Difference in ps priority vs top priority output - linux

Here is top and ps output I got on ubuntu version 14.04.1:
$ ps -o pid,ppid,pri,ni,cmd -p 1
PID PPID PRI NI CMD
1 0 19 0 /sbin/init
$ ps -o pid,ppid,pri,ni,cmd -p 2
PID PPID PRI NI CMD
2 0 19 0 [kthreadd]
Top Output:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 4616 3752 2584 S 0.0 0.1 0:01.84 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.11 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:00.36 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
My question is Why there is a difference in priority output of top and ps command? In top output priority value is one higher than the ps output.This is also true for the user processes.
Edit:
$ps -o pid,ppid,pri,ni,cmd -p 5
PID PPID PRI NI CMD
5 2 39 -20 [kworker/0:0H]

I think, 'ps -o' is Unix style which is different to top's BSD style.
Try Unix style ps( without '-')
ps al

Related

How to remove kdevtmpfsi cryptominer malware

I used Alibaba Cloud ECS to set up a server. In the past 2 months, this is the third time it has been attacked by a mining virus, so I want to get a solution here. The following are my attempts to some public answers on the Internet, but they didn’t succeed in the end
top output:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
552060 root 20 0 2873424 2.3g 2712 S 129.4 3.7 51:33.70 kdevtmpfsi
551850 root 20 0 3070036 2.3g 2712 S 123.5 3.7 47:00.41 kdevtmpfsi
552074 root 20 0 3070032 2.3g 2712 S 123.5 3.7 49:39.04 kdevtmpfsi
23883 1000 20 0 6785676 408104 26328 S 5.9 0.6 2:09.43 java
564739 root 20 0 227268 4788 3868 R 5.9 0.0 0:00.02 top
1 root 20 0 170004 12132 9124 S 0.0 0.0 0:03.19 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par_gp
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/0:0H-events_highpri
8 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_percpu_wq
9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_tasks_rude_
10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_tasks_trace
11 root 20 0 0 0 0 S 0.0 0.0 0:00.25 ksoftirqd/0
12 root 20 0 0 0 0 I 0.0 0.0 0:21.31 rcu_sched
13 root rt 0 0 0 0 S 0.0 0.0 0:00.01 migration/0
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/0
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/1
16 root rt 0 0 0 0 S 0.0 0.0 0:00.58 migration/1
17 root 20 0 0 0 0 S 0.0 0.0 0:00.78 ksoftirqd/1
19 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/1:0H-events_highpri
kill -9 PID not work (kdevtmpfsi will restart in 1 minute)
There is no kdevtmpfsi file in the /tmp path
systemctl status PID also not work
nothing in the crontab
use find / -iname kdevtmpfsi* -exec rm -fv {} ;
Terminal commands tried:
[root#Stock-DMP tmp]# ps -ef | grep kdevtmpfsi
root 551850 35245 99 15:02 ? 00:49:38 /tmp/kdevtmpfsi
root 552060 35687 99 15:02 ? 00:54:11 /tmp/kdevtmpfsi
root 552074 35462 99 15:02 ? 00:52:16 /tmp/kdevtmpfsi
root 565438 543813 0 15:41 pts/0 00:00:00 grep --color=auto kdevtmpfsi
[root#Stock-DMP tmp]# pwd
/tmp
[root#Stock-DMP tmp]# ll
total 12
-rw------- 1 root root 0 Jan 5 12:12 AliyunAssistClientSingleLock.lock
-rw-r--r-- 1 root root 3 Jan 5 13:00 CmsGoAgent.pid
drwx------ 3 root root 4096 Jan 5 13:00 systemd-private-cef6b94dbb0f4abbb2fb81aed53c1bdf-chronyd.service-iwnjti
drwx------ 3 root root 4096 Jan 5 13:00 systemd-private-cef6b94dbb0f4abbb2fb81aed53c1bdf-systemd-resolved.service-KyX7Wf
[root#Stock-DMP tmp]# systemctl status 551850
Failed to get unit for PID 551850: PID 551850 does not belong to any loaded unit.
[root#Stock-DMP tmp]# systemctl status 552060
Failed to get unit for PID 552060: PID 552060 does not belong to any loaded unit.
[root#Stock-DMP tmp]# systemctl status 552074
Failed to get unit for PID 552074: PID 552074 does not belong to any loaded unit.
[root#Stock-DMP tmp]# systemctl status 555438
Failed to get unit for PID 555438: PID 555438 does not belong to any loaded unit.
[root#Stock-DMP tmp]# ls -l /proc/551850/exe
lrwxrwxrwx 1 root root 0 Jan 6 15:02 /proc/551850/exe -> '/tmp/kdevtmpfsi (deleted)'
[root#Stock-DMP tmp]# ls -l /proc/552060/exe
lrwxrwxrwx 1 root root 0 Jan 6 15:02 /proc/552060/exe -> '/tmp/kdevtmpfsi (deleted)'
[root#Stock-DMP tmp]# ls -l /proc/552074/exe
lrwxrwxrwx 1 root root 0 Jan 6 15:02 /proc/552074/exe -> '/tmp/kdevtmpfsi (deleted)'
[root#Stock-DMP tmp]# ls -l /proc/555438/exe
ls: cannot access '/proc/555438/exe': No such file or directory
[root#Stock-DMP tmp]# crontab -l
no crontab for root
[root#Stock-DMP tmp]# find / -iname kdevtmpfsi* -exec rm -fv {} \;
removed '/var/lib/docker/overlay2/003f8255259b3a7551887255badebc03e3051bf7ccbf39cdabb669be17454cc9/merged/tmp/kdevtmpfsi'
removed '/var/lib/docker/overlay2/ebb11958a3df7d4dc3019a6b7f5d9f6d6e0bad8e6c8330b3cb2d994000b0d70e/merged/tmp/kdevtmpfsi'
removed '/var/lib/docker/overlay2/7782d102817437c1dc0e502b5f2ceb47f485ca9c69961b90f3d1f828074be59d/merged/tmp/kdevtmpfsi'
find: ‘/proc/571578’: No such file or directory
find: ‘/proc/571579’: No such file or directory
[root#Stock-DMP tmp]# find / -iname kinsing* -exec rm -fv {} \;
I want to know where kdevtmpfsi hacked into my server
How to delete kdevtmpfsi completely
Later defense methods (I use home network development, so it is difficult to close all ports in the security group or restrict access to designated IP)

