In my use case, I have to launch many processes with the same name. This confuses me a lot because I can distinguish them only by checking the PID.
I was wondering if there exists some kind of additional field/info/label that the user can set/retrieve for this purpose.
I already know that I can rename a process using for example:
#include <sys/prctl.h>
prctl(PR_SET_NAME, "Test");
but I was looking for alternate,less-invasive solutions which do not change the process name..
Why do you even want this?
Every process knows who has started it, as you can see in this excerpt of ps -ef:
Linux Prompt>ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 15:05 ? 00:00:00 /init
root 7 1 0 15:05 tty1 00:00:00 /init
scampsd 8 7 0 15:05 tty1 00:00:00 -bash
scampsd 80 8 0 15:08 tty1 00:00:00 ps -ef
The information you want is in the UID column.
Same with the well-known top command (just an excerpt):
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 8940 316 272 S 0.0 0.0 0:00.10 init
7 root 20 0 8940 224 180 S 0.0 0.0 0:00.00 init
8 scampsd 20 0 18212 3836 3732 S 0.0 0.0 0:00.16 bash
81 scampsd 20 0 18920 2144 1528 R 0.0 0.0 0:00.03 top
The information you want is in the USER column.
So I don't see any reason to add information, which is already available.
Related
I used Alibaba Cloud ECS to set up a server. In the past 2 months, this is the third time it has been attacked by a mining virus, so I want to get a solution here. The following are my attempts to some public answers on the Internet, but they didn’t succeed in the end
top output:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
552060 root 20 0 2873424 2.3g 2712 S 129.4 3.7 51:33.70 kdevtmpfsi
551850 root 20 0 3070036 2.3g 2712 S 123.5 3.7 47:00.41 kdevtmpfsi
552074 root 20 0 3070032 2.3g 2712 S 123.5 3.7 49:39.04 kdevtmpfsi
23883 1000 20 0 6785676 408104 26328 S 5.9 0.6 2:09.43 java
564739 root 20 0 227268 4788 3868 R 5.9 0.0 0:00.02 top
1 root 20 0 170004 12132 9124 S 0.0 0.0 0:03.19 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par_gp
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/0:0H-events_highpri
8 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_percpu_wq
9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_tasks_rude_
10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_tasks_trace
11 root 20 0 0 0 0 S 0.0 0.0 0:00.25 ksoftirqd/0
12 root 20 0 0 0 0 I 0.0 0.0 0:21.31 rcu_sched
13 root rt 0 0 0 0 S 0.0 0.0 0:00.01 migration/0
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/0
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/1
16 root rt 0 0 0 0 S 0.0 0.0 0:00.58 migration/1
17 root 20 0 0 0 0 S 0.0 0.0 0:00.78 ksoftirqd/1
19 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/1:0H-events_highpri
kill -9 PID not work (kdevtmpfsi will restart in 1 minute)
There is no kdevtmpfsi file in the /tmp path
systemctl status PID also not work
nothing in the crontab
use find / -iname kdevtmpfsi* -exec rm -fv {} ;
Terminal commands tried:
[root#Stock-DMP tmp]# ps -ef | grep kdevtmpfsi
root 551850 35245 99 15:02 ? 00:49:38 /tmp/kdevtmpfsi
root 552060 35687 99 15:02 ? 00:54:11 /tmp/kdevtmpfsi
root 552074 35462 99 15:02 ? 00:52:16 /tmp/kdevtmpfsi
root 565438 543813 0 15:41 pts/0 00:00:00 grep --color=auto kdevtmpfsi
[root#Stock-DMP tmp]# pwd
/tmp
[root#Stock-DMP tmp]# ll
total 12
-rw------- 1 root root 0 Jan 5 12:12 AliyunAssistClientSingleLock.lock
-rw-r--r-- 1 root root 3 Jan 5 13:00 CmsGoAgent.pid
drwx------ 3 root root 4096 Jan 5 13:00 systemd-private-cef6b94dbb0f4abbb2fb81aed53c1bdf-chronyd.service-iwnjti
drwx------ 3 root root 4096 Jan 5 13:00 systemd-private-cef6b94dbb0f4abbb2fb81aed53c1bdf-systemd-resolved.service-KyX7Wf
[root#Stock-DMP tmp]# systemctl status 551850
Failed to get unit for PID 551850: PID 551850 does not belong to any loaded unit.
[root#Stock-DMP tmp]# systemctl status 552060
Failed to get unit for PID 552060: PID 552060 does not belong to any loaded unit.
[root#Stock-DMP tmp]# systemctl status 552074
Failed to get unit for PID 552074: PID 552074 does not belong to any loaded unit.
[root#Stock-DMP tmp]# systemctl status 555438
Failed to get unit for PID 555438: PID 555438 does not belong to any loaded unit.
[root#Stock-DMP tmp]# ls -l /proc/551850/exe
lrwxrwxrwx 1 root root 0 Jan 6 15:02 /proc/551850/exe -> '/tmp/kdevtmpfsi (deleted)'
[root#Stock-DMP tmp]# ls -l /proc/552060/exe
lrwxrwxrwx 1 root root 0 Jan 6 15:02 /proc/552060/exe -> '/tmp/kdevtmpfsi (deleted)'
[root#Stock-DMP tmp]# ls -l /proc/552074/exe
lrwxrwxrwx 1 root root 0 Jan 6 15:02 /proc/552074/exe -> '/tmp/kdevtmpfsi (deleted)'
[root#Stock-DMP tmp]# ls -l /proc/555438/exe
ls: cannot access '/proc/555438/exe': No such file or directory
[root#Stock-DMP tmp]# crontab -l
no crontab for root
[root#Stock-DMP tmp]# find / -iname kdevtmpfsi* -exec rm -fv {} \;
removed '/var/lib/docker/overlay2/003f8255259b3a7551887255badebc03e3051bf7ccbf39cdabb669be17454cc9/merged/tmp/kdevtmpfsi'
removed '/var/lib/docker/overlay2/ebb11958a3df7d4dc3019a6b7f5d9f6d6e0bad8e6c8330b3cb2d994000b0d70e/merged/tmp/kdevtmpfsi'
removed '/var/lib/docker/overlay2/7782d102817437c1dc0e502b5f2ceb47f485ca9c69961b90f3d1f828074be59d/merged/tmp/kdevtmpfsi'
find: ‘/proc/571578’: No such file or directory
find: ‘/proc/571579’: No such file or directory
[root#Stock-DMP tmp]# find / -iname kinsing* -exec rm -fv {} \;
I want to know where kdevtmpfsi hacked into my server
How to delete kdevtmpfsi completely
Later defense methods (I use home network development, so it is difficult to close all ports in the security group or restrict access to designated IP)
Configuration
I have incrond 0.5.12 on CentOS 7.6 configured as follows in /etc/incron.d/example:
/var/tmp/dir IN_CREATE sh /root/incron_script.sh $#/$#
My /root/incron_script.sh simply contains the following: echo "$#" >> /tmp/incrond_log.log
What this means is that, when I create a file in var/tmp/dir, the file full path is appended to /tmp/incrond_log.log. That's it.
Problem definition
The problem is basically that, if incrond is configured to call a shell script, processes are being created and are not being stopped unless that shell script exits with something other than 0.
What I'm looking at is the output of systemctl status incrond (or ps aux | grep ..., same thing).
So below, for example, there are 2 created processes.
[root#server ~]# systemctl status incrond
● incrond.service - Inotify System Scheduler
Loaded: loaded (/usr/lib/systemd/system/incrond.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-12-11 13:39:55 +03; 11min ago
Process: 16746 ExecStart=/usr/sbin/incrond (code=exited, status=0/SUCCESS)
Main PID: 16747 (incrond)
Tasks: 498
Memory: 5.9M
CGroup: /system.slice/incrond.service
├─13687 /usr/sbin/incrond
├─13747 /usr/sbin/incrond
Testing
We create 5 files, check if their names were appended to the log (incrond is working) and check how many processes are being spawned.
mkdir -p /var/tmp/dir
rm -f /var/tmp/dir/*
echo -n > /tmp/incrond_log.log
systemctl restart incrond
for i in $(seq 1 5);
do
touch /var/tmp/dir/a$i.txt
sleep 0.5
tail -n1 /tmp/incrond_log.log
systemctl status incrond | grep /usr/sbin/incrond | wc -l
done
Expected result
I would expect incrond to fork a process for every file created at this directory but to exit immediately after since there's not much to do really.
If the log shows that the file path is in the log file, this means that the incrond process should have stopped since it did its job.
By default, there were 2 processes in systemctl status incrond, so the expected result of the command is:
/var/tmp/dir/a1.txt
2
/var/tmp/dir/a2.txt
2
/var/tmp/dir/a3.txt
2
/var/tmp/dir/a4.txt
2
/var/tmp/dir/a5.txt
2
Actual result
The actual result is:
/var/tmp/dir/a1.txt
3
/var/tmp/dir/a2.txt
4
/var/tmp/dir/a3.txt
5
/var/tmp/dir/a4.txt
6
/var/tmp/dir/a5.txt
7
Diagnosis
The problem is manifesting as zombie processes:
root 1540 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 1551 0.0 0.0 12784 672 ? S 19:49 0:00 /usr/sbin/incrond
root 1553 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 1566 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 1576 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 2339 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 2348 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 2351 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 2355 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 5471 0.0 0.0 0 0 ? Z 19:17 0:00 [incrond] <defunct>
root 5480 0.0 0.0 0 0 ? Z 19:17 0:00 [incrond] <defunct>
root 5483 0.0 0.0 0 0 ? Z 19:17 0:00 [incrond] <defunct>
root 5561 0.0 0.0 0 0 ? Z 19:17 0:00 [incrond] <defunct>
root 8012 0.0 0.0 0 0 ? Z 19:12 0:00 [incrond] <defunct>
root 8023 0.0 0.0 0 0 ? Z 19:12 0:00 [incrond] <defunct>
root 8025 0.0 0.0 0 0 ? Z 19:12 0:00 [incrond] <defunct>
root 8148 0.0 0.0 0 0 ? Z 19:12 0:00 [incrond] <defunct>
This is as far as I can inspect. I don't know how to look into this further.
The fix
If, instead of a regular exit, I exit 1, processes exit properly. So my /root/incron_script becomes: echo "$#" >> /tmp/incrond_log.log && exit 1.
My status now looks like:
[root#server ~]# systemctl status incrond
● incrond.service - Inotify System Scheduler
Loaded: loaded (/usr/lib/systemd/system/incrond.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-12-11 14:09:04 +03; 16s ago
Process: 7882 ExecStart=/usr/sbin/incrond (code=exited, status=0/SUCCESS)
Main PID: 7888 (incrond)
Tasks: 6
Memory: 220.0K
CGroup: /system.slice/incrond.service
└─7888 /usr/sbin/incrond
Dec 11 14:09:09 server.example.com incrond[7888]: PATH (/var/tmp/dir) FILE (a1.txt) EVENT (IN_CREATE)
Dec 11 14:09:09 server.example.com incrond[7888]: (system::example) CMD (sh /root/incron_script.sh /var/tmp/dir/a1.txt )
Dec 11 14:09:10 server.example.com incrond[7888]: PATH (/var/tmp/dir) FILE (a2.txt) EVENT (IN_CREATE)
Dec 11 14:09:10 server.example.com incrond[7888]: (system::example) CMD (sh /root/incron_script.sh /var/tmp/dir/a2.txt )
Dec 11 14:09:10 server.example.com incrond[7888]: PATH (/var/tmp/dir) FILE (a3.txt) EVENT (IN_CREATE)
Dec 11 14:09:10 server.example.com incrond[7888]: (system::example) CMD (sh /root/incron_script.sh /var/tmp/dir/a3.txt )
Dec 11 14:09:11 server.example.com incrond[7888]: PATH (/var/tmp/dir) FILE (a4.txt) EVENT (IN_CREATE)
Dec 11 14:09:11 server.example.com incrond[7888]: (system::example) CMD (sh /root/incron_script.sh /var/tmp/dir/a4.txt )
Dec 11 14:09:11 server.example.com incrond[7888]: PATH (/var/tmp/dir) FILE (a5.txt) EVENT (IN_CREATE)
Dec 11 14:09:11 server.example.com incrond[7888]: (system::example) CMD (sh /root/incron_script.sh /var/tmp/dir/a5.txt )
Question
So is this the expected behavior then? Why does exit 0 keep the process alive while exit 1 doesn't? Where is this documented? Any suggestions on how I can debug this further?
Updates
2018-12-12: added diagnosis (zombie threads)
This seems to be part of a larger issue with incron 0.5.12 (incron/issues/52, incron/issues/53)
Here is top and ps output I got on ubuntu version 14.04.1:
$ ps -o pid,ppid,pri,ni,cmd -p 1
PID PPID PRI NI CMD
1 0 19 0 /sbin/init
$ ps -o pid,ppid,pri,ni,cmd -p 2
PID PPID PRI NI CMD
2 0 19 0 [kthreadd]
Top Output:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 4616 3752 2584 S 0.0 0.1 0:01.84 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.11 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:00.36 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
My question is Why there is a difference in priority output of top and ps command? In top output priority value is one higher than the ps output.This is also true for the user processes.
