≡ Menu

ps command

Security Tip: Find Out Current Working Directory Of A Process Running on Linux/Unix

For security reason you may need to find out current working directory of a process. You can obtained this information by visiting /proc/pid/cwd directory or using the pwdx command. The pwdx command reports the current working directory of a process or processes.
[click to continue…]

Quick Shell Tip: Remove grep command while grepping something using ps command

Generally you use ps command to find out all running process. You may also pipe out ps command output via grep command to pickup desired output.

Basically you don't want display grep command as the process.

Let us run combination of ps and grep command to find out all perl processes:
$ ps aux | grep perl

vivek      4611  0.0  0.7  10044  6068 ?        Ss   02:40   0:00 /usr/bin/perl apps/monitor/gwl.pl
root      4853  0.0  0.7  10044  6068 ?        Ss   02:40   0:00 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
vivek      5166  0.0  0.0   2884   748 pts/0    R+   03:06   0:00 grep perl

In above example you are getting the grep process itself. To ignore grep process from output, type any one of the following:
$ ps aux | grep perl | grep -v grep
$ ps aux | grep '[p]erl'

How to display or show information about a Linux Kernel module or drivers

I was just browsing our forum and come across the following question:

How do I find out detailed information about a Linux Kernel module or device drivers?

You need to use modinfo command to display or show information about a Linux Kernel loaded modules. Use lsmod command to obtain list of loaded modules.

modinfo extracts information from the Linux Kernel modules given on the command line. This is not just useful to find out about information about loaded modules but it can be used to identify modules inserted by crackers/hackers (try less /proc/modules). Also following is a good way to verify output reported by ps ax :
# ps ax | wc -l
# ls -d /proc/* | grep [0-9]|wc -l

Usually rootkit will install their own ps command, which hides kernel modules. If second output is larger than the first (ps ax) command output take a closer look at your server.

Back to our main question, the modinfo command outputs following information for each module:
=> Module Author
=> Module description
=> License
=> Parameter and filename

Task: Display list of modules

$ lsmod
$ less /proc/modules

Task: Display information about ide-cd module

$ /sbin/modinfo ide-cd

filename:       /lib/modules/2.6.8-2-686/kernel/drivers/ide/ide-cd.ko
description:    ATAPI CD-ROM Driver
license:        GPL
vermagic:       2.6.8-2-686 preempt 686 gcc-3.3
depends:        ide-core,cdrom

Task: Display information about rt61 module

$ /sbin/modinfo rt61

filename:       /lib/modules/2.6.8-2-686/kernel/net/wireless/rt61.ko
author:         Paul Lin 
description:    RT61 Wireless Lan Linux Driver
vermagic:       2.6.8-2-686 preempt 686 gcc-3.3
alias:          pci:v00001814d00000301sv*sd*bc*sc*i*
alias:          pci:v00001814d00000302sv*sd*bc*sc*i*
alias:          pci:v00001814d00000401sv*sd*bc*sc*i*

You can load modules automatically during Linux system boot sequence by adding a module name to /etc/modules.conf (Red Hat and friends) or /etc/modules (Debian / Ubuntu Linux) file.

How do I find out what shell I’m using?

Asked by Chetan Joshi

Q. What is the best way to find out what shell I'm using. echo $SHELL is not so reliable. Please let me know any tiny command or trick.

A. Chetan, echo $SHELL should work. But here is old good UNIX trick. Use the command ps with -p {pid} option, which selects the processes whose process ID numbers appear in pid. Use following command to find out what shell you are in:

ps -p $$

So what is $ argument passed to -p option? Remember $ returns the PID (process identification number) of the current process, and the current process is your shell. So running a ps on that number displays a process status listing of your shell. In that listing you will find the name of your shell (look for CMD column) .

$ ps -p $$

  PID TTY          TIME CMD
6453 pts/0    00:00:00 csh

From my Linux box:
$ ps -p $$

  PID TTY          TIME CMD
5866 pts/0    00:00:00 bash

You can store your shell name in a variable as follows :
MYSHELL=`ps -hp $$|awk '{echo $5}'`

Please note those are backquotes, not apostrophes

Or better try out following if you have a bash shell:

MYSHELL=$(ps -hp $$|awk '{echo $5}')