Jump to content
xisto Community
rob86

Is There Anything For Linux That Tells You What Running Processes Are?

Recommended Posts

Back in the good 'ol days of Windows, I tried a demo of some software called Anti-Spy.info. There was also a similar program I can't remember the name of. What made these programs unique and useful was that they helped you identify what a strange process was by telling you things like, the name of the software, the company, a little tidbit of information on it, like "Firefox is a web browser' " and whether it was VERY important, like X or just something that can be killed.Of course these programs were really meant for getting rid of spyware and viruses, and Linux rarely (never?) has spyware/viruses running in the background, and even harmless programs seemingly never run on start up by default, but there are still a bunch of things I'd like to identify and determine their importance. Is there nothing out there (other than Google) that can aid in identifying what running processes are? I know I can just look on Google, but that seems so time inefficient and to be honest, I just like trying new software.. :)

Edited by rob86 (see edit history)

Share this post


Link to post
Share on other sites

To see the running tasks in linux you can use the command Top. I tried this on red hat box. It will show you the top processes running.

 

Try this command :

 

top

Also to kill those processes. Use the following commands.

 

kill -9 <Listed_process_id>

To know the process id,use the following command.

 

ps -aux | grep <name_of _process>

Share this post


Link to post
Share on other sites

there is another software which can tell you the programes running on start up and give description about all start up programmes , such as if any programme which runs at your start up is a virus, iy tells you that it is a virus and you can delete that programme from start up, and the name of the soft ware is:startup booster

Share this post


Link to post
Share on other sites

For Windows, if you want to find out spyware or trojans that start with startup. You can try use "Autorun and Process viewer"(this i found yesterday) very cool utility. Also there is processtamer which does similar job like APV. Use hijackthis utility to fix the startup processes which are unwanted. Also Malwarebytes antimalware bytes is one to fix it for windows trojans and startup script kiddies.For linux, if you are using KDE then you can try KSysGaurd. There is not known task manager utlity as far as i know.

Share this post


Link to post
Share on other sites

KDE's System Monitor is pretty good. It's basically a visual version of the command-line "top" that shows you all of the current running processes, their CPU usage, etc. You can also get the path the program is running from, and the parent process, by hovering over each entry. Switching to "tree" view allows you to go through processes from parent to child, so you can see if one application is spawning loads more, or which application called a particular process. So, for example, I can see that Origami spawned the Folding@Home client, which spawned another two copies of itself (one for each of my CPU cores). I can also see that MySQL spawned the very vaguely named "logger" process. As for finding out what they all do (if you haven't found out already), a search engine is really the best bet and will get you more useful information than automated tools.

Share this post


Link to post
Share on other sites

I think, what he wanted is a software that monitors the current running processes, and explain us whether that particular process is important or just a normal process etc.. In windows, there are many utilities available for this purpose which tells us about all the running processes and their trustworthy. I think he needs a similar utility for Linux. Is there anything like that?

Share this post


Link to post
Share on other sites

I already answered it, that there is not known task manager Utility for linux with such functionality. I guess rvalkass and truefusion can confirm it for me. I simply didn't found any such utility. If he's having antispyware/malware utility then he'll find a way to avoid such process by running their scanner.Scanner will catch such proceses and will remove such services. For malware detection as he wants for monitoring services. There is not any known utility for windows (other than antivirus/spyware)that watches running process and filters it if harmful (APV and process explorer & Process tamer only keep eye on process which are taking more resources but they don't keep eye on process which are infected by virus or trojans). So what he wants is "utility to check process which are harmful". I doubt this utility is available for both windows and linux.

Share this post


Link to post
Share on other sites

I doubt this utility is available for both windows and linux.

For windows, there are some utilities available that analyzes its trustworthy at some extensions. For example, Auslogics uninstall manager will show all the installed softwares and shows its trustworthy. It will mark some suspicious softwares as dangerous software. But of course, I don't think they are 100% correct.

