ps ax
This will result a table, with those headers:
PID TTY STAT TIME COMMAND
PID - a number representing the process id.
TTY - the terminal the command started from
STAT - the status of the process (google "PROCESS STATE CODES")
The most common are:
R Running or runnable (on run queue)
S Interruptible sleep (waiting for an event to complete)
Z Defunct ("zombie") process, terminated but not reaped by its parent.
s is a session leader
l is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)
+ is in the foreground process group
COMMAND - the path of the process.
If you add the "u" flag like
ps aux
you will get more detailed info about the process like the owner of the process, CPU and memory usage and more.There are some malicious processes that can hide themselves from listing at the ps command.
You can reveal them by executing the unhide command. The unhide command can discover a hiding process by searching in three ways: proc, sys and brute.
The proc technique consists of comparing /proc with the output of /bin/ps.
The sys technique consists of comparing information gathered from /bin/ps with information gathered from system calls.
The brute technique consists of bruteforcing the all process IDs. This technique is only available on Linux 2.6 kernels.
unhide proc
unhide sys
unhide unhide brute
It is a good practice to
Αναρτήσεις
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου