0Sec
0Sec
0Sec
  • Spider Security
  • offensive security
    • OSCP
      • WriteUps
        • PortSwigger
          • SQL injection labs
          • Exploiting XXE to retrieve data by repurposing a local DTD
        • PentesterLabs
          • Recon
        • HTB
          • BoardLight
          • Lame
        • THM
          • Walkthroughs
            • Attacktive Directory
            • LineKernel
            • Day 1 — Linux PrivEsc
          • CTF
            • Page
            • BLUE
            • mKingdom
            • RazorBlack
      • Module 1 (General Info)
      • Module 2 (Getting Kali)
        • Leason 1 - Booting Up Kali Linux
        • Leason 2 - The Kali Menu
        • Leason 4 - Finding Your Way Around Kali
        • Leason 5 - Managing Kali Linux Services
      • Module 3 (CLI)
        • The Bash Environment
        • Piping and Redirection
        • Text Searching and Manipulation
          • Regular
        • Managing Processes
        • File and Command Monitoring
      • Module 4 (Practical Tools)
        • Netcat
        • Socat
        • PowerShell & Powercat
        • Wireshark
        • Tcpdump
      • Module 5 (Bash Script)
      • Module 6 (Passive Info Gathering)
      • Module 7 ( Active Info Gathering)
      • Module 8 (Vulnerability Scanning)
      • Module 9 (Web Application Attacks)
        • Cross Site Scripting (XSS)
        • local file inclusion & remote file inclusion
          • Exploit LFI
        • SQL injection
          • Blind Boolean based SQL & Evasion Techniques
          • SQL
          • Login bypass List
        • File upload
        • Remote code execution
      • Module 10 ( Intro Buffer OverFlow)
      • Module 11 (Widows Buffer OverFlow)
        • Buffer OverFlow Challange
      • Module 12 (Linux Buffer OverFlows)
      • Module 13 (Clint Side Attacks)
      • Module 14 (Locating Public Exploits)
      • Module 15 (FIxing Exploits)
      • Module 16 (File Transfers)
      • Module 17 (Antivirus Evasion)
        • Windows
      • Module 18 (Privllege Escalation)
        • Windows
          • Checklist
          • THM - Windows PrivEsc Arena
        • Linux
          • Checklist
          • Linux PrivEsc Arena
      • Module 19 (Password Attacks)
      • Module 20 (Port Redirection and Tunneling)
      • Module 21 (Active Directory Attacks)
        • adbasics_v1.2
      • Module 22 (Metasploit Framwork)
      • Module 23 (Powershell Empire)
      • Course Materials
  • SANS
  • AppSec
    • EWAPTX
      • PHP Type Juggling
      • CSP
      • SqlI
        • Information_schema
        • WriteUps
      • SSTI & CSTI
      • XSS_HTML Injection
      • CORS Attack
      • Clickjacking
      • Open redirect
      • JSONP
      • LFI && LFD && RFI
      • HTTP Host header attacks
      • CSRF
      • XML injection
      • XML external entity (XXE) injection
      • APIs & JWT attacks
      • Insecure Deserialization
      • OAUTH 2.0 authentication vulnerabilities
      • Host Header Injection
      • Insecure Direct Object References (IDOR)
  • Reverse Eng & Malware dev
    • Internals
      • Windows internals
        • Topics in GitHub
        • Chapter 1 Concepts and tools
        • Chapter 2. System architecture
        • Chapter 3. Processes and jobs
        • Chapter 4. Threads
        • Chapter 5. Memory management
        • Chapter 6. I/O system
        • Chapter 7. Security
      • Linux internals ⇒ Soon
      • MacOs X internals ⇒ Soon
  • cheat sheet
    • Pentest_Notes
    • Linux BOF & Wireless Attacks
    • WriteUps
Powered by GitBook
On this page
  • How To Works Processes in Linux ?
  • Stages of a Process in Linux
  • pstree
  • Types of Linux Processes
  • Commands Used to Manage Processes in Linux
  1. offensive security
  2. OSCP
  3. Module 3 (CLI)

Managing Processes

PreviousText Searching and ManipulationNextFile and Command Monitoring

Last updated 10 months ago

How To Works Processes in Linux ?

Stages of a Process in Linux

In Linux, a process goes through several stages during its lifetime. Understanding these stages and checking how they run in the background is important for process management and troubleshooting. The states of a process in Linux are as follows:

  1. Created: A process is created when a program is executed. At this stage, the process is in a "created" state, and its data structures are initialized.

  2. Ready: The process enters the "ready" state when it is waiting to be assigned to a processor by the Linux scheduler. At this stage, the process is waiting for its turn to execute.

  3. Running: The process enters the "running" state when it is assigned to a processor and is actively executing its instructions.

  4. Waiting: The process enters the "waiting" state when it is waiting for some event to occur, such as input/output completion, a signal, or a timer. At this stage, the process is not actively executing its instructions.

  5. Terminated: The process enters the "terminated" state when it has completed its execution or has been terminated by a signal. At this stage, the process data structures are removed, and its resources are freed.

  6. Zombie: A process enters the "zombie" state when it has completed its execution but its parent process has not yet read its exit status. At this stage, the process details still have an entry in the process table, but it does not execute any instructions. The zombie process is removed from the process table when its parent process reads its exit status.

pstree

pstree -p -s PID

Types of Linux Processes

Processes are classified into 2 types in Linux Distributions:

  1. Foreground Processes (FG)

  2. Background Processes (Non-Interactive Processes):

Commands Used to Manage Processes in Linux

  1. ps: This command is used to display information about running processes. The "ps" command can be used to list all processes or filter the list based on various criteria, such as the user who started the process, the process ID (PID), and the process status. 

➜  ~ ps 
    PID TTY          TIME CMD
 209975 pts/1    00:00:00 zsh
 212977 pts/1    00:00:00 ps

  1. top: This command is used to display a real-time view of system processes. The "top" command provides information about the processes running on the system, including their resource usages, such as CPU and memory.

  3. nice: This command is used to adjust the priority of a process. Higher-priority processes get more CPU time than lower-priority processes. The "nice" command can be used to increase or decrease the priority of a process, which affects its CPU usage.

  4. renice: This command is used to change or adjust the priority of a running process, which affects its CPU usage.

  5. pkill: This command is used to send a signal to a process to request it to terminate. The "pkill" command can be used with a current process name or a regular expression to match multiple processes.

  6. top: This command is used to display a real-time view of system processes. The "top" command provides information about the processes running on the system, including their resource usages, such as CPU and memory.

  7. jobs: This command is used to display a list of background jobs running in the current shell session.

  8. fg: This command is used to move a background process to the foreground. The "fg" command can be used with the job ID of the background process.

  9. bg: This command is used to move a suspended process to the background. The "bg" command can be used with the job ID of the suspended process.

The built-in jobs utility lists the jobs that are running in the current terminal session, while fg returns a job to the foreground. These commands are shown in action below:

ping -c 400 ::1 > ping_results.txt
^Z
zsh: suspended  ping -c 400 ::1 > ping_results.txt
jobs 
[1]    running    sleep 90000
[2]  - suspended  ping -c 400 ::1
[3]  + suspended  ping -c 400 ::1 > ping_results.txt

FG

fg %1

In Unix-like operating systems, backgrounding a process refers to running a process in the background, allowing the user to continue using the terminal for other tasks while the background process continues to run. This can be particularly useful for long-running tasks. Here’s a quick guide on how to manage background processes using the bg command and other related commands.

Starting a Process in the Background

When you start a process, you can run it in the background by appending an ampersand (&) to the command. For example:

long_running_command &

Stopping and Backgrounding a Running Process

If you have already started a process in the foreground and want to move it to the background, you can do so using the following steps:

  1. Suspend the process: Press Ctrl+Z to stop (pause) the running process and put it into the background in a suspended state.

  2. Background the process: Use the bg command to resume the process in the background.

    bg

Listing Background Jobs

To see a list of all background jobs, use the jobs command:

jobs

This will show a list of jobs along with their job IDs, states, and the commands that started them.

Bringing a Background Job to the Foreground

If you need to bring a background job back to the foreground, use the fg command followed by the job ID. For example:

fg %1

This command will bring job number 1 to the foreground.

Sending a Running Process to the Background

If you want to send a currently running process to the background without suspending it first, you can start the process in the background using the ampersand (&) as shown above. However, for processes that are already running in the foreground, you must first suspend them using Ctrl+Z, and then background them using bg.

Example Workflow

Here is an example workflow that demonstrates these commands:

  1. Start a process in the foreground:

    sleep 100

  2. Suspend the process:

    [Ctrl+Z]

    Output will be similar to:

    [1]+  Stopped                 sleep 100

  3. Move the suspended process to the background:

    bg

    Output will be:

    [1]+ sleep 100 &

  4. Check the background jobs:

    jobs

    Output will be similar to:

    [1]+  Running                 sleep 100 &

  5. Bring the background process to the foreground:

    fg %1

    This brings job number 1 back to the foreground.

Summary

  • Start a process in the background: command &

  • Suspend a running process: Ctrl+Z

  • Resume a suspended process in the background: bg

  • List background jobs: jobs

  • Bring a background job to the foreground: fg %job_id

Understanding how to manage background processes can significantly improve your productivity when working with the command line in Unix-like operating systems.

There are several used in process management in Linux. Here are some of the most commonly used commands:

kill: This command is used to . The "kill" command can be used with the process ID (PID) of the process or with a signal number to request a specific action.

commands
terminate a process
Procecces Worls