Share this post


Link to post
Share on other sites

I guess auslogic do it by looking at the data that software is registering with system. But in case of spyware/trojan which infects with other process. Auslogic will not able to find if it is malicious. For example rapidblaster worm which adds app.exe on task manager that attatches with almost any browser you find online. It is not at all detected by any process viewer as malicious. Only spybot/antimalware software detects it (and that too by looking at registry entries and not by process id or something). Antivirus program are more likely to find it out depends which we are using.

For windows, there are some utilities available that analyzes its trustworthy at some extensions

How can they find malicious process if any trojan and spyware attatches to any available current process ? I doubt any small utility can analyze this much difference from running processes.

Share this post


Link to post
Share on other sites

On Linux all software packages downloaded from a repository are signed with a PGP key, which is used to check their authenticity. Without that key you get warnings, and you are prevented from installing the software. If the key fails, the software won't install. MD5 and SHA1 sums are also used to verify software packages not downloaded from repositories. The package and MD5/SHA1 sum are published online. You download the software and check the sum - if they match then the software hasn't been tampered with and is OK (as long as you are downloading from a reputable source).Linux is generally much better than Windows at killing processes that don't need to hang around, even if individual processes leave their children hanging around, Linux will kill them off once they're orphaned (who came up with this vocabulary?! It makes Linux seem so mean :) ) so that CPU power and memory aren't wasted on processes with no purpose.

Share this post


Link to post
Share on other sites

How can they find malicious process if any trojan and spyware attatches to any available current process ? I doubt any small utility can analyze this much difference from running processes.

Well, that statement you quoted was a typo. :) I was thinking something else and wrote extensions instead of extent. That auslogics utility gives details about installed software only.

Auslogics has another utility Auslogis Task Manager. It is more advanced than our XPs task manager. It will rate all your running processes. And will show its memory usage, read/write speed of hard disk access, internet usage etc.. It even shows all the details of services and all opened files( like DLL files, LOG files, all EXEs etc.. ). It has many other feautures. If we look at the process and its detailed usage of resources we can decide which process is causing problem. Of course, it won't do anything related to its maliciousness. We are the decision makers :o ... it will just provide information. These utilities are part of Auslogics BoostSpeed.

I am just giving an example of such software. And I agree with you, no software can detect a process good or bad unless that software is either antivirus, or antispyware utility. And they need regular updates too.
Edited by xpress (see edit history)

Share this post


Link to post
Share on other sites

Yes, I know about top, and ps, system monitor. I know how to see what processes are running, and how to killl them, but there are a lot that I can't identify just by reading the command name. For example, just randomly picking a random one out of my list, I'll see kgameportd, and wonder, what is it for? Do I need it? Is it telling me I'm running something I don't need unknowingly and it's wasting memory? I went through the list and saw BOINC running all the time, and I remembered what BOINC was, and don't need it, so I uninstalled it. Had I not known, it would still be running in the background, doing nothing useful. I know none of these are harmful, but I don't like running things I don't need either.On Windows, from experience I knew every process that was running and it's purpose, on Linux, I look at the Linux process list and see things like, kacpid,ata_aux,kseriod, and many more. I guess I'm the kind of person that likes to know what exactly all those things are for, whether they are important or not. Maybe that will have to be a programming project for me.. a process identifier!

Share this post


Link to post
Share on other sites

I could understand why a program like that would not be found under Linux, as the starting days of Linux people had to do all the maintenance work for their system and therefore would (should) always know what is what. Now-a-days, with distributions out there doing the work for you, you'd have to do some research yourself to figure things out. However, if i were to make my own program that attempts to provide the information you are looking for based on the list of processes that are active on your machine, at least on a Debian system, i would use certain apt tools, like apt-file and apt-cache—maybe even the man command for man-pages. I would use apt-file to search the repository for the packages that contain the file that was loaded into memory and after finding the package i would use apt-cache to provide the description of the package. You could probably make a simple Python script that does this by having it call these commands and parse stdout (standard output).On RPM-based systems i do not know how i would go about in doing it, though.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.