Archive for the tag 'processes'


Finding zombie processes

Finding zombie processes

If you have a server which is not working very well, it is possible that the process that you want to use is in a zombie state. You can see that there is a zombie process with top for example.

But with top you can’t not always see which process it is.

If we use the following command we can see which process are zombies.

ps -el | grep ‘Z’

With a normal ps -el command you see an output with in the second column the state of the process.

Here are some states:

S : sleeping
R : running
D : waiting
Z : zombie (defunct)

Chkrootkit outputs hidden processes and LKM warnings.

The LKM appear whenever “hidden” processes are found. They’re usually processes that have started between the different checks that chkrootkit runs while processing. Usually, they’re named mysql httpd or exim processes. You can get more information about which processes are being caught using:

cd /root/chkrootkit-0.*
./chkrootkit -x lkm

When you run it you will probably find that it returns anything from none to several process

Kill all processes matching certain strings.

This guide will help you to know how to kill all processes matching certain strings, for our example we will use httpd.

One very simple method is killall, such as

killall -9 httpd

If that doesn’t work you can go through the process list and kill -9 the pids by using the following,

kill -9 $(ps aux | grep -v grep | grep httpd | awk ‘{print $2}’)

Where httpd is the string.

renice — alter priority of running processes

Renice alters the scheduling priority of one or more running processes. The following who parameters are interpreted as process ID’s, process group ID’s, or user names. a process group causes all processes in the process group to have their scheduling priority altered. a user causes all processes owned by the user to have their scheduling priority altered. By default, the processes to be affected are specified by their process ID’s.

For example,

renice +1 987 -u daemon root -p 32

would change the priority of process ID’s 987 and 32, and all processes owned by users daemon and root.

Users other than the super-user may only alter the priority of processes they own, and can only monotonically increase their “nice value” within the range 0 to PRIO_MAX (20). (This prevents overriding administrative fiats.) The super-user may alter the priority of any process and set the priority to any value in the range PRIO_MIN (?20) to PRIO_MAX. Useful priorities are: 20 (the affected processes will run only when nothing else in the system wants to), 0 (the “base” scheduling priority), anything negative (to make things go very fast).


Some common Linux kernel processes

Some common Linux kernel processes

kjournald Commits ext3 journal updates to disk
kswapd Swaps processes when physical memory is low
kreclaimd Reclaims memory pages that haven’t been used recently
ksoftirqd Handles multiple layers of soft interrupts
khubd Configures USB devices

There is one kjournald for each mounted ext3 filesystem.

Among these processes, only init is really a full-fledged user process. The others are actually portions of the kernel that have been dressed up to look like processes for scheduling or architectural reasons.

Next »