This is an essential part to master after getting used with the basics of server management. Here is how to manage, monitor processes on SSH. Apart from the Kernel, these processes are main part of GNU/Linux and unix systems provide various ways to view and control the running processes. Note that you may be really be able to manipulate all the processes on a server with OpenVZ virtualization. In GNU/Linux, process is an abstraction of Linux (kernel) to represent a running program. Each of these process in consists of an address, a set of data structures within the kernel.
PID is the unique ID number assigned kernel to each process. UID is user identification number denoting the user who created it. EUID is effective user ID. UID and EUID are same, except for the programs that are setuid. setuid and setgid are Unix access rights flags that allow users to run an executable with the permissions of the executable’s owner or group respectively and to change behaviour in directories. GID is the group identification number of a process. EGID is related to the GID. A process can be a member of many groups at one time.
How To Manage, Monitor Processes On SSH
ps is a command which is used for monitoring the processes. Versions of ps differ in their arguments and display, but all deliver the same information. The output of the ps command can show the above discussed PID, UID, priority, how much CPU time processes has consumed, how much memory process is using, current status and can control the processes. Process has codes and ps has standard notations :
---
R means process is running or can be executed.
D means uninterruptible sleep
S means interruptible sleep (process is waiting for some thing)
T means Traced or stopped
Z means Zombie – a terminated process but still present
USER is Username of the process’s owner
PID is Process ID
%CPU is the percentage of the CPU a process is consuming
%MEM is the percentage of memory a process is consuming
VSZ is virtual size of the process
RSS is number of pages in memory
TTY is control terminal ID
STAT is process status
START means the time the command started
TIME means CPU time the process has consumed
COMMAND is the name of the command
pstree command displays the processes in a tree format. You can run and check. We can stop process by (pid will be written as value) :
1 | kill [argument] pid |
To see a bit more information in realtime you can use :
1 | topIn |
We can stop by running :
1 | kill -9 pid |
That 9 is signal 9. The above is graceful command, the command to kill can be ignored. It will kill apache2 for sure :
1 | sudo killall apache2 |
An option to filter the result by process name is pgrep :
1 | pgrep -u root sshd |
Read manuals for chained commands :
1 2 | man strace man pgrep |
When you run strace on the sshd binary it outputs debugging information on how the program starts and what files it tries to access. From which we can use grep to list the /etc/ files which it tries to access :
1 | sudo strace -e trace=file /usr/sbin/sshd |& grep '^open('|grep '/etc/' |
A malware can hide as fake Apache web server process and consume huge resource. By experience, automatically eyes filter which can be odd.
