BestHub
Sign in
Information Security 11 min read

Master Linux Process & User Queries with Bash: From PID Lookup to System Hardening

This article provides a collection of Bash scripts that let you retrieve detailed information about Linux processes by PID or name, query user account details, and apply a series of security‑hardening configurations to protect the system.

Linux Cloud Computing Practice
Linux Cloud Computing Practice
Linux Cloud Computing Practice
Master Linux Process & User Queries with Bash: From PID Lookup to System Hardening

1. Filter all information of a process by PID

#!/bin/bash
# Function: filter all information of the given PID
read -p "Enter PID to query: " P
n=$(ps -aux | awk "$2~/^$P/{print $11}" | wc -l)
if [ $n -eq 0 ]; then
  echo "PID does not exist!!"
  exit
fi
echo "--------------------------------"
echo "Process PID: $P"
echo "Command: $(ps -aux | awk "$2~/^$P/{print $11}")"
echo "User: $(ps -aux | awk "$2~/^$P/{print $1}")"
echo "CPU usage: $(ps -aux | awk "$2~/^$P/{print $3}")%"
echo "Memory usage: $(ps -aux | awk "$2~/^$P/{print $4}")%"
echo "Start time: $(ps -aux | awk "$2~/^$P/{print $9}")"
echo "Running time: $(ps -aux | awk "$2~/^$P/{print $10}")"
echo "State: $(ps -aux | awk "$2~/^$P/{print $8}")"
echo "Virtual memory: $(ps -aux | awk "$2~/^$P/{print $5}")"
echo "Shared memory: $(ps -aux | awk "$2~/^$P/{print $6}")"
echo "--------------------------------"

2. Filter process information by process name

#!/bin/bash
# Function: filter processes that match a given name and display details
read -p "Enter process name to query: " NAME
N=$(ps -aux | grep $NAME | grep -v grep | wc -l)   # total matching processes
if [ $N -le 0 ]; then
  echo "No such process is running!"
  exit
fi
i=1
while [ $N -gt 0 ]; do
  echo "Process PID: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $2}")"
  echo "Command: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $11}")"
  echo "User: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $1}")"
  echo "CPU usage: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $3}")%"
  echo "Memory usage: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $4}")%"
  echo "Start time: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $9}")"
  echo "Running time: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $11}")"
  echo "State: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $8}")"
  echo "Virtual memory: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $5}")"
  echo "Shared memory: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $6}")"
  echo "***************************************************************"
  N=$((N-1))
  i=$((i+1))
  done

3. Query all information of a user by username

#!/bin/bash
# Function: retrieve all details of a given user
read -p "Enter username to query: " A
echo "------------------------------"
n=$(cat /etc/passwd | awk -F: "\$1~/^$A$/{print}" | wc -l)
if [ $n -eq 0 ]; then
  echo "User does not exist"
  echo "------------------------------"
  exit
fi
echo "Username: $A"
echo "UID: $(cat /etc/passwd | awk -F: "\$1~/^$A$/{print}" | awk -F: '{print $3}')"
echo "Primary group: $(id $A | awk -F= '{print $2}' | awk -F' ' '{print $1}')"
echo "GID: $(cat /etc/passwd | awk -F: "\$1~/^$A$/{print}" | awk -F: '{print $4}')"
echo "Home directory: $(cat /etc/passwd | awk -F: "\$1~/^$A$/{print}" | awk -F: '{print $6}')"
LoginShell=$(cat /etc/passwd | awk -F: "\$1~/^$A$/{print}" | awk -F: '{print $7}')
if [ "$LoginShell" = "/bin/bash" ]; then
  echo "User has login permission!!"
elif [ "$LoginShell" = "/sbin/nologin" ]; then
  echo "User does NOT have login permission!!"
fi

4. System hardening configurations

#!/bin/bash
# Function: strengthen password policies and other security settings
read -p "Maximum days before password change: " A
read -p "Minimum days between password changes: " B
read -p "Minimum password length: " C
read -p "Days before expiration to warn user: " D
sed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS $A/" /etc/login.defs
sed -i "s/^PASS_MIN_DAYS.*/PASS_MIN_DAYS $B/" /etc/login.defs
sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN $C/" /etc/login.defs
sed -i "s/^PASS_WARN_AGE.*/PASS_WARN_AGE $D/" /etc/login.defs

echo "Password policy hardened: new passwords must contain digits, lower‑case and upper‑case letters."
sed -i "s/^#?password.*requisite.*pam_pwquality.so.*/password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= difok=1 minlen=8 ucredit=-1 lcredit=-1 dcredit=-1/" /etc/pam.d/system-auth

echo "Account lockout after 3 failed attempts enabled."
n=$(grep -c "auth required pam_tally2.so" /etc/pam.d/sshd)
if [ $n -eq 0 ]; then
  sed -i "/@include common-auth/a\auth required pam_tally2.so deny=3 unlock_time=150 even_deny_root root_unlock_time=300" /etc/pam.d/sshd
fi

echo "Root remote login disabled."
sed -i "s/^#?PermitRootLogin.*/PermitRootLogin no/" /etc/ssh/sshd_config

read -p "History size (HISTSIZE): " E
read -p "Auto‑logout timeout (TMOUT seconds): " F
sed -i "s/^HISTSIZE.*/HISTSIZE=$E/" /etc/profile
sed -i "/^HISTSIZE/a\TMOUT=$F" /etc/profile

echo "Only members of the wheel group may use su."
sed -i "s/^#?auth.*pam_wheel.so.*/auth required pam_wheel.so use_uid/" /etc/pam.d/su
if ! grep -q "SU_WHEEL_ONLY" /etc/login.defs; then
  echo "SU_WHEEL_ONLY yes" >> /etc/login.defs
fi

echo "Listing users with login shells:"
awk -F: '($7=="/bin/bash"){print $1}' /etc/passwd

echo "Listing users with UID 0:"
awk -F: '($3=="0"){print $1}' /etc/passwd

N=$(awk -F: '($2==""){print $1}' /etc/shadow | wc -l)
echo "Number of accounts with empty passwords: $N"
if [ $N -eq 0 ]; then
  echo "Congratulations, no empty‑password accounts!"
else
  i=1
  while [ $N -gt 0 ]; do
    user=$(awk -F: '($2==""){print $1}' /etc/shadow | awk "NR==$i{print}")
    echo "------------------------"
    echo "$user"
    echo "Setting password for empty account..."
    passwd $user
    N=$((N-1))
    i=$((i+1))
  done
fi

echo "Locking critical system files to prevent addition/removal of users and groups."
read -p "Proceed with locking? (Y/N): " ans
case $ans in
  [Yy])
    chattr +i /etc/passwd
    chattr +i /etc/shadow
    chattr +i /etc/group
    chattr +i /etc/gshadow
    echo "Lock successful!"
    ;;
  [Nn])
    chattr -i /etc/passwd
    chattr -i /etc/shadow
    chattr -i /etc/group
    chattr -i /etc/gshadow
    echo "Lock cancelled."
    ;;
  *)
    echo "Please answer Y or N."
    ;;
esac

The above scripts provide practical commands for Linux administrators to inspect processes, retrieve user details, and enforce security policies, serving as a concise reference for system hardening tasks.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxBashShell scriptingsecurity hardening
Linux Cloud Computing Practice
Written by

Linux Cloud Computing Practice

Welcome to Linux Cloud Computing Practice. We offer high-quality articles on Linux, cloud computing, DevOps, networking and related topics. Dive in and start your Linux cloud computing journey!

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment