LAB — PROCESS MONITORING

Process Monitoring Lab

Six interactive exercises covering top, htop, signal theory, job control, and system load diagnosis — the core toolkit for Linux system administration.

Platform: Linux Terminal

Exercises: 6

Difficulty: Intermediate

Est. Time: 55–70 min

Lab Objectives

Use top interactively and interpret its columns and header
Navigate htop and understand its advantages over top
Identify and terminate resource-hogging rogue processes
Understand and send SIGTERM, SIGKILL, and SIGHUP signals
Manage foreground/background jobs with job control and nohup
Diagnose system load using uptime, vmstat, and iostat output

Basic top — Real-Time Process Viewer

TOP ▼

SCENARIOA server is sluggish. Before you do anything else, you need a live view of what is consuming resources. top is installed on virtually every Linux system — it is your first line of investigation.

Type top in the terminal below, then press q to quit the simulated output.

student@hexworth: ~

student@hexworth:~$

Hint: type top to launch the process viewer.

COLUMN GUIDE

PID — Process ID, unique integer assigned by the kernel.
USER — Owner of the process (who launched it).
%CPU — CPU time consumed as a percentage of one core.
%MEM — Percentage of physical RAM the process is using.
COMMAND — The executable name or full command line.
STAT — Process state: R=running, S=sleeping, D=uninterruptible I/O, Z=zombie, T=stopped.

htop — Enhanced Interactive Monitor

HTOP ▼

SCENARIOYou want a more readable, color-coded view of system resources. htop adds CPU core bars, scrollable process lists, and mouse support — a significant upgrade from plain top.

Type htop to launch the simulation.

student@hexworth: ~

student@hexworth:~$

Hint: type htop to open the enhanced monitor.

HTOP ADVANTAGES OVER TOP

Visual CPU bars per core give instant load distribution feedback.
Horizontal and vertical scrolling — see all processes and all columns.
Mouse support — click column headers to sort, click processes to select.
F9 kill menu with signal selection (no need to remember signal numbers).
F5 tree view shows parent/child relationships inline.

Finding and Killing Resource Hogs

ROGUE PROCESS ▼

SCENARIOYour server is running at 100% CPU. Another admin left a test crypto-miner running. You must identify its PID and terminate it before it causes an outage.

Use ps aux --sort=-%cpu to find the rogue process, then kill <PID> to terminate it.

student@hexworth: ~ [HIGH CPU ALERT]

student@hexworth:~$

Hint: try ps aux --sort=-%cpu first, then kill 4821

REAL-WORLD WORKFLOW

1. Spot high CPU with top or ps aux --sort=-%cpu | head -5
2. Verify with ps -p 4821 -o pid,user,cmd,etime — confirm it is what you think
3. Try kill 4821 (SIGTERM) first — always give a process a chance to clean up
4. If it ignores SIGTERM, escalate: kill -9 4821 (SIGKILL)

Process Signals — SIGTERM, SIGKILL, SIGHUP

SIGNALS ▼

SCENARIONot all kill signals are equal. Sending the wrong signal can corrupt data, leave zombie processes, or fail entirely. Understanding the three most common signals is essential for safe system administration.

Signal	Number	Behavior	Use When
SIGHUP	1	Hang up — many daemons reload config on this signal	Reload nginx, sshd config without restart
SIGTERM	15	Terminate gracefully — process can catch and clean up	Default kill; always try this first
SIGKILL	9	Kill immediately — kernel enforced, cannot be caught	Last resort; process ignoring SIGTERM

Practice sending signals below. Try: kill -1 7712, kill -15 7712, then kill -9 7712.

student@hexworth: ~

# Process 7712 (nginx worker) is running. Send it signals below. # Check: ps aux | grep nginx (shows PID 7712)

student@hexworth:~$

Hint: try kill -1 7712 (SIGHUP — reload config)

IMPORTANT

kill does not actually "kill" by default — it sends SIGTERM (15), which is a polite request to shut down. The process may ignore it. Only SIGKILL (9) is guaranteed to terminate (the kernel handles it, not the process). Never use SIGKILL on database processes — you risk data corruption.

Background & Foreground Job Control

JOBS ▼

SCENARIOYou start a long-running task but need your terminal back. Linux job control lets you push processes to the background, bring them forward, and keep them alive after logout.

Follow the 7-step job control workflow in the simulated terminal.

WORKFLOW (follow in order) 1. sleep 100 & — start a background job
2. jobs — verify it is running
3. fg %1 — bring it to the foreground
4. Ctrl+Z — suspend the foreground process (type ctrl+z)
5. bg %1 — resume it in the background
6. disown %1 — detach job from the shell
7. nohup sleep 200 & — start a new hangup-immune process

student@hexworth: ~

student@hexworth:~$

Hint: type sleep 100 & to start a background job.

JOB CONTROL QUICK REFERENCE

command & — Start directly in background (appended ampersand)
Ctrl+Z — Suspend foreground process (sends SIGTSTP)
bg %1 — Resume job 1 in the background
fg %1 — Bring job 1 to the foreground
jobs — List all current shell jobs
nohup command & — Run in background, immune to hangup (survives logout)
disown %1 — Remove job from shell's job table (similar effect to nohup)

System Load Investigation

DIAGNOSIS ▼

SCENARIOThe monitoring dashboard shows a load average spike. You run three diagnostic commands and must interpret what type of bottleneck you are dealing with.

Type uptime, vmstat, or iostat to see system diagnostics.

student@hexworth: ~

student@hexworth:~$

Hint: try uptime, vmstat, or iostat

LOAD AVERAGE EXPLAINED

Load average (shown by uptime) represents average runnable+waiting processes over 1, 5, 15 minutes.
On a 4-core system: load of 4.0 = 100% utilized. Load of 8.0 = 200% = system is overloaded.
High load + high %wa in vmstat = I/O-bound. High %us/%sy + low %wa = CPU-bound.
High si/so in vmstat (swap in/out) = memory-bound.

Lab Complete?

Complete all six exercises, then mark this lab as finished to earn your progress credit.

Lab recorded! Returning to Linux Admin...