Assigning a user label (string) to a pid?

In my use case, I have to launch many processes with the same name. This confuses me a lot because I can distinguish them only by checking the PID.
I was wondering if there exists some kind of additional field/info/label that the user can set/retrieve for this purpose.
I already know that I can rename a process using for example:
#include <sys/prctl.h>
prctl(PR_SET_NAME, "Test");
but I was looking for alternate,less-invasive solutions which do not change the process name..
Why do you even want this?
Every process knows who has started it, as you can see in this excerpt of ps -ef:
Linux Prompt>ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 15:05 ? 00:00:00 /init
root 7 1 0 15:05 tty1 00:00:00 /init
scampsd 8 7 0 15:05 tty1 00:00:00 -bash
scampsd 80 8 0 15:08 tty1 00:00:00 ps -ef
The information you want is in the UID column.
Same with the well-known top command (just an excerpt):
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 8940 316 272 S 0.0 0.0 0:00.10 init
7 root 20 0 8940 224 180 S 0.0 0.0 0:00.00 init
8 scampsd 20 0 18212 3836 3732 S 0.0 0.0 0:00.16 bash
81 scampsd 20 0 18920 2144 1528 R 0.0 0.0 0:00.03 top
The information you want is in the USER column.
So I don't see any reason to add information, which is already available.

How do I find the total memory and cpu usage of a process and all of its children in lunux

I would like to know the CPU and memory usage of a process and all of its children processes in Linux.
it would be better to have solution using ps command.but other solutions are also welcome.
Please help
Thanks
Shuja
Here's a simple script to do what you want. Your options will vary depending upon the version of 'ps' you are using. The result is comma delimitated so you can pass it into a spread sheet.
ps -vl | awk '{print $1 ", " $11 ", " $12 ", " $15}' | sed -n '/^424/ p'
where you change the 424 into whatever parent PID you want. Of course, if there's something else with the same digits as your PID, you'll have to be a little careful.
Someone ~
$ ps -vl
PID STAT TIME SL RE PAGEIN VSZ RSS LIM TSIZ %CPU %MEM COMMAND UID PPID F CPU PRI NI WCHAN ADDR TTY
432 S+ 0:00.01 0 0 0 2499948 1696 - 0 0.0 0.0 -bash 501 431 4006 0 31 0 - 0 ttys001
618 S 0:00.06 0 0 0 2465132 1656 - 0 0.0 0.0 -bash 501 617 4006 0 31 0 - 0 ttys002
424 S+ 0:00.01 0 0 0 2482540 1620 - 0 0.0 0.0 -bash 501 423 4006 0 31 0 - 0 ttys000
629 S+ 0:00.02 0 0 0 2463084 1612 - 0 0.0 0.0 -bash 501 628 4006 0 31 0 - 0 ttys003
Someone ~
$ ps -vl | awk '{print $1 ", " $11 ", " $12 ", " $15}' | sed -n '/^424/ p'
424, 0.0, 0.0, 423
Someone ~
$

