A Linux system typically has hundreds to thousands of simultaneous processes (a program that consumes computing resources) running. Optimizing system performance requires an understanding of how to manage these processes. This section covers:
- Viewing and finding processes;
- Discovering the most resource intensive processes;
- Process management ( running background processes, prioritizing processes, and killing processes); and
- Scheduling processes to run at specified times.
Viewing Running Processes
ps: View Your Processes
The first step in managing processes is viewing which are running on your system by using the “ps” command. You should see something like this:
The “ps” command lists the processes started by the currently logged in user and what processes are running on that terminal. Here, it says that the bash shell is open and running and that we ran the ps command. In order to manage the system, administrators need far more information on processes run by other users and by the system in the background.
The core of the Linux operating system, the kernel, assigns a sequential unique process ID (PID) to processes as they are invoked. When managing Linux processes, you specify their PIDs, rather than the name of the process.
ps aux: View All Running Processes
The “ps” command with the options “aux” show all processes running on the system for all users.
The most important columns in this output:
USER: The user who invoked the process
PID: The process ID
%CPU: The percent of CPU being consumed by the process
%MEM: The percent of memory being consumed by the process
COMMAND: The name of the command that started the process
to perform any action on a process, we must specify its PID. Let’s see how to use this identifier to our advantage.
Filter Processes by Name
When we inquire about a process, we want to find information on a single process, which can be done with the “grep” command. Using “Burpsuite” as an example, let’s find it in the list of processes once the program is initiated.
You can see all the processes that match the term “burpsuite”. First you see the program itself and then the grep command you used to look for it. As the keyword is not found in the column header list, no headers were shown although the results are displayed in the same format. We can see:
User: The user who invoked the program was root
PID: Burpsuite’s PID is 76709.
%CPU: The program is using 28.8% of CPU.
%MEM: The program is using 14.6% of memory.
top: Find the Most Resource Intensive Application
By default, the “ps” command displays processes in the order they were started as they are ordered by PID number. As an administrator, we want to know which processes use the most resources. The “top” command displays the processes ordered by resources used, starting with the largest and refreshes the list dynamically every 10 seconds. You can watch and monitor the resource hungry processes.
Managing Processes
System administration requires multiprocessing; managing processes efficiently to best use system resources is an essential part of the job.
nice: Changing Process Priority
The “nice” command changes the priority of a process within the kernel. Since numerous processes run on the system at once, they all fight for available resources. While the kernel determines the priority of any process, you can use the “nice” command to suggest that a process should be elevated in priority.
While the nice command lets you execute a program/process with modified scheduling priority, the renice command allows you to change the scheduling priority of an already running process.“nice” values for range from −20 to +19, with the default value being zero. A high “nice” value gives a process a low priority, while a low “nice” value gives a process a high priority. Newly initiated processes inherit the nice value of its parent process. The process owner can lower its priority but not increase its priority unless they are a superuser or root user The idea behind the use of the term nice is that, when you use it, you’re determining how “nice” you’ll be to other users: if your process is using most of the system resources, you aren’t being very nice.
Setting the Priority When Starting a Process
Assume you have a process named aprocess that’s located at /bin/aprocess. If we wanted it to speed up its completion, we could start the process with the nice command:
nice -n -10 /bin/aprocess
This command would increment the nice value by -10, making it “less” nice and increasing its priority by allocating it more resources. Alternatively, if we want to be nice to other processes and give aprocess a lower priority, we could increment its nice value positively by 10:
nice -n 10 /bin/aprocess
Changing the Priority of a Running Process
The renice command takes an absolute values between –20 and 19 and sets the priority to that particular level, versus the “nice” command that increases or decreases from the level at which it started. In addition, renice requires the PID of the process you are targeting rather than the name. So, if aprocess is using too many resources on your system and you want to give it a lower priority, thus allowing other processes a higher priority and more resources, you could renice the aprocess and give it a much higher nice value, like so:
renice 20 6943 (the PID of aprocess on this particular machine)
While only the root user can renice a process to a negative value to give it higher priority, any user can be nice and reduce priority withrenice.
