Process management and user login audit

1. Process

1. Process Definition

    A process is the unfinished work of the cpu

2.ps command

ps      +

    a                                about all processes in the current environment

    x| -A                          all processes (including shell -independent)

    f                                show process affiliation

    e                               show the details of the process invocation environment tool

    l                                Long list showing process details

    u                              Display the user information of the process

    -a                              shows the processes running commands in the foreground of the shell , but not the shell itself

ps      +

    a                                about all processes in the current environment

    x| -A                          all processes (including shell -independent)

    f                                show process affiliation

    e                               show the details of the process invocation environment tool

    l                                Long list showing process details

    u                              Display the user information of the process

    -a                              shows the processes running commands in the foreground of the shell , but not the shell itself

ps ax -o %cpu,%mem,user,group,comm,nice,pid,stat   specifies to display some information about the process

%cpu ##Display process cpu load

%mem ##Display process memory load
user ##Process user
group ##Process group
comm ##Process name
nice ##Process priority
pid ##Process id

stat ##Process status

(Information displayed in stat

S ##Process status
l ##There is lock space in memory
N ##Priority low
< ##Priority high
+ ##Foreground running

s ## top-level process)

ps ax -o %cpu,comm --sort <+|-%cpu > <+|-%mem> ##Sort by process information
+ ##positive order-
##reverse order
%cpu ##cpu load sorting

%mem ##Memory load

Process priority####
1. Process priority range
-20～19

2. Priority view

ps ax -o pid,nice,comm

Specify a priority to start a process (not open)
nice -n priority number process name

nice -n -5 vim & ##Open vim and specify the program priority as -5

Change the process priority
reince -n priority number process pid
renice -n -5 1173 ##Change the priority of the 10 process to -5

 

Front-end and back-end calls of processes in the environment####

jobs ##View the processes that are entered into the background of the environment

ctrl+z ##Enter the process occupying the terminal into the background
fg jobsnum ##Call the background process back to the foreground
bg jobsnum ##Run the process that is suspended in the background

comm & ## let the command run directly in the background

Process signal ####
1. Common signal level
1 ##Process reload configuration
2 ##Delete process data in
memory3 ##Delete mouse data in
memory9 ##Forcibly end a single process (cannot be blocked)
15 ##Close the process normally (may be blocked)    
18 ##Run the suspended process
19 ##Suspend a process (can not be blocked)
20 ##Put the process into the background (can be blocked)
man 7 signal ##View signal details

kill -signal process pid
killall -signal process name

pkill -u student -signal  

  

SIGHUP Terminate the process Terminal line hangs up
SIGINT Terminate the process Interrupt the process
SIGQUIT Create a CORE file to terminate the process and generate a core file
SIGILL Create a CORE file Illegal instruction
SIGTRAP Create a CORE file Trace trap
SIGBUS Create a CORE file Bus error
SIGSEGV Create a CORE file Segment illegal error
SIGFPE Create CORE file Floating point exception
SIGIOT Create CORE file Perform I/O trap
SIGKILL Terminate process Kill process
SIGPIPE Terminate process Write data to a pipe that has no reading process
SIGALARM Terminate process Timer expires
SIGTERM Terminate process Software terminate signal
SIGSTOP Stop process Stop signal from non-terminal
SIGTSTP Stop process Stop signal from terminal
SIGCONT Ignore signal Continue execution of a stopped process
SIGURG Ignore signal I/O emergency signal
SIGIO Ignore signal I/O can be performed on the descriptor
SIGCHLD Ignore the signal When the child process stops or exits, notify the parent process
SIGTTOU Stop the process Background process writes the terminal
SIGTTIN Stops the process Background process reads the terminal SIGXGPU Terminates
the process CPU timeout
SIGXFSZ Terminates the process The file length is too long Statistical distribution graph with timer expires SIGUSR1 Terminates the process User-defined signal 1 SIGUSR2 Terminates the process User-defined signal 2

