Loading...

VONDS ©

Lab 39: Managing Processes with kill

Lab Index

Identify a runaway process and terminate it safely using SIGTERM first, then escalate to SIGKILL only when required. Validate the result by confirming the PID no longer exists and document the exact evidence you used to make the call.

troubleshooting core services

Scenario

A script named rogue.sh is consuming nearly all CPU and causing performance issues for other users. You need to locate the offending process, attempt a graceful shutdown, confirm it exited, then repeat the test and force-stop it using SIGKILL if it refuses to terminate.

Operator context

In real incidents, you avoid hard kills unless you have to. SIGTERM gives the process a chance to clean up. SIGKILL is the last resort when the process is stuck.

Objective

  • Find the process running rogue.sh and capture its PID.
  • Terminate the PID using the default signal (SIGTERM).
  • Verify the process is gone using PID and name checks.
  • Restart the process in the background for testing.
  • Force-stop the process with SIGKILL when required.

What You’ll Practice

  • Locating a process by name using ps pipelines or pgrep.
  • Signal strategy: graceful stop with SIGTERM vs forced stop with SIGKILL.
  • Verifying termination using ps -p <pid> and pgrep.
  • Running a workload in the background and observing the PID/job output.

Walkthrough

Step 1 : Locate the rogue process and identify its PID.
Command 
ps aux | grep rogue.sh
# OR
pgrep -a rogue.sh

Use ps when you want a full row of context (CPU, memory, user, TTY). Use pgrep -a when you want a clean PID plus command line match without scrolling. 

user     4012  99.0  0.1  50000  3000 pts/0    R    13:24   0:45 bash rogue.sh
Step 2 : Send a SIGTERM (default) to stop it gracefully.
Command 
kill 4012

By default, kill sends SIGTERM, which requests a clean shutdown. This is the preferred first move when the process might be able to exit safely. 

# Expected result:
# No output on success (most common), or the process exits shortly after.
Step 3 : Confirm the process is gone.
Command 
ps -p 4012
# OR
pgrep rogue.sh

Verify your action. ps -p checks a specific PID. pgrep confirms the name is no longer present. 

# Expected result:
# ps: shows no row for that PID
# pgrep: returns no matches
Step 4 : Start the process again in the background for testing.
Command 
bash rogue.sh &
# OR
./rogue.sh &

Running it in the background returns control to your shell and prints the job number and PID. Capture the new PID so you can target it precisely. 

[1] 4021
user     4021  95.0  0.1  50000  3000 pts/0    R    13:29   0:02 bash rogue.sh
Step 5 : Force-stop the process using SIGKILL.
Safety note

SIGKILL cannot be handled or ignored. The process gets no cleanup time, which can risk partial writes or locked resources depending on workload. Use it only when graceful termination fails.

Command 
kill -9 4021

-9 sends SIGKILL immediately. If the process is stuck in an uninterruptible state, this may still not work, but for normal runaway scripts it will stop it instantly. 

# Verify again:
ps -p 4021
pgrep rogue.sh

Reference

  • ps aux | grep <name> : Locates processes by matching the command line text.
  • pgrep -a <pattern> : Prints matching PIDs and their full command line.
  • kill <pid> : Sends SIGTERM by default (graceful shutdown request).
  • kill -9 <pid> : Sends SIGKILL (forced stop, no cleanup).
  • ps -p <pid> : Verifies whether a PID still exists.
  • pgrep <pattern> : Verifies whether any matching processes remain.