Killing Processes
Sometimes a process, known as a ‘zombie process’ consumes too many system resources, behaves in unexpected ways and even freezes up. When identified, you may want to stop a zombie with the “kill” command. There are 64 ways to kill a program, and each does something different. The “kill” command syntax is “kill-signal PID, where the signal switch is optional. If you don’t provide a signal flag, it defaults to SIGTERM.
| Signal Names | Number for Option | Description |
|---|---|---|
| SIGHUP | 1 | This is known as the Hangup (HUP) signal. It stops the designated process and restarts it with the same PID. |
| SIGINT | 2 | This is the Interrupt (INT) signal. It is a weak kill signal that isn’t guaranteed to work, but it works in most cases. |
| SIGQUIT | 3 | This is known as the core dump. It terminates the process and saves the process information in memory, and then it saves this information in the current working directory to a file named core. |
| SIGKILL | 9 | This is the absolute kill signal. It forces the process to stop by sending the process’s resources to a special device, /dev/null. |
| SIGSEGV | 11 | Segment Violation |
| SIGTERM | 15 | This is the Termination (TERM) signal. It is the kill command’s default kill signal. |
| SIGSTOP | 17 | Stops unconditionally, but doesn’t terminate |
| SIGTSTP | 18 | Stops or pauses, but continues to run in background. |
| SIGCONT | 19 | Resumes execution after STOP or TSTP |
Using the top command, you can identify which processes are using too many resources; often, those processes will be legitimate, but there may be malicious processes taking resources that you’ll want to kill.
If you just want to restart a process with the HUP signal, enter the -1 option with kill, like so:
kill -1 6996
In the case of a zombie or a malicious process, you likely want to send the kill -9 signal, the absolute kill signal, to the process. This makes cer tain that the process is terminated.
kill -9 6996
If you don’t know a process’s PID, you can use the killall command to kill the process. This command takes the name of the process, instead of the PID, as an argument.
For example, you could terminate a hypothetical zombieprocess like this:
killall -9 zombieprocess
Finally, you can also terminate a process in the top command. Simply press the K key and then enter the PID of the offending process.
Running Processes in the Background
In Linux you are always working within a shell and when you execute a command, the shell waits until the command is completed before offering another command prompt. Rather than waiting for the script to complete, you may want a process to run in the background. For instance, say we want to start up Firefox:
command_prompt > firefox
In this case, the bash shell opens Firefox. While the browser is open, the terminal is occupied with running the text editor and we have no new prompt to allow us to enter more commands. In order to save resources and screen space, you can start the browser running in the background. Running a process in the back ground simply means that it will continue to run without needing the terminal. To start a process in the background, append an ampersand (&) to the end of the command, like so:
command_prompt >firefox &
Now, when the browserr opens, the terminal returns a new command prompt so we can enter other commands on the system while browsing the internet. This is effective for any process that may run for a significant length of time when you want use the terminal.
Moving a Process to the Foreground
The “fg” command moves a process from running in the background to the foreground. The fg command requires the PID of the process you want to return to the foreground, as shown next. If you don’t know the PID, you can use the ps command to find it.
Scheduling Processes
System administrators need to schedule processes, like a regular back up, to run at a particular time of day. A system administrator might want to schedule a system backup to run every Saturday night at 2 am, for example.In Linux, you can accomplish this in at least two ways, with “at or with “crond”.
The “at” command is a daemon; a background process useful for scheduling a job to run once at some point in the future. The “crond” process is more suited for scheduling regularly recurring tasks.
at Deamon
We use the at daemon to schedule the execution of a command or set of commands in the future. The “at” command syntax is simply “at” followed by the time to execute the process. The time argument can be provided in various formats. When you enter the at daemon with the specified time, at goes into interactive mode and you are greeted with an at> prompt. This is where you enter the command you want executed at the specified time.
command_prompt>at 7:20am
at >/root/myscanningscript
This code snippet will schedule myscanningscript to execute today at 7:20 am.
Time format
The table below outlines a number of “at” related commands.
Command Meaning
at 6:33pm Scheduled to run at 6:33pm on the current day.
at noon Scheduled to run at noon on the current day
at noon September 21 Scheduled to run at noon on the September 21
at now + 5 days Scheduled to run in five days from the current date
at tomorrow Schedule to run tomorrow
