Linux Processes and System Monitoring
Linux Processes and System Monitoring
Processes represent the running programs and tasks on a Linux system. Every action in Linux—opening a browser, running a command, or executing a script—creates a process.
For cybersecurity professionals and system administrators, monitoring processes helps detect malicious programs, unusual activity, or system performance issues.
1. Understanding System Processes
A process is an instance of a program currently executing on the system.
Examples of processes include:
- Web servers
- Database servers
- System services
- Security monitoring tools
Each process has a unique Process ID (PID) used by the operating system to track and manage it.
Types of Processes
| Process Type | Description |
|---|---|
| Foreground Process | Runs directly in the terminal |
| Background Process | Runs without user interaction |
| System Process | Runs in the background for system operations |
| Daemon Process | Long-running background services |
Example of running a process in the background:
firefox &
The & symbol sends the process to the background.
2. Viewing Running Processes
Linux provides several commands to view running processes and system activity.
Using ps (Process Status)
The ps command displays currently running processes.
Example:
ps
To see all processes running on the system:
ps aux
Example output:
USER PID %CPU %MEM COMMAND
root 1023 0.2 1.0 sshd
student 2456 1.3 2.5 firefox
Explanation:
| Column | Meaning |
|---|---|
| USER | Owner of the process |
| PID | Process ID |
| %CPU | CPU usage |
| %MEM | Memory usage |
| COMMAND | Program running |
This command is useful when investigating suspicious or unknown processes.
Using top
The top command provides a real-time view of system processes.
top
It displays:
- CPU usage
- Memory usage
- Running processes
- System load
Features:
- Updates automatically
- Shows most resource-consuming processes
- Helps diagnose performance issues
Exit with:
q
Using htop
htop is an improved and interactive version of top.
Features include:
- Color-coded interface
- Mouse support
- Easier process management
- Tree view of processes
If not installed, it can be installed using:
sudo apt install htop
Run:
htop
This tool is widely used by system administrators and security analysts.
3. Managing Processes
Sometimes processes may freeze, consume too many resources, or behave suspiciously. Linux provides commands to terminate or control such processes.
Using kill
The kill command terminates a process using its PID.
Example:
kill 2456
This sends a signal to terminate the process.
Force kill a process:
kill -9 2456
Explanation:
| Signal | Meaning |
|---|---|
| 15 | Graceful termination |
| 9 | Forceful termination |
The -9 signal is used when a program refuses to close normally.
Using pkill
The pkill command terminates processes by name instead of PID.
Example:
pkill firefox
This stops all processes named firefox.
This is useful when multiple instances of a program are running.
4. System Resource Monitoring
Monitoring system resources is important for:
- Detecting performance problems
- Identifying malware
- Preventing system overload
Key system resources include:
| Resource | Description |
|---|---|
| CPU | Processing power |
| RAM | Memory usage |
| Disk | Storage usage |
| Network | Data traffic |
Useful commands include:
Check memory usage:
free -h
Check disk space:
df -h
Check disk usage of directories:
du -h
These commands help administrators identify resource-heavy programs.
5. Managing System Services
Linux uses services to run important background functions like networking, logging, and web servers.
Modern Linux systems manage services using systemd, controlled with the systemctl command.
Checking Service Status
systemctl status ssh
This displays the status of the SSH service.
Starting a Service
sudo systemctl start apache2
Stopping a Service
sudo systemctl stop apache2
Restarting a Service
sudo systemctl restart apache2
Enabling a Service at Startup
sudo systemctl enable apache2
Disabling a Service
sudo systemctl disable apache2
Cybersecurity Importance of Process Monitoring
Monitoring processes helps security professionals:
- Detect malware or unauthorized programs
- Identify suspicious system activity
- Prevent resource exhaustion attacks
- Investigate compromised systems
Attackers often hide malicious software as background processes, so process monitoring is a critical security practice.
Module Summary
In this module, students learned:
- What Linux processes are
- How to view processes using
ps,top, andhtop - How to stop processes using
killandpkill - How to monitor system resources
- How to manage system services using
systemctl
These skills are essential for Linux administration, incident response, and cybersecurity operations.