41754624
+      },
+      {
+        "COMMAND": "/lib/systemd/systemd-journald",
+        "CPU": 0.0,
+        "MEM": 1.1231337090285407,
+        "PID": 150,
+        "RSS": 5820416,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 0.16,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 38326272
+      },
+      {
+        "COMMAND": "/sbin/rpcbind -w",
+        "CPU": 0.0,
+        "MEM": 0.345397206787806,
+        "PID": 360,
+        "RSS": 1789952,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 37969920
+      },
+      {
+        "COMMAND": "/sbin/rpc.statd",
+        "CPU": 0.0,
+        "MEM": 0.3374933805455221,
+        "PID": 382,
+        "RSS": 1748992,
+        "START": "Jun22",
+        "STAT": "Ss+",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "statd",
+        "VSZ": 38174720
+      },
+      {
+        "COMMAND": "[rpciod]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 387,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[nfsiod]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 392,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "/usr/sbin/rpc.idmapd",
+        "CPU": 0.0,
+        "MEM": 0.002371147872685167,
+        "PID": 407,
+        "RSS": 12288,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 23916544
+      },
+      {
+        "COMMAND": "/usr/sbin/atd -f",
+        "CPU": 0.0,
+        "MEM": 0.3082492234490717,
+        "PID": 413,
+        "RSS": 1597440,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 19480576
+      },
+      {
+        "COMMAND": "/usr/sbin/cron -f",
+        "CPU": 0.0,
+        "MEM": 0.5097967926273108,
+        "PID": 414,
+        "RSS": 2641920,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.01,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 28135424
+      },
+      {
+        "COMMAND": "/lib/systemd/systemd-logind",
+        "CPU": 0.0,
+        "MEM": 0.3390741457939789,
+        "PID": 417,
+        "RSS": 1757184,
+        "START": "Jun22",
+        "STAT": "Ss+",
+        "TIME": 0.05,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 20332544
+      },
+      {
+        "COMMAND": "/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation",
+        "CPU": 0.0,
+        "MEM": 0.5105871752515393,
+        "PID": 419,
+        "RSS": 2646016,
+        "START": "Jun22",
+        "STAT": "Ss+",
+        "TIME": 0.52,
+        "TTY": "?",
+        "USER": "messagebus",
+        "VSZ": 43245568
+      },
+      {
+        "COMMAND": "/usr/sbin/rsyslogd -n",
+        "CPU": 0.0,
+        "MEM": 0.40309513835647837,
+        "PID": 425,
+        "RSS": 2088960,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.04,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 264880128
+      },
+      {
+        "COMMAND": "/usr/sbin/acpid",
+        "CPU": 0.0,
+        "MEM": 0.3058780755763865,
+        "PID": 427,
+        "RSS": 1585152,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 4358144
+      },
+      {
+        "COMMAND": "/sbin/agetty --noclear tty1 linux",
+        "CPU": 0.0,
+        "MEM": 0.3295895543032382,
+        "PID": 442,
+        "RSS": 1708032,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "tty1",
+        "USER": "root",
+        "VSZ": 14761984
+      },
+      {
+        "COMMAND": "/usr/sbin/sshd -D",
+        "CPU": 0.0,
+        "MEM": 0.5919965855470634,
+        "PID": 448,
+        "RSS": 3067904,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.01,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 56508416
+      },
+      {
+        "COMMAND": "/usr/sbin/exim4 -bd -q30m",
+        "CPU": 0.0,
+        "MEM": 0.41574126034413256,
+        "PID": 682,
+        "RSS": 2154496,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "Debian-exim",
+        "VSZ": 54530048
+      },
+      {
+        "COMMAND": "dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0",
+        "CPU": 0.0,
+        "MEM": 0.11381509788888802,
+        "PID": 697,
+        "RSS": 589824,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 26009600
+      },
+      {
+        "COMMAND": "[iprt-VBoxWQueue]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 8574,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "Ss+",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[ttm_swap]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 8611,
+        "RSS": 0,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "/usr/sbin/VBoxService --pidfile /var/run/vboxadd-service.sh",
+        "CPU": 0.0,
+        "MEM": 0.20549948229938111,
+        "PID": 8743,
+        "RSS": 1064960,
+        "START": "Jun22",
+        "STAT": "Ss",
+        "TIME": 0.17,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 307101696
+      },
+      {
+        "COMMAND": "dhclient -v -pf /run/dhclient.eth1.pid -lf /var/lib/dhcp/dhclient.eth1.leases eth1",
+        "CPU": 0.0,
+        "MEM": 0.4679065135432063,
+        "PID": 9030,
+        "RSS": 2424832,
+        "START": "Jun22",
+        "STAT": "Ss+",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 26009600
+      },
+      {
+        "COMMAND": "/bin/sh /usr/bin/mysqld_safe",
+        "CPU": 0.0,
+        "MEM": 0.2908608057160471,
+        "PID": 21704,
+        "RSS": 1507328,
+        "START": "Jun22",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 4440064
+      },
+      {
+        "COMMAND": "/usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/log/mysql/error.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/run/mysqld/mysqld.sock --port=3306",
+        "CPU": 0.0,
+        "MEM": 9.2822535389382,
+        "PID": 22049,
+        "RSS": 48103424,
+        "START": "Jun22",
+        "STAT": "S<",
+        "TIME": 5.91,
+        "TTY": "?",
+        "USER": "mysql",
+        "VSZ": 1374707712
+      },
+      {
+        "COMMAND": "/usr/lib/erlang/erts-6.2/bin/epmd -daemon",
+        "CPU": 0.0,
+        "MEM": 0.04505180958101817,
+        "PID": 25061,
+        "RSS": 233472,
+        "START": "Jun23",
+        "STAT": "Ss",
+        "TIME": 0.14,
+        "TTY": "?",
+        "USER": "ejabberd",
+        "VSZ": 27955200
+      },
+      {
+        "COMMAND": "[kworker/0:0]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 25065,
+        "RSS": 0,
+        "START": "Jun23",
+        "STAT": "Ss+",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "/usr/lib/erlang/erts-6.2/bin/beam.smp -K true -P 250000 -- -root /usr/lib/erlang -progname erl -- -home /var/lib/ejabberd -- -sname ejabberd -noshell -noinput -noshell -noinput -pa /usr/lib/x86_64-linux-gnu/ejabberd/ebin -mnesia dir \"/var/lib/ejabberd\" -ejabberd log_rate_limit 100 log_rotate_size 0 log_rotate_date \"\" -s ejabberd -sasl sasl_error_logger {file,\"/var/log/ejabberd/erlang.log\"} -smp auto start ",
+        "CPU": 0.0,
+        "MEM": 8.874416104836351,
+        "PID": 25095,
+        "RSS": 45989888,
+        "START": "Jun23",
+        "STAT": "Ss",
+        "TIME": 3.41,
+        "TTY": "?",
+        "USER": "ejabberd",
+        "VSZ": 968404992
+      },
+      {
+        "COMMAND": "[kworker/1:0]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 25970,
+        "RSS": 0,
+        "START": "Jun23",
+        "STAT": "D<",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;",
+        "CPU": 0.0,
+        "MEM": 0.5967388812924337,
+        "PID": 26418,
+        "RSS": 3092480,
+        "START": "Jun23",
+        "STAT": "Ss+",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 93380608
+      },
+      {
+        "COMMAND": "nginx: worker process                           ",
+        "CPU": 0.0,
+        "MEM": 0.7255712490416611,
+        "PID": 26419,
+        "RSS": 3760128,
+        "START": "Jun23",
+        "STAT": "Ss+",
+        "TIME": 0.29,
+        "TTY": "?",
+        "USER": "www-data",
+        "VSZ": 93704192
+      },
+      {
+        "COMMAND": "nginx: worker process                           ",
+        "CPU": 0.0,
+        "MEM": 0.7255712490416611,
+        "PID": 26420,
+        "RSS": 3760128,
+        "START": "Jun23",
+        "STAT": "D<",
+        "TIME": 0.36,
+        "TTY": "?",
+        "USER": "www-data",
+        "VSZ": 93704192
+      },
+      {
+        "COMMAND": "nginx: worker process                           ",
+        "CPU": 0.0,
+        "MEM": 0.7255712490416611,
+        "PID": 26421,
+        "RSS": 3760128,
+        "START": "Jun23",
+        "STAT": "Ss+",
+        "TIME": 0.2,
+        "TTY": "?",
+        "USER": "www-data",
+        "VSZ": 93704192
+      },
+      {
+        "COMMAND": "nginx: worker process                           ",
+        "CPU": 0.0,
+        "MEM": 0.7255712490416611,
+        "PID": 26422,
+        "RSS": 3760128,
+        "START": "Jun23",
+        "STAT": "D<",
+        "TIME": 0.45,
+        "TTY": "?",
+        "USER": "www-data",
+        "VSZ": 93704192
+      },
+      {
+        "COMMAND": "[kworker/0:2]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 28001,
+        "RSS": 0,
+        "START": "Jun23",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      },
+      {
+        "COMMAND": "[kworker/1:1]",
+        "CPU": 0.0,
+        "MEM": 0.0,
+        "PID": 28002,
+        "RSS": 0,
+        "START": "Jun23",
+        "STAT": "Ss",
+        "TIME": 0.0,
+        "TTY": "?",
+        "USER": "root",
+        "VSZ": 0
+      }
+    ]
+  }
+}
diff --git a/cowrie/commands/base.py b/cowrie/commands/base.py
index c8a3a6b6..60913964 100644
--- a/cowrie/commands/base.py
+++ b/cowrie/commands/base.py
@@ -8,9 +8,9 @@ import time
 import datetime
 import getopt
 import re
+import random
 
 from twisted.python import failure, log
-
 from twisted.internet import error, reactor
 
 from cowrie.shell.honeypot import HoneyPotCommand, HoneyPotShell, StdOutStdErrEmulationProtocol
@@ -251,6 +251,7 @@ commands['/bin/hostname'] = command_hostname
 class command_ps(HoneyPotCommand):
     """
     """
+
     def call(self):
         """
         """
@@ -258,43 +259,209 @@ class command_ps(HoneyPotCommand):
         args = ''
         if len(self.args):
             args = self.args[0].strip()
-        _user, _pid, _cpu, _mem, _vsz, _rss, _tty, _stat, \
-            _start, _time, _command = list(range(11))
+        _user, _pid, _cpu, _mem, _vsz, _rss, _tty, _stat, _start, _time, _command = list(range(11))
+        output_array = []
+
         output = (
-            ('USER      ', ' PID', ' %CPU', ' %MEM', '    VSZ', '   RSS', ' TTY      ', 'STAT ', 'START', '   TIME ', 'COMMAND',),
-            ('root      ', '   1', '  0.0', '  0.1', '   2100', '   688', ' ?        ', 'Ss   ', 'Nov06', '   0:07 ', 'init [2]  ',),
-            ('root      ', '   2', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[kthreadd]',),
-            ('root      ', '   3', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[migration/0]',),
-            ('root      ', '   4', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[ksoftirqd/0]',),
-            ('root      ', '   5', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[watchdog/0]',),
-            ('root      ', '   6', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:17 ', '[events/0]',),
-            ('root      ', '   7', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[khelper]',),
-            ('root      ', '  39', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[kblockd/0]',),
-            ('root      ', '  41', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[kacpid]',),
-            ('root      ', '  42', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[kacpi_notify]',),
