Discover hidden Trojans and viruses using Unix System Processes

In general, in an operating system, a process is an activity that runs a program on a computer to execute an instance. When we run a program instance, a process is started. The Unix operating system assigns a unique process identification number to each process. Each process has a UID assigned to all processes called by that user. Each process has a priority. The scheduler uses it to determine the next running process. This is what we call the management process. Processes can be divided into system processes and user processes. System processes are mainly used to complete the functions of the operating system, and application processes are user processes.

The importance of a process is reflected in the fact that you can observe it to determine which programs are running in the system, so that when the anti-virus software or anti-virus software fails to be updated in time, detect and manually clear viruses or Trojans in time.

View processes in Unix

In Unix, users and processes on the system can be monitored, and priority of processes can be changed and processes can be stopped.

First, we can use the "w" command to monitor users and processes and display who are registered and what they are doing. 1.

498) this. style. width = 498; "border = 0>

Figure 1

Second, run the "ps" command to display the click Print of the Process status. Ps has many options, which are listed here only. For more information, see related materials.

A lists all processes related to the terminal.

X lists all processes, including those that are not connected to a terminal, such as background processes.

L or-l long list provides more fields (alternative format)

U lists user-oriented fields, such as user (name) and STARTED (process start time)

-E: list all processes except core processes (similar to ax)

Some fields in the process display are described as follows:

COMMAND or program

CP short-term CPU utilization

% CPU usage percentage

F process flag

% MEM actual memory utilization percentage

NI process scheduling increment; nice Value

PID process identification number

PPID parent process identification number

PRI process priority

The status of the STAT process, represented by character sequences, as shown in table 1.

498) this. style. width = 498; "border = 0>

Table 1

Time cpu used currently

TT control TTY device name

User ID of the UID process owner

The following lists several instances. We can view different contents through different commands.

Example 1. List all processes related to the terminal and run the following command:

# Ps

The result 2 is displayed.

498) this. style. width = 498; "border = 0>

Figure 2

Example 2: List all processes related to the terminal, list user-oriented fields, and run the following command:

# Ps au

Result 3 is displayed.

498) this. style. width = 498; "border = 0>

Figure 3

Example 3: view the details of all processes related to the terminal and run the following command:

# Ps la

The Result 4 is displayed.

498) this. style. width = 498; "border = 0>

Figure 4

Example 4: view detailed information about all processes related to the terminal, including background processes. Run the following command:

# Ps lax

The result 5 is displayed.

498) this. style. width = 498; "border = 0>

Figure 5

Example 5: view the details of all processes except the core process. Run the following command:

# Ps-le

The result 6 is displayed.

498) this. style. width = 498; "border = 0>

Figure 6

Example 6: view all processes except the core process and run the following command:

# Ps-e

Result 7 is displayed.

498) this. style. width = 498; "border = 0>

Figure 7

Kill processes in Unix

A Unix process can be suspended or terminated by its owner or superuser.

When you want to suspend your own processes running on the front-end in the korn or C Shell environment, press Ctrl + Z. You can use fg to continue the process on the foreground, or use bg to continue the process on the background.

To suspend your own or other processes, you can send a STOP signal (17 ). The Kill (1) command is used to send signals to a process. For example, # kill-signal pid.

To terminate a process, use the # kill-9 pid, for example, "# kill-9 637 ". 8.

498) this. style. width = 498; "border = 0>

Figure 8

In this way, the Unix terminal is assigned to KILLED. 9.