Linux Training in Coimbatore & Best Linux Server Administration Training Institute

Monday, 22 February 2021

Set Up Python with CentOS Linux

Python is a widely used interpreted language that has brought professionalism to the world of coding scripted applications on Linux (and other operating systems). Where Perl was once the industry standard, Python has surpassed Perl in many respects.

Some strengths of Python versus Perl are −

Rapid progression in refinement
Libraries that are standard to the language
Readability of the code is thought out in language definition
Many professional frameworks for everything from GUI support to web-development

Python can do anything Perl can do, and in a lot of cases in a better manner. Though Perl still has its place amongst the toolbox of a Linux admin, learning Python is a great choice as a skill set.

The biggest drawbacks of Python are sometimes related to its strengths. In history, Python was originally designed to teach programming. At times, its core foundations of "easily readable" and "doing things the right way" can cause unnecessary complexities when writing a simple code. Also, its standard libraries have caused problems in transitioning from versions 2.X to 3.X.

Python scripts are actually used at the core of CentOS for functions vital to the functionality of the operating system. Because of this, it is important to isolate our development Python environment from CentOS' core Python environment.

For starters, there are currently two versions of Python − Python 2.X and Python 3.X.

Both stages are still in active production, though version 2.X is quickly closing in on depreciation (and has been for a few years). The reason for the two active versions of Python was basically fixing the shortcomings of version 2.X. This required some core functionality of version 3.X to be redone in ways it could not support some version 2.X scripts.

Basically, the best way to overcome this transition is − Develop for 3.X and keep up with the latest 2.X version for legacy scripts. Currently, CentOS 7.X relies on a semi-current revision of version 2.X.

As of this writing, the most current versions of Python are − 3.4.6 and 2.7.13.

Don't let this confuse or draw any conclusions of Python. Setting up a Python environment is really pretty simple. With Python frameworks and libraries, this task is actually really easy to accomplish.

Before setting up our Python environments, we need a sane environment. To start, let's make sure our CentOS install is fully updated and get some building utilities installed.

Step 1 − Update CentOS.

[root@CentOS]# yum -y update

Step 2 − Install build utilities.

[root@CentOS]# yum -y groupinstall "development tools"

Step 3 − Install some needed packages.

[root@CentOS]# yum install -y zlib-dev openssl-devel sqlite-devel bip2-devel

Now we need to install current Python 2.X and 3.X from source.

Download compressed archives
Extract files
Compile source code

Let's start by creating a build directory for each Python install in /usr/src/

[root@CentOS]# mkdir -p /usr/src/pythonSource

Now let's download the source tarballs for each −

[root@CentOS]# wget https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tar.xz
[root@CentOS]# wget https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz

Now we need to extract each from the archive.

Step 1 − Install xz-libs and extract the tarballs.

[root@CentOS]# yum install xz-libs
[root@CentOS python3]# xz -d ./*.xz
[root@CentOS python3]# ls
Python-2.7.13.tar  Python-3.6.0.tar
[root@CentOS python3]#

Step 2 − Untar each installer from its tarball.

[root@CentOS]# tar -xvf ./Python-2.7.13.tar
[root@CentOS]# tar -xvf ./Python-3.6.0.tar

Step 3 − Enter each directory and run the configure script.

[root@CentOS]# ./configure --prefix=/usr/local 
root@CentOS]# make altinstall

Note − Be sure to use altinstall and not install. This will keep CentOS and development versions of Python separated. Otherwise, you may break the functionality of CentOS.

You will now see the compilation process begins. Grab a cup of coffee and take a 15minute break until completion. Since we installed all the needed dependencies for Python, the compilation process should complete without error.

Let's make sure we have the latest 2.X version of Python installed.

[root@CentOS Python-2.7.13]# /usr/local/bin/python2.7 -V 
Python 2.7.13
[root@CentOS Python-2.7.13]#

Note − You will want to prefix the shebang line pointing to our development environment for Python 2.X.

[root@CentOS Python-2.7.13]# cat ver.py  
#!/usr/local/bin/python2.7 
import sys 
print(sys.version)

[root@CentOS Python-2.7.13]# ./ver.py 
2.7.13 (default, Jan 29 2017, 02:24:08)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]

Just like that, we have separate Python installs for versions 2.X and 3.X. From here, we can use each and utilities such as pip and virtualenv to further ease the burden of managing Python environments and package installation.

Configure PHP in CentOS Linux

PHP is the one of the most prolific web languages in use today. Installing a LAMP Stack on CentOS is something every system administrator will need to perform, most likely sooner than later.

A traditional LAMP Stack consists of (L)inux (A)pache (M)ySQL (P)HP.

There are three main components to a LAMP Stack on CentOS −

Web Server
Web Development Platform / Language
Database Server

Note − The term LAMP Stack can also include the following technologies: PostgreSQL, MariaDB, Perl, Python, Ruby, NGINX Webserver.

For this tutorial, we will stick with the traditional LAMP Stack of CentOS GNU Linux: Apache web server, MySQL Database Server, and PHP.

We will actually be using MariaDB. MySQL configuration files, databases and tables are transparent to MariaDB. MariaDB is now included in the standard CentOS repository instead of MySQL. This is due to the limitations of licensing and open-source compliance, since Oracle has taken over the development of MySQL.

The first thing we need to do is install Apache.

[root@CentOS]# yum install httpd
Loaded plugins: fastestmirror, langpacks
base
| 3.6 kB  00:00:00
extras
| 3.4 kB  00:00:00
updates
| 3.4 kB  00:00:00
extras/7/x86_64/primary_d
| 121 kB  00:00:00
Loading mirror speeds from cached hostfile
* base: mirror.sigmanet.com
* extras: linux.mirrors.es.net
* updates: mirror.eboundhost.com
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-45.el7.centos will be installed
--> Processing Dependency: httpd-tools = 2.4.6-45.el7.centos for package:
httpd-2.4.6-45.el7.centos.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.645.el7.centos.x86_64
--> Running transaction check
---> Package httpd-tools.x86_64 0:2.4.6-45.el7.centos will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency Resolution
Installed:
httpd.x86_64 0:2.4.6-45.el7.centos

Dependency Installed:
httpd-tools.x86_64 0:2.4.6-45.el7.centos
mailcap.noarch 0:2.1.41-2.el7

Complete!
[root@CentOS]#

Let's configure httpd service.

[root@CentOS]# systemctl start httpd && systemctl enable httpd

Now, let's make sure the web-server is accessible through firewalld.

bash-3.2# nmap -sS -p 1-1024 -T 5  -sV 10.211.55.1 
Starting Nmap 7.30 ( https://nmap.org ) at 2017-01-28 02:00 MST 
Nmap scan report for centos.shared (10.211.55.1) 
Host is up (0.00054s latency). 
Not shown: 1022 filtered ports 
PORT   STATE SERVICE VERSION 
22/tcp open  ssh     OpenSSH 6.6.1 (protocol 2.0) 
80/tcp open  http    Apache httpd 2.4.6 ((CentOS))

Service detection performed. Please report any incorrect results at 
https://nmap.org/submit/ . 
Nmap done: 1 IP address (1 host up) scanned in 10.82 seconds bash-3.2#

As you can see by the nmap service probe, Apache webserver is listening and responding to requests on the CentOS host.

Install MySQL Database Server

[root@CentOS rdc]# yum install mariadb-server.x86_64 && yum install mariadb-
devel.x86_64 && mariadb.x86_64 && mariadb-libs.x86_64

We are installing the following repository packages for MariaDB −

mariadb-server.x86_64

The main MariaDB Server daemon package.

mariadb-devel.x86_64

Files need to compile from the source with MySQL/MariaDB compatibility.

mariadb.x86_64

MariaDB client utilities for administering MariaDB Server from the command line.

mariadb-libs.x86_64

Common libraries for MariaDB that could be needed for other applications compiled with MySQL/MariaDB support.

Now, let's start and enable the MariaDB Service.

[root@CentOS]# systemctl start mariadb 
[root@CentOS]# systemctl enable  mariadb

Note − Unlike Apache, we will not enable connections to MariaDB through our host-based firewall (firewalld). When using a database server, it's considered best security practice to only allow local socket connections, unless the remote socket access is specifically needed.

Let's make sure the MariaDB Server is accepting connections.

[root@CentOS#] netstat -lnt 
Active Internet connections (only servers) 
Proto     Recv-Q     Send-Q     Local Address        Foreign Address      State       
tcp            0          0     0.0.0.0:3306         0.0.0.0:*            LISTEN      
tcp            0          0     0.0.0.0:111          0.0.0.0:*            LISTEN      
tcp            0          0     192.168.122.1:53     0.0.0.0:*            LISTEN      
tcp            0          0     0.0.0.0:22           0.0.0.0:*            LISTEN      
tcp            0          0     127.0.0.1:631        0.0.0.0:*            LISTEN      
tcp            0          0     127.0.0.1:25         0.0.0.0:*            LISTEN 
     
[root@CentOS rdc]#

As we can see, MariaDB is listening on port 3306 tcp. We will leave our host-based firewall (firewalld) blocking incoming connections to port 3306.