-            ('root      ', ' 170', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[kseriod]',),
-            ('root      ', ' 207', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S    ', 'Nov06', '   0:01 ', '[pdflush]',),
-            ('root      ', ' 208', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S    ', 'Nov06', '   0:00 ', '[pdflush]',),
-            ('root      ', ' 209', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[kswapd0]',),
-            ('root      ', ' 210', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[aio/0]',),
-            ('root      ', ' 748', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[ata/0]',),
-            ('root      ', ' 749', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[ata_aux]',),
-            ('root      ', ' 929', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[scsi_eh_0]',),
-            ('root      ', '1014', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'D<   ', 'Nov06', '   0:03 ', '[kjournald]',),
-            ('root      ', '1087', '  0.0', '  0.1', '   2288', '   772', ' ?        ', 'S<s  ', 'Nov06', '   0:00 ', 'udevd --daemon',),
-            ('root      ', '1553', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06', '   0:00 ', '[kpsmoused]',),
-            ('root      ', '2054', '  0.0', '  0.2', '  28428', '  1508', ' ?        ', 'Sl   ', 'Nov06', '   0:01 ', '/usr/sbin/rsyslogd -c3',),
-            ('root      ', '2103', '  0.0', '  0.2', '   2628', '  1196', ' tty1     ', 'Ss   ', 'Nov06', '   0:00 ', '/bin/login --     ',),
-            ('root      ', '2105', '  0.0', '  0.0', '   1764', '   504', ' tty2     ', 'Ss+  ', 'Nov06', '   0:00 ', '/sbin/getty 38400 tty2',),
-            ('root      ', '2107', '  0.0', '  0.0', '   1764', '   504', ' tty3     ', 'Ss+  ', 'Nov06', '   0:00 ', '/sbin/getty 38400 tty3',),
-            ('root      ', '2109', '  0.0', '  0.0', '   1764', '   504', ' tty4     ', 'Ss+  ', 'Nov06', '   0:00 ', '/sbin/getty 38400 tty4',),
-            ('root      ', '2110', '  0.0', '  0.0', '   1764', '   504', ' tty5     ', 'Ss+  ', 'Nov06', '   0:00 ', '/sbin/getty 38400 tty5',),
-            ('root      ', '2112', '  0.0', '  0.0', '   1764', '   508', ' tty6     ', 'Ss+  ', 'Nov06', '   0:00 ', '/sbin/getty 38400 tty6',),
-            ('root      ', '2133', '  0.0', '  0.1', '   2180', '   620', ' ?        ', 'S<s  ', 'Nov06', '   0:00 ', 'dhclient3 -pf /var/run/dhclient.eth0.pid -lf /var/lib/dhcp3/dhclien',),
-            ('root      ', '4969', '  0.0', '  0.1', '   5416', '  1024', ' ?        ', 'Ss   ', 'Nov08', '   0:00 ', '/usr/sbin/sshd: %s@pts/0' % user,),
-            ('%s'.ljust(8) % user, '5673', '  0.0', '  0.2', '   2924', '  1540', ' pts/0    ', 'Ss   ', '04:30', '   0:00 ', '-bash',),
-            ('%s'.ljust(8) % user, '5679', '  0.0', '  0.1', '   2432', '   928', ' pts/0    ', 'R+   ', '04:32', '   0:00 ', 'ps %s' % ' '.join(self.args),)
-        )
+            '%s'.ljust(15 - len("USER")) % "USER",
+            '%s'.ljust(8 - len("PID")) % "PID",
+            '%s'.ljust(13 - len("%CPU")) % "%CPU",
+            '%s'.ljust(13 - len("%MEM")) % "%MEM",
+            '%s'.ljust(12 - len("VSZ")) % "VSZ",
+            '%s'.ljust(12 - len("RSS")) % "RSS",
+            '%s'.ljust(10 - len("TTY")) % "TTY",
+            '%s'.ljust(8 - len("STAT")) % "STAT",
+            '%s'.ljust(8 - len("START")) % "START",
+            '%s'.ljust(8 - len("TIME")) % "TIME",
+            '%s'.ljust(30 - len("COMMAND")) % "COMMAND")
+        output_array.append(output)
+        if (self.protocol.user.server.process):
+            for single_ps in self.protocol.user.server.process:
+                output = ('%s'.ljust(15 - len(str(single_ps['USER']))) % str(single_ps['USER']),
+                          '%s'.ljust(8 - len(str(single_ps['PID']))) % str(single_ps['PID']),
