Killing Processes
At times, a process will consume way too many system resources, exhibit
unusual behavior, or —at worst—freeze. A process that exhibits this type of
behavior is often referred to as a rogue process. For you, probably the most
problematic symptom will be wasted resources used by the rogue process
that could be better allocated to useful processes.
Process Management
67
When you identify a problematic process, you may want to stop it with
the
kill
command. There are many different ways to kill a program, and
each has its own kill number.
The
kill
command has 64 different kill signals, and each does some
thing slightly different. Here, we focus on a few you will likely find most
useful. The syntax for the
kill
command is
kill-
signal
PID
, where the signal
switch is optional. If you don’t provide a signal flag, it defaults to
SIGTERM
.
Table 61 lists the common kill signals
Table 6-1:
Commonly Used Kill Signals
Signal name Number
for option
Description
SIGHUP
1
This is known as the
Hangup (HUP)
signal. It stops the des-
ignated process and restarts it with the same PID.
SIGINT
2
This is the
Interrupt (INT)
signal. It is a weak kill signal that
isn’t guaranteed to work, but it works in most cases.
SIGQUIT
3
This is known as the
core dump
. It terminates the process
and saves the process information in memory, and then it
saves this information in the current working directory to
a file named
core
. (The reasons for doing this are beyond
the scope of this book.)
SIGTERM
15
This is the
Termination (TERM)
signal. It is the
kill
com-
mand’s default kill signal.
SIGKILL
9
This is the absolute kill signal. It forces the process to
stop by sending the process’s resources to a special
device,
/dev/null
.
Using the
top
command, you can identify which processes are using too
many resources; often, those processes will be legitimate, but there may be
malicious processes taking resources that you’ll want to kill.
If you just want to restart a process with the HUP signal, enter the
-1
option with
kill
, like so:
kali >
kill -1 6996
In the case of a rogue or a malicious process, you likely want to send
the
kill -9
signal, the absolute kill signal, to the process. This makes cer
tain that the process is terminated.
kali >
kill -9 6996
If you don’t know a process’s PID, you can use the
killall
command to
kill the process. This command takes the name of the process, instead of
the PID, as an argument.
|
