Loading...

VONDS ©

Lab 40: Mastering Process Signals in Linux

Back to Lab Index

Identify a memory-hogging process, terminate it gracefully with SIGTERM, and escalate to SIGKILL only when it refuses to exit. Enumerate available signals and use a shell trap to handle SIGINT with a custom message.

troubleshooting core services

Scenario

A teammate started a background process called memhog that is consuming excessive memory and impacting system performance. You need to locate the PID, attempt a clean stop using SIGTERM , confirm whether it exited, then force-stop it with SIGKILL if it continues running.

Operator context

Signals are an operator’s control surface. Prefer graceful termination for predictable cleanup, but know when to escalate and how to prove what happened with verifiable checks.

Objective

  • Find the memhog process and capture its PID.
  • Send SIGTERM using signal name or number.
  • Verify whether the process stopped using PID or name checks.
  • Escalate to SIGKILL when SIGTERM fails.
  • List signal names and numbers available on the system.
  • Use trap so Ctrl+C (SIGINT) prints a message.

Concepts

  • SIGTERM (15) requests a graceful shutdown so the process can clean up and exit.
  • SIGKILL (9) is non-negotiable; the kernel terminates the process immediately with no cleanup.
  • Always verify outcome with PID and name-based checks; do not assume a signal “worked.”
  • kill sends signals; it does not only “kill.” You can send many signals besides 9 and 15.
  • trap lets shells run custom handlers when signals like SIGINT (Ctrl+C) are received.

Walkthrough

Step 1 : View processes related to memhog .
Command 
ps aux | grep memhog

This gives you the PID plus resource usage context. Expect to see your grep process too, so focus on the row that is actually running memhog . 

user123   5268  98.1 45.3 1612932 924392 pts/0  R    13:22   2:11 memhog
Step 2 : Send SIGTERM to request a clean shutdown.
Command 
kill -SIGTERM 5268
# OR
kill -15 5268

SIGTERM (15) asks the process to exit gracefully. Many programs handle it by closing files, flushing buffers, and releasing locks before shutting down. 

# Expected result:
# No output on success (most common).
Step 3 : Verify whether PID 5268 is still running.
Command 
ps -p 5268
# OR
pgrep memhog

A lingering PID after a reasonable wait means the process either ignored the signal or is stuck. In this lab scenario, the PID still exists, which triggers escalation. 

PID TTY      TIME     CMD
5268 ?       00:02:11 memhog
Step 4 : Escalate to SIGKILL to force-stop it.
Safety note

SIGKILL cannot be handled. The process is terminated immediately with no cleanup, which can leave partial output or locked resources depending on workload.

Command 
kill -9 5268
# OR
kill -SIGKILL 5268

Use SIGKILL (9) only when graceful termination fails and the impact justifies the forced stop. 

# Verify again:
ps -p 5268
pgrep memhog
Step 5 : Confirm it is no longer running.
Command 
ps -p 5268
# OR
pgrep memhog

Your confirmation is the proof. If there is no PID row and no name match, the process is gone. 

# Expected result:
# No such process / no matches returned.
Step 6 : List all available signals.
Command 
kill -l

kill -l prints signal names and numbers for the platform you are running. This is useful when you remember a name but not the number (or the other way around). 

1) SIGHUP     2) SIGINT     3) SIGQUIT    4) SIGILL     5) SIGTRAP     6) SIGABRT     7) SIGBUS
8) SIGFPE     9) SIGKILL   10) SIGUSR1   11) SIGSEGV   12) SIGUSR2    13) SIGPIPE    14) SIGALRM
15) SIGTERM  16) SIGSTKFLT 17) SIGCHLD   18) SIGCONT   19) SIGSTOP    20) SIGTSTP    21) SIGTTIN
22) SIGTTOU  23) SIGURG    24) SIGXCPU   25) SIGXFSZ   26) SIGVTALRM  27) SIGPROF    28) SIGWINCH
29) SIGIO    30) SIGPWR    31) SIGSYS
Step 7 : Trap Ctrl+C (SIGINT) and print a message.
Command 
trap 'echo Signal caught!' SIGINT

trap lets you define a handler for signals in your current shell session. After setting this, pressing Ctrl+C will run your handler instead of immediately interrupting the shell’s current foreground job. 

# Press Ctrl+C to test:
Signal caught!

Breakpoints

grep false positives

ps aux | grep memhog may show the grep command itself. Use pgrep memhog or ps -p <pid> for cleaner verification.

PID still exists after SIGTERM

If the process stays running after SIGTERM , validate the PID is correct, then escalate to SIGKILL only if impact justifies it.

Permission denied

If kill returns “Operation not permitted,” you likely do not own the process. Use sudo or coordinate with the owner/operator as appropriate.

Cleanup checklist

  • Confirm memhog is not running.
  • Remove any temporary signal traps if you set them for testing.
Commands 
pgrep memhog
trap - SIGINT

Reference

  • ps aux : List all processes (BSD-style listing).
    • a : include processes without a TTY a : x ), and display in user-oriented format ( u ).
  • grep <pattern> : Filter output lines that match a pattern.
  • kill : Send a signal to a PID.
    • -SIGTERM / -15 : Request graceful termination.
    • -SIGKILL / -9 : Force immediate termination (no cleanup).
    • -l : List available signals.
  • ps -p <pid> : Show a specific PID (useful for “does it still exist?” verification).
    • -p : Target a specific process ID.
  • pgrep <name> : Return PIDs that match a process name or pattern.
  • trap '<commands>' <signal> : Run commands when the shell receives a signal.