How to check running processes in Linux?
2013-10-25 Linux
Imagine that you have to check status of your server due to some unexpected behaviour – attack, slowdown or just a diagnosis.
One of the basic thing is to check the processes that run on a server. Open terminal and type:
ps -aux
You should see a huge list:
root 537 0.0 0.0 0 0 ? S< Feb01 0:00 [scsi_wq_4] root 541 0.0 0.0 0 0 ? S< Feb01 0:00 [beiscsi_q_irq4] root 624 0.0 0.0 17232 532 ? S Feb01 0:00 upstart-udev-bridge --daemon root 629 0.0 0.0 21576 1000 ? Ss Feb01 0:00 /sbin/udevd --daemon root 860 0.0 0.0 0 0 ? S< Feb01 0:00 [edac-poller] root 956 0.0 0.0 0 0 ? S< Feb01 0:00 [kpsmoused] root 957 0.0 0.0 0 0 ? S Feb01 0:00 [kworker/7:2] root 973 0.0 0.0 15188 284 ? S Feb01 0:00 upstart-socket-bridge --daemon root 1011 0.0 0.0 0 0 ? S Feb01 0:00 [kworker/1:2] root 1140 0.0 0.0 0 0 ? S Feb01 3:53 [kworker/8:2] root 1141 0.0 0.0 23352 1068 ? Ss Feb01 0:00 /usr/sbin/vsftpd root 1196 0.0 0.0 122432 3752 ? Ss Feb01 1:01 smbd -F root 1205 0.0 0.0 49956 2864 ? Ss Feb01 3:17 /usr/sbin/sshd -D syslog 1215 0.0 0.0 251012 9860 ? Sl Feb01 24:39 rsyslogd -c5 102 1219 0.0 0.0 23940 936 ? Ss Feb01 0:01 dbus-daemon --system --fork --activation=upstart root 1237 0.0 0.0 21188 1216 ? Ss Feb01 0:00 /usr/sbin/bluetoothd root 1267 0.0 0.0 0 0 ? S< Feb01 0:00 [krfcommd] root 1282 0.0 0.0 93320 2124 ? Ss Feb01 141:56 nmbd -D root 1290 0.0 0.0 122536 764 ? S Feb01 0:00 smbd -F root 1299 0.0 0.0 14504 760 tty4 Ss+ Feb01 0:00 /sbin/getty -8 38400 tty4 root 1305 0.0 0.0 14504 760 tty5 Ss+ Feb01 0:00 /sbin/getty -8 38400 tty5 zabbix 1320 0.0 0.0 69340 596 ? S Feb01 0:00 /usr/sbin/zabbix_agentd zabbix 1332 0.1 0.0 69340 1988 ? S Feb01 599:16 /usr/sbin/zabbix_agentd zabbix 1333 0.0 0.0 69340 920 ? S Feb01 221:40 /usr/sbin/zabbix_agentd zabbix 1334 0.0 0.0 69340 916 ? S Feb01 214:03 /usr/sbin/zabbix_agentd zabbix 1335 0.0 0.0 69340 924 ? S Feb01 220:40 /usr/sbin/zabbix_agentd zabbix 1336 0.0 0.0 69356 712 ? S Feb01 8:23 /usr/sbin/zabbix_agentd root 1337 0.0 0.0 14504 760 tty2 Ss+ Feb01 0:00 /sbin/getty -8 38400 tty2 root 1338 0.0 0.0 14504 760 tty3 Ss+ Feb01 0:00 /sbin/getty -8 38400 tty3 root 1341 0.0 0.0 14504 760 tty6 Ss+ Feb01 0:00 /sbin/getty -8 38400 tty6 root 1345 0.0 0.0 4328 580 ? Ss Feb01 0:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket root 1355 0.0 0.0 15980 684 ? Ss Feb01 201:49 /usr/sbin/irqbalance root 1362 0.0 0.0 19112 960 ? Ss Feb01 2:54 cron daemon 1363 0.0 0.0 16908 232 ? Ss Feb01 0:00 atd root 1454 0.0 0.0 65140 1860 tty1 Ss Feb01 0:00 /bin/login -- root 1486 0.0 0.0 0 0 ? S Feb01 180:47 [flush-252:0] root 1653 0.0 0.0 4254384 3096 ? Sl Feb01 0:10 /usr/sbin/console-kit-daemon --no-daemon root 1720 0.0 0.0 186592 2064 ? Sl Feb01 0:02 /usr/lib/policykit-1/polkitd --no-debug root 2111 0.0 0.0 279064 17192 ? Ss Feb13 10:41 /usr/sbin/apache2 -k