SIGVTALRM terminates the process virtual timer expires

1) SIGHUP
This signal is issued when the user terminal connection (normal or abnormal) ends, usually when the terminal's
control process ends, to notify each job in the same session, and then they are
no longer associated with the control terminal.
2) SIGINT
program termination (interrSIGABRT is generated when the program itself finds an error and calls abort.
6)
SIGIOT is generated by the iot instruction on PDP-11, and it is the same as SIGABRT on other machines.
7)
SIGBUS illegal address, including memory address alignment errors . eg: access a four
- integer whose address is not a multiple of 4.
8)
SIGFPE is issued when a fatal arithmetic operation error occurs. Not only floating point errors, but also
overflow and division by 0, etc. All arithmetic errors.
9)
SIGKILL is used to immediately end the execution of the program. This signal cannot be blocked, handled or ignored.
10)
SIGUSR1 is reserved for user use
11)
SIGSEGV attempts to access memory not allocated to itself, or to Write data to the memory address with write permission.
12)
SIGUSR2 is reserved for users to use
13)
SIGPIPE Broken pipe
14)
SIGALRM clock timing signal, which calculates the actual time or clock time. The alarm function uses this
signal .
15)
SIGTERM The program terminates (terminate) signal. Unlike SIGKILL, this signal can be blocked and
processed . Usually used to ask the program itself Exit normally. The shell command kill generates
this .
17)
SIGCHLD When the child process ends, the parent process will receive this signal.
18)
SIGCONT Let a stopped process continue to execute. This signal cannot be blocked. Yes Use
a handler to let the program do specific
work when it changes from a stopped state to continued execution. For example, redisplay the prompt
19)
SIGSTOP Stops (stopped) the execution of the process. Note the difference between it and terminate and interrupt:
the process has not End, just suspend execution. This signal cannot be blocked, handled or ignored.
20)
SIGTSTP stops the process from running, but the signal can be handled and ignored.
This signal is emitted when the user types the SUSP character (usually Ctrl-Z)
21)
SIGTTIN When a background job wants to read data from the user terminal, all processes in the job will receive the SIGTTIN
signal. By default these processes will stop executing.
22)
SIGTTOU is similar to SIGTTIN, but received when writing to the terminal (or modifying the terminal mode).
23)
SIGURG is generated when there is "urgent" data or out-of-band data arriving on the socket.
24)
SIGXCPU exceeds the CPU time resource limit. This limit Can be read/
changed by getrlimit/setrlimit
25)
SIGXFSZ exceeds file size resource limit.
26)
SIGVTALRM virtual clock signal. Similar to SIGALRM, but counts the CPU time used by the process.
27)
SIGPROF is similar to SIGALRM/SIGVTALRM, But it includes the CPU time used by the process and the
time .
28)
SIGWINCH is issued when the window size changes.
29)
SIGIO file descriptor is ready for input/output operations.
30)
SIGPWR Power failure

has two signals that can Stop the process: SIGTERM and SIGKILL. SIGTERM is more friendly, the process can catch this signal and close the program according to your needs. You can end open log files and complete tasks in progress before closing the program. In some cases, the process can ignore this SIGTERM signal if the process is doing work and cannot be interrupted.

Processes cannot ignore SIGKILL signals. It's an "I don't care what you're doing, stop now" signal. If you send a SIGKILL signal to a process, Linux stops the process there (upt) signal, which is issued when the user types an INTR character (usually Ctrl-C)
3)
SIGQUIT is similar to SIGINT, but consists of a QUIT character (usually Ctrl-) to control. The core file is generated when the process exits on receipt of
SIGQUIT, which is similar to a program error signal
in .
4)
SIGILL An illegal instruction was executed. Usually because of an error in the executable file itself, or an attempt to execute
data Segment. This signal may also be generated when the stack overflows.
5)
SIGTRAP is generated by breakpoint instructions or other trap instructions. Used by debugger.
6)
User login audit record####

1

w ##View the current users who are using the system

w -f ##-f to see where to use

2

last ##View user login success history

3.

lastb ##View the history of unsuccessful user login

top command

top monitoring system load tool

s : modify the process refresh interval

m : sort by memory usage

c : Sort by cpu occupancy
u : Enter the user name behind to view all processes initiated by the user
k : Followed by the pid of the process to be used, and the initiated signal (eg: 9, 15, 20) to
give A process initiates a signal

q : Exit the process view interface

h : display help for the top command

System Initializer

systemd
system initialization program, the first process started by the system, pid is 1

2.systemctl command

systemctl list-units ##List the status of current system services

systemctl list-unit-files ##List the startup status of the service

systemctl status sshd ##View the status of the specified service

systemctl stop sshd ##Close the specified service

systemctl start sshd ##Start the specified service

systemctl restart sshd ##Restart the service

systemctl enable sshd ##Set the specified service to start on
systemctl disable sshd ##Set the specified service to turn on and off

systemctl reload sshd ##Make the specified service reload the configuration

systemctl list-dependencies sshd ##View the dependencies of the specified service

systemctl mask sshd ##Freeze the specified service

systemctl unmask sshd ##Enable service

systemctl set-default multi-user.target ##Does not turn on graphics at boot

systemctl set-default graphical.target ##boot graphics

setterm ##Text interface setting color
vga=ask
3. Service status
systemctl status service name

loaded ##System service has been initialized, loaded configuration

active(running) ##One or more programs are being executed in the system,
                # vsftpd is this mode

atcive(exited) ##Services that end normally after only one execution,

atcive(waiting) ##In progress,
                # But wait for other events to continue processing

inactive ##Services are closed

enbaled ##Services Startup

disabled ##Service does not start automatically at startup

static ##Service startup item cannot be managed

failed ##System configuration error