Sysbench Memory Test

I have done memory test on my cloud instance with Sysbech utility.
Using following command:
sysbench --test=memory --memory-block-size=1K --memory-scope=global --memory-total-size=100G --memory-oper=write run
During the Run:
TOP command result
I never found Mem % is increased.
but CPU usage increased upto 100%
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5664 root 20 0 78036 2704 1908 S 99.5 0.4 0:09.42 sysbench
1 root 20 0 19276 500 348 S 0.0 0.1 0:00.81 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
is it strange ?
What does Memory test in Sysbench actually mean ?

Opening an existing process

I am using Eclipse in Linux through a remote connection (xrdp). My internet got disconnected, so I got disconnected from the server while eclipse was running.
Now I logged in again, and I do the "top" command I can see that eclipse is running and still under my user name.
Is there some way I can bring that process back into my view (I do not want to kill it because I am in the middle of checking in a large swath of code)? It doesnt show up on the bottom panel after I logged in again.
Here is the "top" output:
/home/mclouti% top
top - 08:32:31 up 43 days, 13:06, 29 users, load average: 0.56, 0.79, 0.82
Tasks: 447 total, 1 running, 446 sleeping, 0 stopped, 0 zombie
Cpu(s): 6.0%us, 0.7%sy, 0.0%ni, 92.1%id, 1.1%wa, 0.1%hi, 0.1%si, 0.0%st
Mem: 3107364k total, 2975852k used, 131512k free, 35756k buffers
Swap: 2031608k total, 59860k used, 1971748k free, 817816k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
13415 mclouti 15 0 964m 333m 31m S 21.2 11.0 83:12.96 eclipse
16040 mclouti 15 0 2608 1348 888 R 0.7 0.0 0:00.12 top
31395 mclouti 15 0 29072 20m 8524 S 0.7 0.7 611:08.08 Xvnc
2583 root 20 0 898m 2652 1056 S 0.3 0.1 139:26.82 automount
28990 postgres 15 0 13564 868 304 S 0.3 0.0 26:33.36 postgres
28995 postgres 16 0 13808 1248 300 S 0.3 0.0 6:54.95 postgres
31440 mclouti 15 0 3072 1592 1036 S 0.3 0.1 6:01.54 gam_server
1 root 15 0 2072 524 496 S 0.0 0.0 0:03.00 init
2 root RT -5 0 0 0 S 0.0 0.0 0:04.53 migration/0
3 root 34 19 0 0 0 S 0.0 0.0 0:00.04 ksoftirqd/0
4 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
5 root RT -5 0 0 0 S 0.0 0.0 0:01.72 migration/1
6 root 34 19 0 0 0 S 0.0 0.0 0:00.07 ksoftirqd/1
7 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/1
8 root RT -5 0 0 0 S 0.0 0.0 0:04.33 migration/2
9 root 34 19 0 0 0 S 0.0 0.0 0:00.05 ksoftirqd/2
It is a long shot, but you could try this little program from this thread
#include <stdio.h>
#include <stdlib.h>
#include <X11/Xlib.h>
int main(int argc, char **argv)
{
if ( argc != 2 ) {
printf("Usage:\n\ttotop <window id>\n");
return 1;
}
Display *dsp = XOpenDisplay(NULL);
long id = strtol(argv[1], NULL, 16);
XRaiseWindow ( dsp, id );
XSetInputFocus ( dsp, id, RevertToNone, CurrentTime );
XCloseDisplay ( dsp );
return 0;
}
You can compile it with:
$ c++ totop.cpp -L/usr/X11R6/lib -lX11 -o totop
I assumed that you saved it in "totop.cpp".
It has problem I do not know how to fix:
if window is in another virtual desktop this program doesn't work.
Here another question rises: how to send window to current desktop?
You can get window id using xwininfo.
A little script using this program used to call Eclipse:
#!/bin/bash
if ps -A | grep eclipse; then # if Eclipse already launched
id=$(xwininfo -name "Eclipse" | grep id: | awk "{ print \$4 }")
totop $id
else # launch Eclipse
eclipse
fi

Resources