start root 2711 0.0 0.0 12248 1376 ? S May29 0:00 /bin/bash /sonic/Queue2MySQL/odbierz_wiad root 2712 0.0 0.0 7124 584 ? S May29 0:00 tr -d \000 root 2714 0.0 0.0 4400 616 ? S May29 0:00 /bin/sh ./jgo.sh Queue2MySQL -b tcp://vesonic01:2516 -u Administrator -p Administrator -qr pl.slick.test.inbox -c jdbc:mysql://localhost/test?user=root&passw root 2715 0.3 1.2 4011420 842160 ? Sl May29 849:53 java -cp .:/sonic/lib/mysql-connector-java-5.1.17-bin.jar:/sonic/lib/sonic_Client.jar:/sonic/lib/sonic_Crypto.jar:/sonic/lib/sqljdbc4.jar:/sonic/lib/sqljdbc.jar:/sonic/lib/ root 3603 0.0 0.0 0 0 ? S Jul04 5:32 [kworker/6:2] root 15870 0.0 0.0 0 0 ? S Jul22 4:44 [kworker/6:0] root 24655 0.0 0.0 0 0 ? S Oct22 0:00 [kworker/u:1] mysql 30105 8.7 3.6 11893476 2411400 ? Ssl May02 22263:09 /usr/sbin/mysqld root 37371 0.0 0.0 0 0 ? S Oct23 0:14 [kworker/0:1] www-data 38546 0.0 0.0 284088 17340 ? S 12:35 0:02 /usr/sbin/apache2 -k start www-data 38755 0.0 0.0 284080 17100 ? S 12:41 0:03 /usr/sbin/apache2 -k start www-data 39201 0.0 0.0 281748 15560 ? S 12:57 0:02 /usr/sbin/apache2 -k start www-data 39254 0.0 0.0 283336 17056 ? S 13:00 0:01 /usr/sbin/apache2 -k start www-data 39889 0.0 0.0 283336 17060 ? S 13:38 0:01 /usr/sbin/apache2 -k start www-data 39891 0.0 0.0 284092 16416 ? S 13:38 0:01 /usr/sbin/apache2 -k start www-data 39892 0.0 0.0 283344 17108 ? S 13:38 0:01 /usr/sbin/apache2 -k start www-data 40027 0.0 0.0 284084 16408 ? S 13:46 0:01 /usr/sbin/apache2 -k start root 40189 0.0 0.0 81884 3960 ? Ss 13:57 0:00 sshd: [email protected]/3 root 40212 0.0 0.0 23076 4436 pts/3 Ss 13:57 0:00 -bash www-data 40384 0.0 0.0 284224 16592 ? S 14:00 0:00 /usr/sbin/apache2 -k start www-data 40541 0.0 0.0 282004 15992 ? S 14:10 0:00 /usr/sbin/apache2 -k start root 40813 0.0 0.0 18100 1268 pts/3 R+ 14:27 0:00 ps -aux root 54417 0.0 0.0 0 0 ? S Oct18 0:11 [kworker/u:0] root 54505 0.0 0.0 0 0 ? S Jun01 28:28 [kworker/0:0] root 60045 0.0 0.0 21572 896 ? S Oct10 0:00 /sbin/udevd --daemon root 60082 0.0 0.0 23060 4316 tty1 S+ Oct10 0:00 -bash root 60395 0.0 0.0 21572 640 ? S Oct10 0:00 /sbin/udevd --daemon
To get more precisely results we could look for specified processes. Maybe these from Zabbix? Use “grep” command and look at that:
ps -aux | grep "zabbix"
Results?
zabbix 1320 0.0 0.0 69340 596 ? S Feb01 0:00 /usr/sbin/zabbix_agentd zabbix 1332 0.1 0.0 69340 1988 ? S Feb01 599:17 /usr/sbin/zabbix_agentd zabbix 1333 0.0 0.0 69340 920 ? S Feb01 221:41 /usr/sbin/zabbix_agentd zabbix 1334 0.0 0.0 69340 916 ? S Feb01 214:03 /usr/sbin/zabbix_agentd zabbix 1335 0.0 0.0 69340 924 ? S Feb01 220:40 /usr/sbin/zabbix_agentd zabbix 1336 0.0 0.0 69356 712 ? S Feb01 8:24 /usr/sbin/zabbix_agentd root 40853 0.0 0.0 9328 924 pts/3 S+ 14:29 0:00 grep --color=auto zabbix
Instead of “zabbix” phrase you can type anything you want. Check it to practise.