+                          '%s'.ljust(13 - len(str(round(single_ps['CPU'], 2)))) % str(round(single_ps['CPU'], 2)),
+                          '%s'.ljust(13 - len(str(round(single_ps['MEM'], 2)))) % str(round(single_ps['MEM'], 2)),
+                          '%s'.ljust(12 - len(str(single_ps['VSZ']))) % str(single_ps['VSZ']),
+                          '%s'.ljust(12 - len(str(single_ps['RSS']))) % str(single_ps['RSS']),
+                          '%s'.ljust(10 - len(str(single_ps['TTY']))) % str(single_ps['TTY']),
+                          '%s'.ljust(8 - len(str(single_ps['STAT']))) % str(single_ps['STAT']),
+                          '%s'.ljust(8 - len(str(single_ps['START']))) % str(single_ps['START']),
+                          '%s'.ljust(8 - len(str(single_ps['TIME']))) % str(single_ps['TIME']),
+                          '%s'.ljust(30 - len(str(single_ps['COMMAND']))) % str(single_ps['COMMAND']))
+                output_array.append(output)
+            process = random.randint(4000, 8000)
+            output = ('%s'.ljust(15 - len('root')) % 'root',
+                      '%s'.ljust(8 - len(str(process))) % str(process),
+                      '%s'.ljust(13 - len('0.0')) % '0.0',
+                      '%s'.ljust(13 - len('0.1')) % '0.1',
+                      '%s'.ljust(12 - len('5416')) % '5416',
+                      '%s'.ljust(12 - len('1024')) % '1024',
+                      '%s'.ljust(10 - len('?')) % '?',
+                      '%s'.ljust(8 - len('Ss')) % 'Ss',
+                      '%s'.ljust(8 - len('June22')) % 'June22',
+                      '%s'.ljust(8 - len('0:00')) % '0:00',
+                      '%s'.ljust(30 - len('/usr/sbin/sshd: %s@pts/0')) % '/usr/sbin/sshd: %s@pts/0' % user)
+            output_array.append(output)
+            process = process + 5
+            output = ('%s'.ljust(15 - len(user)) % user,
+                      '%s'.ljust(8 - len(str(process))) % str(process),
+                      '%s'.ljust(13 - len('0.0')) % '0.0',
+                      '%s'.ljust(13 - len('0.1')) % '0.1',
+                      '%s'.ljust(12 - len('2925')) % '5416',
+                      '%s'.ljust(12 - len('1541')) % '1024',
+                      '%s'.ljust(10 - len('pts/0')) % 'pts/0',
+                      '%s'.ljust(8 - len('Ss')) % 'Ss',
+                      '%s'.ljust(8 - len('06:30')) % '06:30',
+                      '%s'.ljust(8 - len('0:00')) % '0:00',
+                      '%s'.ljust(30 - len('bash')) % '-bash')
+            output_array.append(output)
+            process = process + 2
+            output = ('%s'.ljust(15 - len(user)) % user,
+                      '%s'.ljust(8 - len(str(process))) % str(process),
+                      '%s'.ljust(13 - len('0.0')) % '0.0',
+                      '%s'.ljust(13 - len('0.1')) % '0.1',
+                      '%s'.ljust(12 - len('2435')) % '2435',
+                      '%s'.ljust(12 - len('929')) % '929',
+                      '%s'.ljust(10 - len('pts/0')) % 'pts/0',
+                      '%s'.ljust(8 - len('Ss')) % 'Ss',
+                      '%s'.ljust(8 - len('06:30')) % '06:30',
+                      '%s'.ljust(8 - len('0:00')) % '0:00',
+                      '%s'.ljust(30 - len('ps')) % 'ps %s' % ' '.join(self.args))
+
+            output_array.append(output)
+        else:
+            output_array = (
+                (
+                    'USER      ', ' PID', ' %CPU', ' %MEM', '    VSZ', '   RSS', ' TTY      ', 'STAT ', 'START',
+                    '   TIME ',
+                    'COMMAND',),
+                (
+                    'root      ', '   1', '  0.0', '  0.1', '   2100', '   688', ' ?        ', 'Ss   ', 'Nov06',
+                    '   0:07 ',
+                    'init [2]  ',),
+                (
+                    'root      ', '   2', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[kthreadd]',),
+                (