Install and Configure PHP

[root@CentOS#]  yum install php.x86_64 && php-common.x86_64 && php-mysql.x86_64 
&& php-mysqlnd.x86_64 && php-pdo.x86_64 && php-soap.x86_64 && php-xml.x86_64

I'd recommend installing the following php packages for common compatibility −

php-common.x86_64
php-mysql.x86_64
php-mysqlnd.x86_64
php-pdo.x86_64
php-soap.x86_64
php-xml.x86_64

[root@CentOS]# yum install -y php-common.x86_64 php-mysql.x86_64 php-
mysqlnd.x86_64 php-pdo.x86_64 php-soap.x86_64 php-xml.x86_64

This is our simple php file located in the Apache webroot of /var/www/html/

[root@CentOS]# cat /var/www/html/index.php  
<html> 
   <head> 
      <title>PHP Test Page</title> 
   </head>
   
   <body> 
      PHP Install 
      <?php 
         echo "We are now running PHP on GNU Centos Linux!<br />" 
      ?> 
   </body> 
</html>

[root@CentOS]#

Let's change the owning group of our page to the system user our http daemon is running under.

[root@CentOS]# chgrp httpd /var/www/html/index.php && chmod g+rx /var/www/html/index.php
---

When requested manually via ncat.

bash-3.2# ncat 10.211.55.1 80 
   GET / index.php 
   HTTP/1.1 200 OK 
   Date: Sat, 28 Jan 2017 12:06:02 GMT 
   Server: Apache/2.4.6 (CentOS) PHP/5.4.16 
   X-Powered-By: PHP/5.4.16 
   Content-Length: 137 
   Connection: close 
   Content-Type: text/html; charset=UTF-8
   
<html> 
   <head> 
      <title>PHP Test Page</title> 
   </head>
   
   <body> 
      PHP Install 
      We are now running PHP on GNU Centos Linux!<br />
   </body> 
</html>

bash-3.2#

PHP and LAMP are very popular web-programming technologies. LAMP installation and configuration is sure to come up on your list of needs as a CentOS Administrator. Easy to use CentOS packages have taken a lot of work from compiling Apache, MySQL, and PHP from the source code.

Linux Admin - Firewall Setup

firewalld is the default front-end controller for iptables on CentOS. The firewalld front-end has two main advantages over raw iptables −

Uses easy-to-configure and implement zones abstracting chains and rules.
Rulesets are dynamic, meaning stateful connections are uninterrupted when the settings are changed and/or modified.

Remember, firewalld is the wrapper for iptables - not a replacement. While custom iptables commands can be used with firewalld, it is recommended to use firewalld as to not break the firewall functionality.

First, let's make sure firewalld is both started and enabled.

[root@CentOS rdc]# systemctl status firewalld 
● firewalld.service - firewalld - dynamic firewall daemon 
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) 
Active: active (running) since Thu 2017-01-26 21:42:05 MST; 3h 46min ago 
 Docs: man:firewalld(1) 
Main PID: 712 (firewalld) 
  Memory: 34.7M 
 CGroup: /system.slice/firewalld.service 
       └─712 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

We can see, firewalld is both active (to start on boot) and currently running. If inactive or not started we can use −

systemctl start firewalld && systemctl enable firewalld

Now that we have our firewalld service configured, let's assure it is operational.

[root@CentOS]# firewall-cmd --state 
running 
[root@CentOS]#

We can see, the firewalld service is fully functional.

Firewalld works on the concept of zones. A zone is applied to network interfaces through the Network Manager. We will discuss this in configuring networking. But for now, by default, changing the default zone will change any network adapters left in the default state of "Default Zone".

Let's take a quick look at each zone that comes out-of-the-box with firewalld.

Sr.No.	Zone & Description
1	drop Low trust level. All incoming connections and packetsare dropped and only outgoing connections are possible via statefullness
2	block Incoming connections are replied with an icmp message letting the initiator know the request is prohibited
3	public All networks are restricted. However, selected incoming connections can be explicitly allowed
4	external Configures firewalld for NAT. Internal network remains private but reachable
5	dmz Only certain incoming connections are allowed. Used for systems in DMZ isolation
6	work By default, trust more computers on the network assuming the system is in a secured work environment
7	hone By default, more services are unfiltered. Assuming a system is on a home network where services such as NFS, SAMBA and SSDP will be used
8	trusted All machines on the network are trusted. Most incoming connections are allowed unfettered. This is not meant for interfaces exposed to the Internet

The most common zones to use are:public, drop, work, and home.

