Process Management Commands

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey, Cybrarians. Welcome back to
00:00
the Linux Plus course here at Cybrary,
00:00
I'm your instructor, Rob Goelz.
00:00
In today's lesson, we're going to be talking
00:00
about process management commands.
00:00
Upon completion of this lesson,
00:00
you're going to be able to understand
00:00
>> how to examine processes,
00:00
>> as well as explain how to determine
00:00
what files are being used by a process.
00:00
Then later in this lesson,
00:00
we'll see how to use the commands ps,
00:00
lsof, and pgrep during a demo.
00:00
In Linux, we use the process status
00:00
or ps command to view processes.
00:00
Running that ps command without any options
00:00
is just going to list very bare-bones output.
00:00
You're going to see process ID,
00:00
any terminal where the process is running.
00:00
You're going to see the length of CPU time
00:00
>> that the process has been running,
00:00
>> and then you'll actually see the command
00:00
itself that the process is tied to.
00:00
Now, the PS command has been around
00:00
for a really, really long time.
00:00
It's gathered a lot of options
00:00
>> and a lot of syntax that's specific
00:00
>> to where it came from.
00:00
>> For example, there are two different ways
00:00
>> to display all processes on the system.
00:00
>> For one, you could use ps -ef.
00:00
Another way that you can display all processes
00:00
is using the BSD syntax.
00:00
Again, this is all the way back to the BSD days,
00:00
so you do ps aux,
00:00
and they will also display all processes.
00:00
Now, ps aux displays more info such as process state,
00:00
that's what I prefer to use,
00:00
but you should certainly take
00:00
some time to look into the ps command,
00:00
play around with it and see what works for you.
00:00
Now, the lsof command lists open files,
00:00
get it; ls lists open files of, lsof.
00:00
Now, when used with no options,
00:00
it will list all of the files on the OS,
00:00
which is a mess,
00:00
so it's really helpful more
00:00
so when you're trying to find files that are in use.
00:00
Maybe you're trying to find files
00:00
>> that are in use in a directory because
00:00
>> you're trying to unmount the directory,
00:00
>> and they're still files that are open,
00:00
and you can't get it to unmount cleanly.
00:00
You do lsof,
00:00
and then you pass in the directory information,
00:00
and it will tell you about
00:00
>> what files are still open in the directory
00:00
>> and generally by whom.
00:00
>> Then you might also want to look and just see
00:00
what files are opened by a particular user,
00:00
so you can say lsof -u and then the username.
00:00
But for the purposes of our discussion,
00:00
the most important lsof option
00:00
is to display files used by a process
00:00
>> and the way to do that is
00:00
>> with the lsof -p options,
00:00
so P for process; lsof -p
00:00
>> and then the process ID
00:00
>> will tell you about all the files
00:00
>> that are opened for that process.
00:00
>> Now, the ps command does display a lot of output,
00:00
so generally it gets piped to grep.
00:00
We do command redirection with the pipe,
00:00
and we set it to grep
00:00
>> to search for a particular string.
00:00
>> For example, we might do ps aux
00:00
>> and then pipe grep Network Manager to find
00:00
>> all of the network manager processes
00:00
that are running on our system.
00:00
However, Linux also provides the pgrep command,
00:00
and that takes in the grep string and queries ps,
00:00
so it basically works the exact same way doing
00:00
ps aux and then going and grepping something.
00:00
But instead you can just run the pgrep command,
00:00
and you don't have to worry about using
00:00
the command redirection to take care of that.
00:00
You could just do pgrep -l
00:00
>> and then provide a string that will return in
00:00
>> the process ID and process name.
00:00
Or you do pgrep -a,
00:00
and then the string has to return
00:00
the PID and the full command string.
00:00
You can see some examples of that over on
00:00
the right-hand side in the top image.
00:00
Now, where pgrep really shines is when you're trying to
00:00
find a process that is being used by a particular user.
00:00
For example, you do pgrep -au,
00:00
and then rob or whatever user.
00:00
Let's take a look at all of these commands
00:00
with some demo time.
00:00
Here we are in our demo environment,
00:00
and today, we're going to be in CentOS.
00:00
First off, we'll go ahead and run
00:00
the ps command and as we can see by itself,
00:00
it's only my processes.
00:00
There's very little information here.
00:00
But really, we see that it just has the PID,
00:00
the terminal that's running in,
00:00
the time that things had been
00:00
running on the system in the CPU,
00:00
and what command was actually run, hence here,
00:00
the only processes that I'm running, are bash
00:00
>> and the ps command that I just ran.
00:00
>> We could actually see that that process ID
00:00
>> for batch hasn't changed to 2,781.
00:00
>> But I've run ps twice
00:00
now and that process ID for that has
00:00
changed greatly from 3,707-3,722.
00:00
Now, let's run ps aux and holy moly,
00:00
that's a ton of information.
00:00
Now, we can see all of these running processes.
00:00
We can see the user,
00:00
we can see their states.
00:00
You can see their time.
00:00
>> You can see the commands that were run,
00:00
>> and it's just a mess of information.
00:00
This is generally
00:00
>> where you start piping things to grep,
00:00
>> to try and get things out.
00:00
For example, I could do a ps aux,
00:00
and I could go ahead and pipe that to grep.
00:00
I can grep for my name because I only want stuff
00:00
>> that I'm running and then let's go ahead,
00:00
>> and we're going to say, let's find my bash,
00:00
so we'll do a grep for bash.
00:00
Then I'll display my username
00:00
and the bash command that's running here,
00:00
and again that's 2,781.
00:00
But how about a shorter way?
00:00
Well, let's clear the screen, so I'm going to type,
00:00
clear and also hit Control L always.
00:00
Now, what we can do is we can do pgrep -u,
00:00
then my name, and then bash.
00:00
Now, we see the same information.
00:00
We see process ID 2,781.
00:00
Now, if we want to,
00:00
we can use that information to determine
00:00
any files that are opened for this bash session.
00:00
I can do an lsof
00:00
>> and then -p remember that P option for the PID,
00:00
>> and then we say 2,781.
00:00
Now, we can see all of the files
00:00
that are open for my bash session.
00:00
Something really cool, we can get really tricky,
00:00
so what we can do now is we can take
00:00
this information we have up here for the pgrep,
00:00
and it just returns this number 2,781.
00:00
Well, just to save ourselves some time,
00:00
we can actually use a sub-shell.
00:00
Sub-shell is always going to be dollar.
00:00
You open a parenthesis and paste in
00:00
the information you want and close the parenthesis.
00:00
What's going to happen is it's going to
00:00
execute this command in the sub-shell,
00:00
and it's going to pass that information back to lsof.
00:00
This is going to be the equivalent of running
00:00
lsof -p 2,781,
00:00
but it's going to get that information
00:00
>> out of the pgrep.
00:00
>> We don't have to run two commands
00:00
to get the same information.
00:00
We can hit Enter,
00:00
>> and now we see the same information we saw before
00:00
>> when we manually put it in the process ID.
00:00
>> But here, we've just got it for the pgrep command.
00:00
With that, we've reached the end of this lesson.
00:00
In this lesson we covered how to examine
00:00
processes with ps and pgrep,
00:00
and then we also talked about determining
00:00
files in use with lsof.
00:00
Thanks so much for being here,
00:00
and I look forward to seeing you in the next lesson.
Up Next