How to kill Zombie process in Linux

On Unix operating systems, a zombie process or defunct process is a process that has completed execution but still has an entry in the process table, allowing the process that started it to read its exit status. In the term’s colorful metaphor, the child process has died but has not yet been reaped.

Use top or ps command to find zombie processes.

# top
OR
# ps aux | awk ‘{ print $8 ” ” $2 }’ | grep -w Z

You cannot kill zombies, as they are already dead. But if you have too many zombies then kill parent process or restart service.

You can kill zombie process using PID obtained from any one of the above command. For example kill zombie proces having PID 4104:
# kill -9 4104

Please note that kill -9 does not guarantee to kill a zombie process.

How do I automate zombie process killing?

Write a script and schedule as a cron job.

The following is a script to kill Zombie processes.

for each in `ps -ef | grep ” | grep -v PID | awk ‘{ print $3 }’`; do
for every in `ps -ef | grep $each | grep -v cron | awk ‘{ print $2 }’`; do
kill -9 $every;
done;
done;

Very Useful commands – apt-get command

apt-get update
Consults /etc/apt/sources.list and updates the database of available packages. Be sure to run this command whenever sources.list is changed.

apt-cache search
Case-insensitive search of the package database for the keyword given. The package names and descriptions are returned where that keyword is found.

apt-get install Download and install the given package name as found in the package database. Starting with APT version 0.6, this command will automatically verify package authenticity for gpg keys it
knows about (http://wiki.debian.org/SecureApt).

apt-get -d install Download the package only, placing it in /var/cache/apt/archives.

apt-cache show Check updates for all installed packages and then prompt to download and install them.

apt-get autoclean
Can be run anytime to delete partially downloaded packages, or packages no longer installed.

apt-get clean
Removes all cached packages from /var/cache/apt/archives to free up disk space.

apt-get –purge remove Remove the named package and all its configuration files. Remove the –purge keyword to keep config files.

apt-get -f install
Do a sanity check for broken packages.This tries to fix any “unmet dependency” messages.

apt-cache stats
Print statistics on all packages installed.

apt-cache pkgnames
List all packages installed on the system.

Major difference between Linux yum and up2date command

The following table lists up2date and rpm commands used on earlier versions of Red Hat Enterprise Linux and their yum equivalents for use on Red Hat Enterprise Linux 5 and later.

Check for and update all RPM(S) up2date -u

Check for and update specified RPM(s) up2date -u [ ...]

Install the specified RPM(s) up2date -i [ ...]

Remove the specified RPM(s) and it’s dependents rpm -e [ ...]

Search for packages by name up2date –showall | grep “

tee command in Linux

Enter the tee command. Just like a tee junction in a water pipe, the tee command will allow you to send the output of a command to the screen as well as a file.

Consider the command

#ls | tee ls.txt

This command will display the contents of the current directory to me on my screen, as well as write the same information to an ls.txt file in the current directory.

Flags:

-a Appends the output to the end of File instead of writing over it.
-i Ignores interrupts.

#df -h | tee -a ls.txt

netstat commad with all variant outputs

Netstat command and shell pipe feature can be used to dig out more information about particular IP address connection. You can find out total established connections, closing connection, SYN and FIN bits and much more. You can also display summary statistics for each protocol using netstat.

This is useful to find out if your server is under attack or not. You can also list abusive IP address using this method.
# netstat -nat | awk ‘{print $6}’ | sort | uniq -c | sort -n
Output:

1 CLOSE_WAIT
1 established)
1 Foreign
3 FIN_WAIT1
3 LAST_ACK
13 ESTABLISHED
17 LISTEN
154 FIN_WAIT2
327 TIME_WAIT

Dig out more information about a specific ip address:
# netstat -nat |grep {IP-address} | awk ‘{print $6}’ | sort | uniq -c | sort -n

2 LAST_ACK
2 LISTEN
4 FIN_WAIT1
14 ESTABLISHED
91 TIME_WAIT
130 FIN_WAIT2

Busy server can give out more information:
# netstat -nat |grep 202.54.1.10 | awk ‘{print $6}’ | sort | uniq -c | sort -n
Output:

15 CLOSE_WAIT
37 LAST_ACK
64 FIN_WAIT_1
65 FIN_WAIT_2
1251 TIME_WAIT
3597 SYN_SENT
5124 ESTABLISHED

Get List Of All Unique IP Address

To print list of all unique IP address connected to server, enter:
# netstat -nat | awk ‘{ print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ | uniq
To print total of all unique IP address, enter:
# netstat -nat | awk ‘{ print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ | uniq | wc -l
Output:

449

Find Out If Box is Under DoS Attack or Not

If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:
# netstat -atun | awk ‘{print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ |sort | uniq -c | sort -n
Output:

1 10.0.77.52
2 10.1.11.3
4 12.109.42.21
6 12.191.136.3
…..
…
….
13 202.155.209.202
18 208.67.222.222
28 0.0.0.0
233 127.0.0.1

You can simply block all abusive IPs using iptables or just null route them.

netstat command to find open ports

# netstat –listen

How to find out what application is using your port

#netstat -nlp

Netstat command to display apache conections per IP

#netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n