Welcome back, my novice hackers!
In my continuing effort to develop your Linux skills, I now offer you this eighth in my series for Linux Basics for the Aspiring Hacker. In this tutorial, we'll look at system processes and how to manage them.
In Linux, a process is a program running in memory. Typically, your computer is running hundreds of processes simultaneously. If they're system processes, Linux folks refer to them as daemons or demons. You will often see the process name ending with a "d" such httpd, the process or daemon responsible for the http service.
We can see all the processes running on your system by typing:
- ps aux
These switches will provide all processes (a), the user (u) ,and processes not associated with a terminal (x). This is my favorite set of switches for using ps as it enables me to see which user initiated the process and how much in resources it's using.
Note that each process listed shows us among many things.
- PID (process identifier)
- %MEM (memory)
If we just wanted to see the all the processes with limited information, we can type:
- ps -A
You can see all the processes running, but without such information as CPU percentage and memory percentage. Note that airbase-ng is listed with PID 5143 and the last process is the ps command.
Process numbers, or PIDs, are critical for working in Linux, as you often need the PID to manage a process. As you might have seen in some of my Metasploit tutorials, the PID often becomes critical in hacking the victim systems.
Similar to the ps command is the top command, except that top shows us only the top processes. In other words, it only shows us the processes using the most resources and it's dynamic, meaning that it is gives us a real-time look at our processes. Simply type:
As you can see, the processes are listed in the order by how much system resources they are using, and the list is constantly changing as the processes use more or less resources.
Sometimes we will need to stop processes in Linux. The command we use is kill. Don't worry, it sounds more violent than it actually is. This command is particularly important if we have a process that continues to run and use system resources, even after we have tried to stop it. These processes are often referred to as "zombie" processes.
We can kill a process by simply typing kill and the process ID or PID. So to kill my airbase-ng process, I can simply type:
- kill 5143
We can see in the screenshot above that my airbase-ng process is no longer running.
There are many types of "kills". The default kill (when we use the kill command without any switches) is kill 15 or the termination signal. It allows the process to cleanup and gently terminate its process.
Sometimes, processes still refuse to terminate even when sent the default kill command. In that case, we have to get more serious and use the absolute terminator to do the job. This is kill -9, which takes no prisoners and ends the job without allowing it to say its goodbyes and forces the kernel to terminate it immediately.
Every process in Linux is given a priority number. As you probably guessed, this priority number determines how important the process is and where it stands in line in terms of using system resources. These priority numbers range from 0 to 127 with 0 being the highest priority and 127 being the lowest.
As the root user or system admin, we can't directly determine the priority of a process—that is the job of the kernel—but we can hint to the kernel that we would like a process to run with a higher priority. We can do this through the nice command. Nice values range from -20 to +19 with the lower values indicating a higher priority.
We can set a processes' nice value by using the nice command, the -n switch, the value of the nice, and then the command we want to run. So, if if we wanted to start our airbase-ng process from our Evil Twin tutorial with the highest priority, we could type:
- nice -n -20 airbase-ng -a 00:09:5B:6F:64:1E --essid "Elroy" -c 11 mon0
Later on, if we felt that we wanted to reduce the priority of the airbase-ng command, we could renice it. The renice command requires simply the renice command, the priority level, and unlike the nice command, it only takes the process PID, such as:
- renice 15 5143
We can see that by renice-ing the airbase-ng command, we have reduced its priority from -20 (highest) to 15 (relatively low).
You probably noticed in running some of my hack tutorials that when we run a command from the shell terminal, the process will take control of that shell until it is complete. If it's an ongoing process, similar to airbase-ng, it will maintain control of that terminal until we stop it. Until that time, we can't use that shell.
If we want to still use that shell, we can send that process into the background and then get control of the shell again. To start a command in the background, we simply need to end the command with the & or ampersand. So, to get airbase-ng to run in the background, we simply type:
- airbase-ng -a 00:09:5B:6F:64:1E --essid "Elroy" -c 11 mon0 &
If we want to bring a background job to the foreground, we simply type fg. To send a foreground processes to the background, we can type Control Z to stop it and then and using the bg command with the PID to send it to the background.
Stay tuned for more Linux basics for the aspiring hacker. If you haven't checked out the other guides yet, make sure to give them a look. If you have any questions, make sure to comment below or start a thread in the Null Byte forum for help.