In Linux, processes are instances of programs that are being executed. Each process has its own memory space and system resources. Understanding how to work with processes is crucial in cybersecurity for tasks like monitoring, killing malicious processes, managing system resources, and analyzing system performance. This section will cover essential commands for managing processes in Linux, as well as tools to view and manipulate processes.

What is a Process?

A process is a running instance of a program. It can be a simple command like ls or a complex system program like sshd (the SSH daemon). Processes are assigned unique IDs known as Process IDs (PIDs).

Each process is created when a program is executed and is assigned:

• PID (Process ID): A unique identifier for the process.
• PPID (Parent Process ID): The PID of the process that created the current process.
• UID (User ID): The ID of the user who started the process.
• GID (Group ID): The group ID of the user who started the process.
• Priority (nice value): Determines the scheduling of processes.

Viewing Running Processes

To view running processes, you can use commands like ps, top, htop, and pgrep.

ps (Process Status)

• The ps command shows a snapshot of the current processes.
• You can use different options to get detailed information about processes.
  • ps aux: Shows all processes running on the system.
  • ps -ef: Displays a full-format listing of all running processes.
• Output:

USER  | PID  | %CPU | %MEM | VSZ   | RSS   | TTY   | STAT | START | TIME | COMMAND
user1 | 1234 | 0.0  | 0.1  | 5232  | 2348  | pts/0 | S    | 10:12 | 0:00 | bash
root  | 4567 | 0.1  | 2.5  | 34560 | 15684 | tty1  | Ss   | 09:45 | 0:12 | /sbin/init

• USER: The owner of the process.
• PID: The Process ID.
• %CPU: CPU usage percentage.
• %MEM: Memory usage percentage.