Some scenarios where each common zone would be used are −

public − It is the most common zone used by an administrator. It will let you apply the custom settings and abide by RFC specifications for operations on a LAN.
drop − A good example of when to use drop is at a security conference, on public WiFi, or on an interface connected directly to the Internet. drop assumes all unsolicited requests are malicious including ICMP probes. So any request out of state will not receive a reply. The downside of drop is that it can break the functionality of applications in certain situations requiring strict RFC compliance.
work − You are on a semi-secure corporate LAN. Where all traffic can be assumed moderately safe. This means it is not WiFi and we possibly have IDS, IPS, and physical security or 802.1x in place. We also should be familiar with the people using the LAN.
home − You are on a home LAN. You are personally accountable for every system and the user on the LAN. You know every machine on the LAN and that none have been compromised. Often new services are brought up for media sharing amongst trusted individuals and you don't need to take extra time for the sake of security.

Zones and network interfaces work on a one to many level. One network interface can only have a single zone applied to it at a time. While, a zone can be applied to many interfaces simultaneously.

Let's see what zones are available and what are the currently applied zone.

[root@CentOS]# firewall-cmd --get-zones 
 work drop internal external trusted home dmz public block

[root@CentOS]# firewall-cmd --get-default-zone 
public
[root@CentOS]#

Ready to add some customized rules in firewalld?

First, let's see what our box looks like, to a portscanner from outside.

bash-3.2# nmap -sS -p 1-1024 -T 5  10.211.55.1
 
Starting Nmap 7.30 ( https://nmap.org ) at 2017-01-27 23:36 MST 
Nmap scan report for centos.shared (10.211.55.1) 
Host is up (0.00046s latency). 
Not shown: 1023 filtered ports 
PORT   STATE SERVICE 
22/tcp open  ssh


Nmap done: 1 IP address (1 host up) scanned in 3.71 seconds 
bash-3.2#

Let's allow the incoming requests to port 80.

First, check to see what zone is applied as default.

[root@CentOs]# firewall-cmd --get-default-zone 
public
[root@CentOS]#

Then, set the rule allowing port 80 to the current default zone.

[root@CentOS]# firewall-cmd --zone=public --add-port = 80/tcp 
success
[root@CentOS]#

Now, let's check our box after allowing port 80 connections.

bash-3.2# nmap -sS -p 1-1024 -T 5  10.211.55.1

Starting Nmap 7.30 ( https://nmap.org ) at 2017-01-27 23:42 MST 
Nmap scan report for centos.shared (10.211.55.1) 
Host is up (0.00053s latency). 
Not shown: 1022 filtered ports 
PORT   STATE  SERVICE 
22/tcp open   ssh 
80/tcp closed http

Nmap done: 1 IP address (1 host up) scanned in 3.67 seconds 
bash-3.2#

It now allows unsolicited traffic to 80.

Let's put the default zone to drop and see what happens to port scan.

[root@CentOS]# firewall-cmd --set-default-zone=drop 
success

[root@CentOS]# firewall-cmd --get-default-zone 
drop

[root@CentOs]#

Now let's scan the host with the network interface in a more secure zone.

bash-3.2# nmap -sS -p 1-1024 -T 5  10.211.55.1 
Starting Nmap 7.30 ( https://nmap.org ) at 2017-01-27 23:50 MST 
Nmap scan report for centos.shared (10.211.55.1) 
Host is up (0.00094s latency). 
All 1024 scanned ports on centos.shared (10.211.55.1) are filtered

Nmap done: 1 IP address (1 host up) scanned in 12.61 seconds 
bash-3.2#

Now, everything is filtered from outside.

As demonstrated below, the host will not even respond to ICMP ping requests when in drop.

bash-3.2# ping 10.211.55.1 
PING 10.211.55.1 (10.211.55.1): 56 data bytes 
Request timeout for icmp_seq 0 
Request timeout for icmp_seq 1 
Request timeout for icmp_seq 2

Let's set the default zone to public again.

[root@CentOs]# firewall-cmd --set-default-zone=public 
success

[root@CentOS]# firewall-cmd --get-default-zone 
public

[root@CentOS]#

Now let's check our current filtering ruleset in public.

[root@CentOS]# firewall-cmd --zone=public --list-all 
public (active) 
target: default 
icmp-block-inversion: no 
interfaces: enp0s5 
sources:  
services: dhcpv6-client ssh 
ports: 80/tcp 
protocols:  
masquerade: no 
forward-ports:  
sourceports:  
icmp-blocks:  
rich rules:

[root@CentOS rdc]#

As configured, our port 80 filter rule is only within the context of the running configuration. This means once the system is rebooted or the firewalld service is restarted, our rule will be discarded.

We will be configuring an httpd daemon soon, so let's make our changes persistent −

[root@CentOS]# firewall-cmd --zone=public --add-port=80/tcp --permanent 
success

[root@CentOS]# systemctl restart firewalld

[root@CentOS]#

Now our port 80 rule in the public zone is persistent across reboots and service restarts.

Following are the common firewalld commands applied with firewall-cmd.

Command	Action
firewall-cmd --get-zones	Lists all zones that can be applied to an interface
firewall-cmd —status	Returns the currents status of the firewalld service
firewall-cmd --get-default-zone	Gets the current default zone
firewall-cmd --set-default-zone=<zone>	Sets the default zone into the current context
firewall-cmd --get-active-zone	Gets the current zones in context as applied to an interface
firewall-cmd --zone=<zone> --list-all	Lists the configuration of supplied zone
firewall-cmd --zone=<zone> --addport=<port/transport protocol>	Applies a port rule to the zone filter
--permanent	Makes changes to the zone persistent. Flag is used inline with modification commands

These are the basic concepts of administrating and configuring firewalld.

Configuring host-based firewall services in CentOS can be a complex task in more sophisticated networking scenarios. Advanced usage and configuration of firewalld and iptables in CentOS can take an entire tutorial. However, we have presented the basics that should be enough to complete a majority of daily tasks.

Linux Admin - Process Management

Following are the common commands used with Process Management–bg, fg, nohup, ps, pstree, top, kill, killall, free, uptime, nice.

Work with Processes

Quick Note − Process PID in Linux

In Linux every running process is given a PID or Process ID Number. This PID is how CentOS identifies a particular process. As we have discussed, systemd is the first process started and given a PID of 1 in CentOS.

Pgrep is used to get Linux PID for a given process name.

[root@CentOS]# pgrep systemd 
1 
[root@CentOS]#

As seen, the pgrep command returns the current PID of systemd.

Basic CentOS Process and Job Management in CentOS

When working with processes in Linux it is important to know how basic foregrounding and backgrounding processes is performed at the command line.

fg − Bringsthe process to the foreground
bg − Movesthe process to the background
jobs − List of the current processes attached to the shell
ctrl+z − Control + z key combination to sleep the current process
& − Startsthe process in the background

Let's start using the shell command sleep. sleep will simply do as it is named, sleep for a defined period of time − sleep.

[root@CentOS ~]$ jobs

[root@CentOS ~]$ sleep 10 & 
[1] 12454 

[root@CentOS ~]$ sleep 20 & 
[2] 12479

[root@CentOS ~]$ jobs 
[1]-  Running                 sleep 10 & 
[2]+  Running                 sleep 20 &

[cnetos@CentOS ~]$

Now, let's bring the first job to the foreground −

[root@CentOS ~]$ fg 1 
sleep 10

If you are following along, you'll notice the foreground job is stuck in your shell. Now, let's put the process to sleep, then re-enable it in the background.

Hit control+z
Type: bg 1, sending the first job into the background and starting it.

[root@CentOS ~]$ fg 1 
sleep 20 
^Z 
[1]+  Stopped                 sleep 20

[root@CentOS ~]$ bg 1 
[1]+ sleep 20 &

[root@CentOS ~]$

nohup

When working from a shell or terminal, it is worth noting that by default all the processes and jobs attached to the shell will terminate when the shell is closed or the user logs out. When using nohup the process will continue to run if the user logs out or closes the shell to which the process is attached.

[root@CentOS]# nohup ping www.google.com & 
[1] 27299 
nohup: ignoring input and appending output to ‘nohup.out’

[root@CentOS]# pgrep ping 
27299

[root@CentOS]# kill -KILL `pgrep ping` 
[1]+  Killed                  nohup ping www.google.com

[root@CentOS rdc]# cat nohup.out  
PING www.google.com (216.58.193.68) 56(84) bytes of data. 
64 bytes from sea15s07-in-f4.1e100.net (216.58.193.68): icmp_seq = 1 ttl = 128
time = 51.6 ms 
64 bytes from sea15s07-in-f4.1e100.net (216.58.193.68): icmp_seq = 2 ttl = 128
time = 54.2 ms 
64 bytes from sea15s07-in-f4.1e100.net (216.58.193.68): icmp_seq = 3 ttl = 128
time = 52.7 ms

ps Command

The ps command is commonly used by administrators to investigate snapshots of a specific process. ps is commonly used with grep to filter out a specific process to analyze.

[root@CentOS ~]$ ps axw | grep python 
762   ?        Ssl    0:01 /usr/bin/python -Es /usr/sbin/firewalld --nofork -nopid 
1296  ?        Ssl    0:00 /usr/bin/python -Es /usr/sbin/tuned -l -P 
15550 pts/0    S+     0:00 grep --color=auto python

In the above command, we see all the processes using the python interpreter. Also included with the results were our grep command, looking for the string python.

Following are the most common command line switches used with ps.

Switch	Action
a	Excludes constraints of only the reporting processes for the current user
x	Shows processes not attached to a tty or shell
w	Formats wide output display of the output
e	Shows environment after the command
-e	Selects all processes
-o	User-defined formatted output
-u	Shows all processes by a specific user
-C	Shows all processes by name or process id
--sort	Sorts the processes by definition

To see all processes in use by the nobody user −

[root@CentOS ~]$ ps -u nobody 
PID TTY          TIME CMD 
1853 ?        00:00:00 dnsmasq 

[root@CentOS ~]$

To see all information about the firewalld process −

[root@CentOS ~]$ ps -wl -C firewalld 
F   S   UID   PID   PPID   C   PRI   NI   ADDR   SZ   WCHAN   TTY   TIME      CMD
0   S     0   762      1   0    80   0     -   81786  poll_s   ?   00:00:01 firewalld 

[root@CentOS ~]$

Let's see which processes are consuming the most memory −

[root@CentOS ~]$ ps aux  --sort=-pmem | head -10 
USER       PID   %CPU   %MEM   VSZ     RSS   TTY   STAT   START   TIME   COMMAND 
cnetos     6130   0.7   5.7   1344512 108364  ?      Sl   02:16   0:29  /usr/bin/gnome-shell 
cnetos     6449   0.0   3.4   1375872 64440   ?      Sl   02:16   0:00  /usr/libexec/evolution-calendar-factory 
root       5404   0.6   2.1   190256  39920 tty1     Ssl+ 02:15   0:27  /usr/bin/Xorg :0 -background none -noreset -audit 4 -verbose -auth /run/gdm/auth-for-gdm-iDefCt/database -seat seat0 -nolisten tcp vt1 
cnetos     6296   0.0   1.7   1081944 32136   ?      Sl   02:16   0:00  /usr/libexec/evolution/3.12/evolution-alarm-notify 
cnetos     6350   0.0   1.5   560728  29844   ?      Sl   02:16   0:01  /usr/bin/prlsga 
cnetos     6158   0.0   1.4   1026956 28004   ?      Sl   02:16   0:00  /usr/libexec/gnome-shell-calendar-server 
cnetos     6169   0.0   1.4   1120028 27576   ?      Sl   02:16   0:00  /usr/libexec/evolution-source-registry 
root       762    0.0   1.4   327144  26724   ?      Ssl  02:09   0:01  /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid 
cnetos     6026   0.0  1.4 1090832 26376      ?      Sl   02:16   0:00  /usr/libexec/gnome-settings-daemon

[root@CentOS ~]$

See all the processes by user centos and format, displaying the custom output −

[cnetos@CentOS ~]$ ps -u cnetos -o pid,uname,comm 
   PID    USER     COMMAND 
   5802  centos   gnome-keyring-d 
   5812  cnetos   gnome-session 
   5819  cnetos   dbus-launch 
   5820  cnetos   dbus-daemon 
   5888  cnetos   gvfsd 
   5893  cnetos   gvfsd-fuse 
   5980  cnetos   ssh-agent   
   5996  cnetos   at-spi-bus-laun

pstree Command

pstree is similar to ps but is not often used. It displays the processes in a neater tree fashion.

[centos@CentOS ~]$ pstree 
  systemd─┬─ModemManager───2*[{ModemManager}] 
          ├─NetworkManager─┬─dhclient 
          │                └─2*[{NetworkManager}] 
          ├─2*[abrt-watch-log] 
          ├─abrtd 
          ├─accounts-daemon───2*[{accounts-daemon}] 
          ├─alsactl 
          ├─at-spi-bus-laun─┬─dbus-daemon───{dbus-daemon} 
          │                 └─3*[{at-spi-bus-laun}] 
          ├─at-spi2-registr───2*[{at-spi2-registr}] 
          ├─atd 
          ├─auditd─┬─audispd─┬─sedispatch 
          │        │         └─{audispd} 
          │        └─{auditd} 
          ├─avahi-daemon───avahi-daemon 
          ├─caribou───2*[{caribou}] 
          ├─cgrulesengd 
          ├─chronyd 
          ├─colord───2*[{colord}] 
          ├─crond 
          ├─cupsd

The total output from pstree can exceed 100 lines. Usually, ps will give more useful information.

top Command

top is one of the most often used commands when troubleshooting performance issues in Linux. It is useful for real-time stats and process monitoring in Linux. Following is the default output of top when brought up from the command line.

Tasks: 170 total,   1 running, 169 sleeping,   0 stopped,   0 zombie 
%Cpu(s):  2.3 us,  2.0 sy,  0.0 ni, 95.7 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st 
KiB Mem :  1879668 total,   177020 free,   607544 used,  1095104 buff/cache 
KiB Swap:  3145724 total,  3145428 free,      296 used.  1034648 avail Mem 
 
PID    USER     PR   NI    VIRT     RES   SHR    S  %CPU  %MEM   TIME+   COMMAND
5404   root     20   0    197832   48024  6744   S   1.3   2.6  1:13.22   Xorg
8013   centos   20   0    555316   23104  13140  S   1.0   1.2  0:14.89   gnome-terminal-
6339   centos   20   0    332336   6016   3248   S   0.3   0.3  0:23.71   prlcc
6351   centos   20   0    21044    1532   1292   S   0.3   0.1  0:02.66   prlshprof

Common hot keys used while running top (hot keys are accessed by pressing the key as top is running in your shell).

Command	Action
b	Enables / disables bold highlighting on top menu
z	Cycles the color scheme
l	Cycles the load average heading
m	Cycles the memory average heading
t	Task information heading
h	Help menu
Shift+F	Customizes sorting and display fields

Following are the common command line switches for top.

Command	Action
-o	Sorts by column (can prepend with - or + to sort ascending or descending)
-u	Shows only processes from a specified user
-d	Updates the delay time of top
-O	Returns a list of columns which top can apply sorting

Sorting options screen in top, presented using Shift+F. This screen allows customization of top display and sort options.

Fields Management for window 1:Def, whose current sort field is %MEM 
Navigate with Up/Dn, Right selects for move then <Enter> or Left commits, 
 'd' or <Space> toggles display, 's' sets sort.  Use 'q' or <Esc> to end!
 
* PID     = Process Id             TGID    = Thread Group Id      
* USER    = Effective User Name    ENVIRON = Environment vars     
* PR      = Priority               vMj     = Major Faults delta   
* NI      = Nice Value             vMn     = Minor Faults delta   
* VIRT    = Virtual Image (KiB)    USED    = Res+Swap Size (KiB)  
* RES     = Resident Size (KiB)    nsIPC   = IPC namespace Inode  
* SHR     = Shared Memory (KiB)    nsMNT   = MNT namespace Inode
* S       = Process Status         nsNET   = NET namespace Inode  
* %CPU    = CPU Usage              nsPID   = PID namespace Inode  
* %MEM    = Memory Usage (RES)     nsUSER  = USER namespace Inode 
* TIME+   = CPU Time, hundredths   nsUTS   = UTS namespace Inode  
* COMMAND = Command Name/Line 
PPID    = Parent Process pid
UID     = Effective User Id

top, showing the processes for user rdc and sorted by memory usage −

 PID   USER  %MEM  PR  NI    VIRT    RES    SHR    S %CPU     TIME+    COMMAND
 6130  rdc    6.2  20   0  1349592  117160  33232  S  0.0   1:09.34    gnome-shell
 6449  rdc    3.4  20   0  1375872   64428  21400  S  0.0   0:00.43    evolution-calen
 6296  rdc    1.7  20   0  1081944   32140  22596  S  0.0   0:00.40    evolution-alarm
 6350  rdc    1.6  20   0   560728   29844   4256  S  0.0   0:10.16    prlsga
 6281  rdc    1.5  20   0  1027176   28808  17680  S  0.0   0:00.78    nautilus
 6158  rdc    1.5  20   0  1026956   28004  19072  S  0.0   0:00.20    gnome-shell-cal

Showing valid top fields (condensed) −

[centos@CentOS ~]$ top -O 
PID 
PPID 
UID 
USER 
RUID 
RUSER 
SUID 
SUSER 
GID 
GROUP 
PGRP 
TTY 
TPGID

kill Command

The kill command is used to kill a process from the command shell via its PID. When killing a process, we need to specify a signal to send. The signal lets the kernel know how we want to end the process. The most commonly used signals are −

SIGTERM is implied as the kernel lets a process know it should stop soon as it is safe to do so. SIGTERM gives the process an opportunity to exit gracefully and perform safe exit operations.
SIGHUP most daemons will restart when sent SIGHUP. This is often used on the processes when changes have been made to a configuration file.
SIGKILL since SIGTERM is the equivalent to asking a process to shut down. The kernel needs an option to end a process that will not comply with requests. When a process is hung, the SIGKILL option is used to shut the process down explicitly.

For a list off all signals that can be sent with kill the -l option can be used −

[root@CentOS]# kill -l 
1) SIGHUP           2) SIGINT         3) SIGQUIT        4) SIGILL         5) SIGTRAP
6) SIGABRT          7) SIGBUS         8) SIGFPE         9) SIGKILL       10) SIGUSR1
11) SIGSEGV        12) SIGUSR2       13) SIGPIPE       14) SIGALRM       15) SIGTERM
16) SIGSTKFLT      17) SIGCHLD       18) SIGCONT       19) SIGSTOP       20) SIGTSTP
21) SIGTTIN        22) SIGTTOU       23) SIGURG        24) SIGXCPU       25) SIGXFSZ
26) SIGVTALRM      27) SIGPROF       28) SIGWINCH      29) SIGIO         30) SIGPWR
31) SIGSYS         34) SIGRTMIN      35) SIGRTMIN+1    36) SIGRTMIN+2    37) SIGRTMIN+3
38) SIGRTMIN+4     39) SIGRTMIN+5    40) SIGRTMIN+6    41) SIGRTMIN+7    42) SIGRTMIN+8
43) SIGRTMIN+9     44) SIGRTMIN+10   45) SIGRTMIN+11   46) SIGRTMIN+12   47) SIGRTMIN+13 
48) SIGRTMIN+14    49) SIGRTMIN+15   50) SIGRTMAX-14   51) SIGRTMAX-13   52) SIGRTMAX-12 
53) SIGRTMAX-11    54) SIGRTMAX-10   55) SIGRTMAX-9    56) SIGRTMAX-8    57) SIGRTMAX-7
58) SIGRTMAX-6     59) SIGRTMAX-5    60) SIGRTMAX-4    61) SIGRTMAX-3    62) SIGRTMAX-2
63) SIGRTMAX-1     64) SIGRTMAX

[root@CentOS rdc]#

Using SIGHUP to restart system.

[root@CentOS]# pgrep systemd 
1 
464 
500 
643 
15071

[root@CentOS]# kill -HUP 1

[root@CentOS]# pgrep systemd
1 
464 
500 
643 
15196 
15197 
15198

[root@CentOS]#

pkill will allow the administrator to send a kill signal by the process name.

[root@CentOS]# pgrep ping 
19450 
[root@CentOS]# pkill -9 ping 
[root@CentOS]# pgrep ping 
[root@CentOS]#

killall will kill all the processes. Be careful using killall as root, as it will kill all the processes for all users.

[root@CentOS]# killall chrome

free Command

free is a pretty simple command often used to quickly check the memory of a system. It displays the total amount of used physical and swap memory.

[root@CentOS]# free 
             total       used      free      shared      buff/cache      available 
Mem:        1879668     526284    699796     10304        653588          1141412 
Swap:       3145724          0    3145724

[root@CentOS]#

nice Command

nice will allow an administrator to set the scheduling priority of a process in terms of CPU usages. The niceness is basically how the kernel will schedule CPU time slices for a process or job. By default, it is assumed the process is given equal access to CPU resources.

First, let's use top to check the niceness of the currently running processes.

PID   USER   PR   NI    VIRT    RES    SHR   S  %CPU  %MEM     TIME+    COMMAND
28    root   39   19       0      0      0   S  0.0   0.0    0:00.17    khugepaged
690   root   39   19   16808   1396   1164   S  0.0   0.1    0:00.01    alsactl]
9598  rdc    39   19  980596  21904  10284   S  0.0   1.2    0:00.27    tracker-extract
9599  rdc    39   19  469876   9608   6980   S  0.0   0.5    0:00.04    tracker-miner-a
9609  rdc    39   19  636528  13172   8044   S  0.0   0.7    0:00.12    tracker-miner-f
9611  rdc    39   19  469620   8984   6496   S  0.0   0.5    0:00.02    tracker-miner-u
27    root   25    5       0      0      0   S  0.0   0.0    0:00.00    ksmd
637   rtkit  21    1  164648   1276   1068   S  0.0   0.1    0:00.11    rtkit-daemon
1     root   20    0  128096   6712   3964   S  0.3   0.4    0:03.57    systemd
2     root   20    0       0      0      0   S  0.0   0.0    0:00.01    kthreadd
3     root   20    0       0      0      0   S  0.0   0.0    0:00.50    ksoftirqd/0
7     root   20    0       0      0      0   S  0.0   0.0    0:00.00    migration/0
8     root   20    0       0      0      0   S  0.0   0.0    0:00.00    rcu_bh
9     root   20    0       0      0      0   S  0.0   0.0    0:02.07    rcu_sched

We want to focus on the NICE column depicted by NI. The niceness range can be anywhere between -20 to positive 19. -20 represents the highest given priority.

nohup nice --20 ping www.google.com &

PID USER    PR NI  VIRT    RES  SHR  S %CPU %MEM  TIME+    COMMAND
30727 root  0 -20  132108 1640  1264 S 0.0   0.1  0:00.06   ping

renice

renice allows us to change the current priority of a process that is already running.

renice 17 -p 30727

The above command will lower the priority of our ping process command.