🖥️ps

➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the ps command with important options and switches using examples.

▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁

#                ██████╗ ███████╗
#                ██╔══██╗██╔════╝
#                ██████╔╝███████╗
#                ██╔═══╝ ╚════██║
#                ██║     ███████║
#                ╚═╝     ╚══════╝
                

                                
# To list every process on the system:
ps aux

# To list a process tree
ps axjf

# To list every process owned by foouser:
ps -aufoouser

# To list every process with a user-defined format:
ps -eo pid,user,command

# Exclude grep from your grepped output of ps.
# Add [] to the first letter. Ex: sshd -> [s]shd
ps aux | grep '[h]ttpd'

#==============================#
# CMD PS
#==============================##==============================#
ps -o pid,lstart,command ax
# When Apr01 just won not do, show the (long) format start time for all processes on a Linux system.

ps auxww | grep "[h]ttpd" 
# Show only the processes matching httpd, ignoring the line of the grep process itself (regex trick).

ps xaw -eo pid,args,cgroup

ps k-%cpu

ps aux|sort -n -k6 -r |head

ps -LF -u user_name
# The below command outputs processes and threads of a user. The option “L” (list threads) and “-F” (Full Format Listing).

ps aux |grep ssh |grep -v grep |awk ?{print $2}? |xargs kill -9
# and even better - setup public/private keys and you could use "-i ~/.ssh/public_key" as ssh parameter, to avoid password prompt ==> then could have everything in a shell script

ps auxw | grep "[h]ttpd" | wc -l
# Count the number of web server processes running. Or use (pgrep -c httpd)

ps auxww | grep "[h]ttpd" | wc -l 
# Count the number of web server processes running.

ps auxwf | grep -B8 "[g]zip"
# Show the process in a tree format, search for gzip and show 8 lines of pre-match context to see its family.

ps auxwwf | sed -n -r -e '/^.{64} \//h;/\\/H' -e '/^.{14} [8-9][0-9]\.[0-9]/{x;p}' 
# Print the high CPU process's family tree. 

ps auxww | tee output.log
# Use the 'tee' command to save a copy and see the output of a program at the same time.

ps -o pid,lstart,command ax
# When Apr01 just won not do, show the (long) format start time for all processes on a Linux system.

ps ax -o state -o ppid  | awk '$1=="Z"{print $2}' | xargs kill -9
# Kill all #zombies on the system.

ps wu -U someuser
# An easy way of selecting the processes owned by someuser.

ps aux | awk '{if ($8=="Z") { print $2 }}'
# On Linux, print out a list of the process IDs that are in the zombie state.

ps aux|tail -n+2 |sort -nrk4 |head -$(($(tput lines)-1)) |cut -c 1-$(tput cols)
# Display top RAM using processes. Browser is probably

ps -ef | grep [p]mon | awk '{print $2}' | xargs -I {} ps eww {} | awk '{print $1 " " $5 " " $6 " " $0}' | sed 's/\(S*\) \(S*\) .*ORACLE_HOME/\1 \2/g' | cut -f1,2,3 -d" "
# the executable that started the currently running oracle databases and the ORACLE_HOME relative to each
# Show the executable that spawned the process and show the PID and ORACLE_HOME relative to the environment within which the process is running.

ps aux | awk '{if ($8 ~ "D") print $0}'
# List process in unkillable state D (iowait)

# On Linux, print the processes that are in the zombie state. Hopefully there are none.
ps auxww | awk '$8=="Z"' 

ps auxwf | grep -B8 " [2]533 " 
# Display process table in Linux with parent/child relationships, searching for process id 2533 and displaying the 8 lines before the matched line. The [2] part is so the grep doesn't match it's own process line.

ps aux | sort -rk 3,3 | head -n 10
# Sort processes by CPU Usage Short list about top 10 processes, sorted by CPU usage This is sample output
	USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
	root      9878  2.4  0.0 944296  7588 ?        Ssl  Sep03 2010:47 dad
	admbd     1282  1.0  0.0  64212  3984 pts/46   S+   17:01   0:00 ssh frutillar
	root      1279  0.4  0.0  64208  3984 pts/77   S+   17:01   0:00 ssh desacloud522
	root      1278  0.4  0.0  64208  3976 pts/129  S+   17:01   0:00 ssh f1cloud4099
	root      1281  0.3  0.0  82488  4524 ?        S    17:01   0:00 /usr/sbin/packagekitd
	root     10238  0.3  0.0  55048  8992 ?        Ssl  Sep03 244:21 /opt/CA/SystemEDGE/bin/sysedge -b
	root     11321  0.2  0.1 278880 25168 ?        Sl   Sep03 170:44 splunkd -p 8089 start
	root     10086  0.1  0.0 165280 12364 ?        Ssl  Sep03 102:49 /usr/sbin/adclient
	appdyn     514  0.1  0.0 112432  2736 ?        S    16:58   0:00 sshd: appdyn@pts/130

	
	
ps aux | grep ssh | grep -v grep | grep -v sshd | awk {'print $2'} | xargs -r kill -9
# Kill any lingering ssh processes - Also ignoring "sshd" server is necessary since you should not kill ssh server processes.

