LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel
User Name
Password
Linux - Kernel This forum is for all discussion relating to the Linux kernel.

Notices


Reply
  Search this Thread
Old 06-10-2011, 12:29 PM   #1
abhijeetsamant
LQ Newbie
 
Registered: Jun 2011
Posts: 1

Rep: Reputation: Disabled
Linux Processes explanation


Hi,

CAn anybody help me with a a site where i can get a small write up on all system process that we see running when we type the top command eg processes like

init [3
migration/0]
ksoftirqd/0]
watchdog/0]


Any help would be appritiated


Thanks in advance

Abhi
 
Old 06-10-2011, 01:21 PM   #2
PrinceCruise
Member
 
Registered: Aug 2009
Location: /Universe/Earth/India/Pune
Distribution: Slackware64 -Current
Posts: 890

Rep: Reputation: 185Reputation: 185
I wonder if you still haven't search wiki for these items.

Regards.
 
Old 06-10-2011, 01:28 PM   #3
Peufelon
Member
 
Registered: Jul 2005
Posts: 164
Blog Entries: 1

Rep: Reputation: Disabled
Write your own guide

@abhijeetsamant:

If you want to create a baseline of "normal behavior" for your PC, that is a very good idea!

But I don't think any one site could possibly provide enough information for any one user--- there is simply too much variety.

I recommend that you write your own guide, specific to your PC, and keep it in an encrypted area. Many users find lightweight wikis useful for internal documentation.

Here is one method you can use:
  • as root user, identify common daemons and other frequently running system processes, ip traffic, etc., using
    Code:
    	ps -ef 			# what processes are running?
    	top			# what processes are consuming the most memory, cycles?
    	iftop -Pn		# what internet connections are open?
    	netstat -anp		# what is happening on the LAN?
    	lsof			# what files are open?
    	ss -s			# how many sockets are open?  how many use ipv6?
    	ss -ta | column		# what TCP sockets are open?
    	ss -ua | column		# what UDP sockets are open?
    	ss -lp | column		# what sockets access which port?  which use ipv6?
    (read the man pages for ps, netstat, lsof, ss and adjust the flags to suit your needs)
  • look in places like /etc/rc5.d and /etc/init.d/ for information about services which start at boot time, services which run daily, and so forth
  • gather information about each process (in the example, "nmbd" and "fgrep") and system user using standard Linux tools:
    Code:
     
    	whatis nmbd		#
    	apropos nmbd    	# try to find some initial clues to what nmbd is all about
    	man nmbd		# man pages often state the location of log and configuration files
    	locate nmbd | grep bin  # look for the location of the executables
    	stat /bin/fgrep		# nominal time of last access, modification (compare with your IDS)
    	strings /bin/fgrep	#
    	srch_strings /bin/fgrep	# print readable strings in an executable
    	dd if=/bin/fgrep | hexdump -C | less		#
    	readelf -a /bin/fgrep				# examine an executable
    	objdump -m i386 -b binary -D /bin/fgrep | less	# examine it line by line
    	locate nmbd | greb lib  # look for the location of related libraries
    	locate nmbd | grep log  # and log files
    	more /etc/passwd | grep lp   # who is this system user?  does he have shell access?
    	netstat -anp | grep nmbd  # what is nmbd doing right now?
    	lsof | grep nmbd  # what library files does it have open?
  • if you can find a relevant Wikipedia article, it may have more information (but remember, anyone can edit the Wikipedia to say anything):
    Code:
    https://secure.wikimedia.org/wikipedia/en/wiki/Special:Search/
    (modify the link in the obvious way to obtain another language than English)
  • if you know how to use wireshark you can also peek at interprocess communication by using its powerful filtering capabilities to display only the packets you are interested in (see also tcpdump)
  • you can also list installed modules
    Code:
    lsmod
    and you can investigate kernel threads, in order to distinguish normal and abnormal kernel behavior
  • you can examine BIOS and attached devices, and otherwise document your hardware
  • you can document the configuration of your LAN
  • collate all this information; I find it helpful to separate processes into
    • daemons which run continually
    • processes which run automatically at specific times (and what IP addresses they may call up)
    • processes which are normally run only when you call them (and what IP addresses they may call up)

You can add more methods according to your needs.

Since "normal behavior" changes over time as new software is installed and old software is patched, and as user behavior changes, you need to update this from time to time.

The payoff is that your internal wiki can help you to quickly distinguish between normal and abnormal output in top. This can be useful in a possible emergency.

Last edited by Peufelon; 06-10-2011 at 01:51 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Video For Linux *** need explanation MODYSAMA Linux - Newbie 3 06-04-2011 05:00 PM
Further explanation of Linux Live for CD/USB? linus72 Linux - Newbie 3 03-22-2009 07:43 AM
Need explanation of Linux DHCP jrus Linux - Newbie 3 08-21-2007 12:01 AM
I need a quick explanation of Linux video and audio... shah1701 Linux - General 2 10-05-2004 12:21 PM
any linux dictionary/explanation of terms out there ? yanar99 Linux - Newbie 3 12-15-2003 07:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel

All times are GMT -5. The time now is 08:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration