Visualizando Processos Ativos
USER PID %CPU %MEM SZ RSS TT STAT START TIME COMMAND
user5 28206 8.1 0.4 48 280 p4 S 13:55 0:00 man inetd.conf
user5 28208 3.9 0.5 56 312 p4 S 13:55 0:00 more -s /usr/man/cat5/in
root 2 0.0 0.0 0 0 ? D Mar 25 0:02 pagedaemon
root 87 0.0 0.0 176 0 ? IW Mar 25 0:16 sendmail: accepting conn
root 1 0.0 0.0 56 0 ? IW Mar 25 0:04 /sbin/init -
user3 15547 0.0 0.0 88 0 ? IW Apr 5 0:00 selection_svc
user1 184 0.0 0.0 192 0 p0 IW Mar 25 0:06 -tcsh (tcsh)
user2 28209 0.0 0.8 208 520 p5 R 13:55 0:00 ps -agux
user2 21674 0.0 0.4 112 248 p5 S 16:24 0:00 -tcsh (tcsh)
user3 16834 0.0 0.0 88 0 ? IW Apr 5 0:00 selection_svc
user3 27350 0.0 0.0 112 0 p3 IW Apr 11 0:01 -csh (csh)
user4 23846 0.0 0.0 80 0 pa IW 11:12 0:00 -csh (csh)
user3 23801 0.0 0.0 80 0 p8 IW 11:04 0:00 -csh (csh)
Muitas vezes antes de sair do sistema penetrado o intruso deixa rodando
um processo para continuar realizando suas tarefas .