Edit:
$ps -o pid,ppid,pri,ni,cmd -p 5
PID PPID PRI NI CMD
5 2 39 -20 [kworker/0:0H]
I think, 'ps -o' is Unix style which is different to top's BSD style.
Try Unix style ps( without '-')
ps al
I have done memory test on my cloud instance with Sysbech utility.
Using following command:
sysbench --test=memory --memory-block-size=1K --memory-scope=global --memory-total-size=100G --memory-oper=write run
During the Run:
TOP command result
I never found Mem % is increased.
but CPU usage increased upto 100%
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5664 root 20 0 78036 2704 1908 S 99.5 0.4 0:09.42 sysbench
1 root 20 0 19276 500 348 S 0.0 0.1 0:00.81 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
is it strange ?
What does Memory test in Sysbench actually mean ?
I am using Eclipse in Linux through a remote connection (xrdp). My internet got disconnected, so I got disconnected from the server while eclipse was running.
Now I logged in again, and I do the "top" command I can see that eclipse is running and still under my user name.
Is there some way I can bring that process back into my view (I do not want to kill it because I am in the middle of checking in a large swath of code)? It doesnt show up on the bottom panel after I logged in again.
Here is the "top" output:
/home/mclouti% top
top - 08:32:31 up 43 days, 13:06, 29 users, load average: 0.56, 0.79, 0.82
Tasks: 447 total, 1 running, 446 sleeping, 0 stopped, 0 zombie
Cpu(s): 6.0%us, 0.7%sy, 0.0%ni, 92.1%id, 1.1%wa, 0.1%hi, 0.1%si, 0.0%st
Mem: 3107364k total, 2975852k used, 131512k free, 35756k buffers
Swap: 2031608k total, 59860k used, 1971748k free, 817816k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
13415 mclouti 15 0 964m 333m 31m S 21.2 11.0 83:12.96 eclipse
16040 mclouti 15 0 2608 1348 888 R 0.7 0.0 0:00.12 top
31395 mclouti 15 0 29072 20m 8524 S 0.7 0.7 611:08.08 Xvnc
2583 root 20 0 898m 2652 1056 S 0.3 0.1 139:26.82 automount
28990 postgres 15 0 13564 868 304 S 0.3 0.0 26:33.36 postgres
28995 postgres 16 0 13808 1248 300 S 0.3 0.0 6:54.95 postgres
31440 mclouti 15 0 3072 1592 1036 S 0.3 0.1 6:01.54 gam_server
1 root 15 0 2072 524 496 S 0.0 0.0 0:03.00 init
2 root RT -5 0 0 0 S 0.0 0.0 0:04.53 migration/0
3 root 34 19 0 0 0 S 0.0 0.0 0:00.04 ksoftirqd/0
4 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
5 root RT -5 0 0 0 S 0.0 0.0 0:01.72 migration/1
6 root 34 19 0 0 0 S 0.0 0.0 0:00.07 ksoftirqd/1
7 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/1
8 root RT -5 0 0 0 S 0.0 0.0 0:04.33 migration/2
9 root 34 19 0 0 0 S 0.0 0.0 0:00.05 ksoftirqd/2
It is a long shot, but you could try this little program from this thread
#include <stdio.h>
#include <stdlib.h>
#include <X11/Xlib.h>
int main(int argc, char **argv)
{
if ( argc != 2 ) {
printf("Usage:\n\ttotop <window id>\n");
return 1;
}
Display *dsp = XOpenDisplay(NULL);
long id = strtol(argv[1], NULL, 16);
XRaiseWindow ( dsp, id );
XSetInputFocus ( dsp, id, RevertToNone, CurrentTime );
XCloseDisplay ( dsp );
return 0;
}
You can compile it with:
$ c++ totop.cpp -L/usr/X11R6/lib -lX11 -o totop
I assumed that you saved it in "totop.cpp".
It has problem I do not know how to fix:
if window is in another virtual desktop this program doesn't work.
Here another question rises: how to send window to current desktop?
You can get window id using xwininfo.
A little script using this program used to call Eclipse:
#!/bin/bash
if ps -A | grep eclipse; then # if Eclipse already launched
id=$(xwininfo -name "Eclipse" | grep id: | awk "{ print \$4 }")
totop $id
else # launch Eclipse
eclipse
fi