# Hide's the name of a process listed in the `ps` output -> The classical 'ps aux | grep' can do this with one more parameter, the '-v', with means 'NOT' to grep.
ps aux | grep -v name_you_want_to_hide

# Memory Verbrauch addiert nach Prozessname - Mithilfe folgender Codewurst kann der Memoryverbrauch nach Prozessnamen addiert aufgelistet werden:
ps -e -o comm,rss --no-heading|awk '{arr[$1]+=$2} END {for (i in arr) {printf("%15s ", i); printf("%6s \n", arr[i]);}}'|grep -v ' 0'|sort -nr -k2

# Kleine Variante - wenn wir die Hauptverbraucher ohnehin schon kennen, konzentrieren wir uns auf die:
ps -C amavisd-new,clamd,apache2,mysqld -o comm,rss --no-heading|awk '{arr[$1]+=$2} END {for (i in arr) {printf("%15s ", i); printf("%6s \n", arr[i]);}}'|grep -v ' 0'|sort -nr -k2

# Welches Kommando macht was?
    ps listet die rss (resident set size) und den Namen des Prozesses
    awk addiert die Felder nach Namen und formatiert die Ausgabe
    grep verwirft die Einträge mit rss=0
    sort sortiert absteigend nach Verbrauch

# Linux shell processes discovery - what processes doing right now
ps -e -o pid,comm,wchan=WIDE-WCHAN-COLUMN  

ps ax -o state -o ppid | awk '$1=="Z"{print $2}' | xargs kill -9 
# Kill all #zombies on the system.

ps auxww | tee output.log 
# Use the 'tee' command to save a copy and see the output of a program at the same time.

ps aux | awk '{if ($8=="Z") { print $2 }}' 
# On Linux, print out a list of the process IDs that are in the zombie state.

# List open processes ordered by it is number of open files
# Explanation: Combines ps, lsof, and sort in the ways you might expect to produce the intended outcome.
ps -ef |awk '{ print $2 }' \ 	|tail -n +2 \ 	|while read pid; do echo "$pid	$(lsof -p $pid |wc -l)"; done \ 	|sort -r -n -k 2 \ 	|while read pid count; do echo "$pid	$count	$(ps -o command= -p $pid)"; done

# Top 10 Memory Processes (reduced output to applications and %usage only)
    # sort bei User
ps jax --sort=uid,-ppid,+pid
    # output sort by memory (RAM)
ps aux --sort -rss
ps aux | sort -rk 4,4 | head -n 10 | awk '{print $4,$11}'
    # Sample output
	    # savage@mastervoid~> ps aux | sort -rk 4,4 | head -n 10 | awk '{print $4,$11}'
	    # %MEM COMMAND
	    # 4.8 /usr/lib/firefox-esr/firefox-esr
	    # 4.8 firefox-esr
	    # 3.0 /usr/lib/firefox-esr/firefox-esr
	    # 2.8 /usr/lib/firefox-esr/firefox-esr
	    # 2.8 /usr/lib/firefox-esr/firefox-esr
	    # 2.1 /app/extra/share/spotify/spotify
	    # 1.5 /app/extra/share/spotify/spotify
	    # 1.2 /usr/share/atom/atom
	    # 0.9 /usr/share/atom/atom

# Top 10 Memory Processes - It displays the top 10 processes sorted by memory usage
ps aux | sort -rk 4,4 | head -n 10
    # Sample output
	    # USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
	    # r00t 31878 24.1  3.3 3138164 546484 ?      Sl   11:45  24:06 pmdtm -PR -gmh alsea -gmp 6015 -guid 6b122687-8aeb-481a-a33f-867a59c14fee -rst 180 -s ...
	    # r00t  2639  0.0  3.2 1626772 531944 ?      Sl   Jun20  44:22 /u01/home/app/r00t/Informatica/9.5.1/java/bin/java -Dfile.encoding=UTF-8 -d64 -Xmx512M ...
	    # r00t 27794  9.0  2.1 2809284 344388 ?      Sl   10:43  14:34 pmdtm -PR -gmh alsea -gmp 6015 -guid 6b122687-8aeb-481a-a33f-867a59c14fee -rst 180 -s ...
	    # r00t 13796  0.2  2.1 3406808 349972 ?      Sl   Jun19 337:10 /u01/home/app/r00t/Informatica/9.5.1/java/bin/java -ea -Djava.awt.headless=true ... -Xmx2048m ...
	    # r00t 32222  101 19.9 4805632 3262688 ?     Sl   11:55  90:33 pmdtm -PR -gmh alsea -gmp 6015 -guid 6b122687-8aeb-481a-a33f-867a59c14fee -rst 180 -s ...
	    # r00t 14036  0.3  1.6 2841340 269712 ?      Sl   Jun19 449:57 /u01/home/app/r00t/Informatica/9.5.1/server/bin/pmrepagent - RG9tYWluX0RFVlRFU1Q= RGVzYXJyb2xsbw== ...
	    # ctmagent  6176  0.0  1.6 4804504 276240 ?      Sl   Mar29 165:32 ./JRE/bin/java -classpath exe/ctminf.jar com.bmc.ctm.cminf.Start start 4
	    # r00t 14218  0.1  1.5 1927368 260112 ?      Sl   Jun19 181:00 /u01/home/app/r00t/Informatica/9.5.1/server/bin/pmserver RG9tYWluX0RFVlRFU1Q= SVNfRGVzYXJyb2xsbw== ...
	    # r00t 13963  0.1  1.1 1356460 195172 ?      Sl   Jun19 168:50 /u01/home/app/r00t/Informatica/9.5.1/java/bin/java -XX:GCTimeRatio=9 -XX:MaxPermSize=128m -Xmx512M ...

# you can monitor a process on Linux - example: 
while ps -p`pidof vim` &>/dev/null; do command1; done ; command2
	#	command1: do something while vim is running
	#	command2: do something after vim has exited 

# Beendet Prozesse 
sudo ps S | awk '{ print $ 1; }' | grep -E '[0-9]' | sort -R | sed -n 'p;n' | xargs kill -9

#==============================##==============================#
# CMD PS
#==============================##==============================#
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░