+                    'root      ', '   3', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[migration/0]',),
+                (
+                    'root      ', '   4', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[ksoftirqd/0]',),
+                (
+                    'root      ', '   5', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[watchdog/0]',),
+                (
+                    'root      ', '   6', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:17 ',
+                    '[events/0]',),
+                (
+                    'root      ', '   7', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[khelper]',),
+                (
+                    'root      ', '  39', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[kblockd/0]',),
+                (
+                    'root      ', '  41', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[kacpid]',),
+                (
+                    'root      ', '  42', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[kacpi_notify]',),
+                (
+                    'root      ', ' 170', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[kseriod]',),
+                (
+                    'root      ', ' 207', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S    ', 'Nov06',
+                    '   0:01 ',
+                    '[pdflush]',),
+                (
+                    'root      ', ' 208', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S    ', 'Nov06',
+                    '   0:00 ',
+                    '[pdflush]',),
+                (
+                    'root      ', ' 209', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[kswapd0]',),
+                (
+                    'root      ', ' 210', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[aio/0]',),
+                (
+                    'root      ', ' 748', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[ata/0]',),
+                (
+                    'root      ', ' 749', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[ata_aux]',),
+                (
+                    'root      ', ' 929', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[scsi_eh_0]',),
+                (
+                    'root      ', '1014', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'D<   ', 'Nov06',
+                    '   0:03 ',
+                    '[kjournald]',),
+                (
+                    'root      ', '1087', '  0.0', '  0.1', '   2288', '   772', ' ?        ', 'S<s  ', 'Nov06',
+                    '   0:00 ',
+                    'udevd --daemon',),
+                (
+                    'root      ', '1553', '  0.0', '  0.0', '      0', '     0', ' ?        ', 'S<   ', 'Nov06',
+                    '   0:00 ',
+                    '[kpsmoused]',),
+                (
+                    'root      ', '2054', '  0.0', '  0.2', '  28428', '  1508', ' ?        ', 'Sl   ', 'Nov06',
+                    '   0:01 ',
+                    '/usr/sbin/rsyslogd -c3',),
+                (
+                    'root      ', '2103', '  0.0', '  0.2', '   2628', '  1196', ' tty1     ', 'Ss   ', 'Nov06',
+                    '   0:00 ',
+                    '/bin/login --     ',),
+                (
+                    'root      ', '2105', '  0.0', '  0.0', '   1764', '   504', ' tty2     ', 'Ss+  ', 'Nov06',
+                    '   0:00 ',
+                    '/sbin/getty 38400 tty2',),
+                (
+                    'root      ', '2107', '  0.0', '  0.0', '   1764', '   504', ' tty3     ', 'Ss+  ', 'Nov06',
+                    '   0:00 ',
+                    '/sbin/getty 38400 tty3',),
+                (
+                    'root      ', '2109', '  0.0', '  0.0', '   1764', '   504', ' tty4     ', 'Ss+  ', 'Nov06',
+                    '   0:00 ',
