[vox-tech] Linux Computer Infected

Sat Jun 2 20:57:18 PDT 2018

Quoting Bob Scofield (scofield at omsoft.com):

> I've got it fixed.  But first thanks to Brian, Tim, Rod, and Rick.

Congratulations, Bob!  Good work.

When you're feeling in a mood to geek out and get to know some
old-school Unix command-line tools, here are some related to memory and
processes:

  top

'top' is a bit more instantly likeable than the others, because it
defaults to auto-refreshing its display of resources used by individual
processes every second (which is usualy handy), _and_ it has a couple of
operating modes.

In the default mode, it displays processes in order of CPU usage, with
the biggest CPU-grunt hogging processes on top.  But then, if you press
'M' (capital m), then the tool flips to its alternate mode, showing
processes in order of _RAM_ usage, biggest RAM-hogs first.  This is where
things start, unfortunately, to get complex and eye-crossing, because
the sort key used is '%MEM".  But there are several other columns with
other details of memory usage, which I'll not detail here.  Suffice to 
say each can be significant, depending.

(Irony alert:  For a command-line tool, 'top' is a bit
resource-intensive all but itself.  On more than one occasion, a Unix
server, slow and somewhat unresponsive because of running low on RAM, 
has been driven into falling over because 2 or 3 sysadmins ssh'd in and
simultaneously ran 'top'.  ;->  )

  free -m

The 'free' command is a system-wide report (not a process-level report)
on the current state of memory usage.  The 'm' switch I added means 
'...and please report values in units of megabytes, for
human-friendliness'.  There are a bunch of details in free's output
about usage of both physical RAM and virtual RAM, which you just have to
learn how to correctly interpret -- not difficult, but you'll end up
looking at the man page.

  ps auxw

The 'ps' command reports process status (thus the abbreviation), and
I've added parameters, detailing which would add too much gory detail, 
that have the effect of making ps report all currently running processes
without restriction.  The resulting output is guaranted to be verbose in
both width and length, so one usually ends up piping it to 'less' or to
a filter to extract only what you want to know about.

As with 'top', the ps command defaults to showing many columns about
processes, and there are actually more that can be dredged out with
other formatting directives (to ps) if necessary.  If it seems excessive
and overwhelming at first, be advised that's an entirely normal
reaction.

Leaving RAM aside for a moment, it's also important to be able to check
on disk usage.  The 'df' command is vital for a view of disk usage at
the level of entire filesystems (partitions).  'df -h' will show you
human-friendly (what the 'h' is for) output numbers.

Equally important is 'du', which once you master its options is
incredibly handy to show disk usage of subdirectories or other sets of
files.

Last in that department, let me offer the following handy Perl script
that you can write to your system (using root authority) as
/usr/local/bin/largest20 .  Don't forget to also make it executable by
doing (as the root user) 'chmod u+x /usr/local/bin/largest20'.)

---<begin snip>---

#!/usr/bin/perl -w
# You can alternatively just do:  
# find . -xdev -type f -print0 | xargs -r0 ls -l | sort -rn -k +5 | head -20
# Sometimes also handy:  du -cks * | sort -rn
use File::Find;

@ARGV = $ENV{ PWD } unless @ARGV;
find ( sub { $size{ $File::Find::name } = -s if -f; }, @ARGV );
@sorted = sort { $size{ $b } <=> $size{ $a } } keys %size;
splice @sorted, 20 if @sorted > 20;
printf "%10d %s\n", $size{$_}, $_ for @sorted

---<end snip>---