+                    '/sbin/getty 38400 tty4',),
+                (
+                    'root      ', '2110', '  0.0', '  0.0', '   1764', '   504', ' tty5     ', 'Ss+  ', 'Nov06',
+                    '   0:00 ',
+                    '/sbin/getty 38400 tty5',),
+                (
+                    'root      ', '2112', '  0.0', '  0.0', '   1764', '   508', ' tty6     ', 'Ss+  ', 'Nov06',
+                    '   0:00 ',
+                    '/sbin/getty 38400 tty6',),
+                (
+                    'root      ', '2133', '  0.0', '  0.1', '   2180', '   620', ' ?        ', 'S<s  ', 'Nov06',
+                    '   0:00 ',
+                    'dhclient3 -pf /var/run/dhclient.eth0.pid -lf /var/lib/dhcp3/dhclien',),
+                (
+                    'root      ', '4969', '  0.0', '  0.1', '   5416', '  1024', ' ?        ', 'Ss   ', 'Nov08',
+                    '   0:00 ',
+                    '/usr/sbin/sshd: %s@pts/0' % user,),
+                ('%s'.ljust(8) % user, '5673', '  0.0', '  0.2', '   2924', '  1540', ' pts/0    ', 'Ss   ', '04:30',
+                 '   0:00 ', '-bash',),
+                ('%s'.ljust(8) % user, '5679', '  0.0', '  0.1', '   2432', '   928', ' pts/0    ', 'R+   ', '04:32',
+                 '   0:00 ', 'ps %s' % ' '.join(self.args),)
+            )
+
+        output = output_array
         for i in range(len(output)):
             if i != 0:
                 if 'a' not in args and output[i][_user].strip() != user:
@@ -311,6 +478,8 @@ class command_ps(HoneyPotCommand):
             if 'w' not in args:
                 s = s[:80]
             self.write('{0}\n'.format(s))
+
+
 commands['/bin/ps'] = command_ps
 
 
diff --git a/cowrie/shell/process.py b/cowrie/shell/process.py
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/cowrie/shell/process.py
@@ -0,0 +1 @@
+
diff --git a/cowrie/shell/server.py b/cowrie/shell/server.py
index e62505b2..fa1ca54c 100644
--- a/cowrie/shell/server.py
+++ b/cowrie/shell/server.py
@@ -34,6 +34,8 @@ from __future__ import division, absolute_import
 
 import copy
 import random
+import json
+
 from configparser import NoOptionError
 
 import twisted.python.log as log
@@ -51,10 +53,12 @@ class CowrieServer(object):
     This class represents a 'virtual server' that can be shared between
     multiple Cowrie connections
     """
+    fs = None
+    process = None
+    avatars = []
+    
     def __init__(self, realm):
-        self.avatars = []
         self.hostname = CONFIG.get('honeypot', 'hostname')
-        self.fs = None
 
         try:
             self.arch = random.choice(CONFIG.get('shell', 'arch').split(','))
@@ -63,9 +67,24 @@ class CowrieServer(object):
             self.arch = 'linux-x64-lsb'
 
         log.msg("Initialized emulated server as architecture: {}".format(self.arch))
+        
 
+    def getCommandOutput(self, file):
+        """
+        Reads process output from JSON file.
+        """
+        with open(file) as f:
+            cmdoutput = json.load(f)
+        return cmdoutput
+        
+        
     def initFileSystem(self):
         """
         Do this so we can trigger it later. Not all sessions need file system
         """
         self.fs = fs.HoneyPotFilesystem(copy.deepcopy(fs.PICKLE), self.arch)
+        
+        try:
+            self.process = self.getCommandOutput(CONFIG.get('process', 'file'))['command']['ps']
+        except NoOptionError:
+            self.process = None
diff --git a/cowrie/test/fake_server.py b/cowrie/test/fake_server.py
index d405d5cc..64347f6b 100644
--- a/cowrie/test/fake_server.py
+++ b/cowrie/test/fake_server.py
@@ -23,7 +23,7 @@ class FakeServer:
         self.pckl = pickle.load(
             open(CONFIG.get('honeypot', 'filesystem_file'), 'rb'))
         self.fs = fs.HoneyPotFilesystem(copy.deepcopy(self.pckl), 'arch')
-
+        self.process = None
 
 class FakeAvatar:
     """