BestHub
Sign in
Information Security 11 min read

Master Linux Process & User Queries with Bash: From PID Lookup to System Hardening

This article provides a collection of Bash scripts that let you retrieve detailed information about Linux processes by PID or name, query user account details, and apply a series of security‑hardening configurations to protect the system.

Linux Cloud Computing Practice
Linux Cloud Computing Practice
Linux Cloud Computing Practice
Master Linux Process & User Queries with Bash: From PID Lookup to System Hardening

1. Filter all information of a process by PID

#!/bin/bash
# Function: filter all information of the given PID
read -p "Enter PID to query: " P
n=$(ps -aux | awk "$2~/^$P/{print $11}" | wc -l)
if [ $n -eq 0 ]; then
  echo "PID does not exist!!"
  exit
fi
echo "--------------------------------"
echo "Process PID: $P"
echo "Command: $(ps -aux | awk "$2~/^$P/{print $11}")"
echo "User: $(ps -aux | awk "$2~/^$P/{print $1}")"
echo "CPU usage: $(ps -aux | awk "$2~/^$P/{print $3}")%"
echo "Memory usage: $(ps -aux | awk "$2~/^$P/{print $4}")%"
echo "Start time: $(ps -aux | awk "$2~/^$P/{print $9}")"
echo "Running time: $(ps -aux | awk "$2~/^$P/{print $10}")"
echo "State: $(ps -aux | awk "$2~/^$P/{print $8}")"
echo "Virtual memory: $(ps -aux | awk "$2~/^$P/{print $5}")"
echo "Shared memory: $(ps -aux | awk "$2~/^$P/{print $6}")"
echo "--------------------------------"

2. Filter process information by process name

#!/bin/bash
# Function: filter processes that match a given name and display details
read -p "Enter process name to query: " NAME
N=$(ps -aux | grep $NAME | grep -v grep | wc -l)   # total matching processes
if [ $N -le 0 ]; then
  echo "No such process is running!"
  exit
fi
i=1
while [ $N -gt 0 ]; do
  echo "Process PID: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $2}")"
  echo "Command: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $11}")"
  echo "User: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $1}")"
  echo "CPU usage: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $3}")%"
  echo "Memory usage: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $4}")%"
  echo "Start time: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $9}")"
  echo "Running time: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $11}")"
  echo "State: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $8}")"
  echo "Virtual memory: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $5}")"
  echo "Shared memory: $(ps -aux | grep $NAME | grep -v grep | awk "NR==$i{print $6}")"
  echo "***************************************************************"
  N=$((N-1))
  i=$((i+1))
  done

3. Query all information of a user by username

#!/bin/bash
# Function: retrieve all details of a given user
read -p "Enter username to query: " A
echo "------------------------------"
n=$(cat /etc/passwd | awk -F: "\$1~/^$A$/{print}" | wc -l)
if [ $n -eq 0 ]; then
  echo "User does not exist"
  echo "------------------------------"
  exit
fi
echo "Username: $A"
echo "UID: $(cat /etc/passwd | awk -F: "\$1~/^$A$/{print}" | awk -F: '{print $3}')"
echo "Primary group: $(id $A | awk -F= '{print $2}' | awk -F' ' '{print $1}')"
echo "GID: $(cat /etc/passwd | awk -F: "\$1~/^$A$/{print}" | awk -F: '{print $4}')"
echo "Home directory: $(cat /etc/passwd | awk -F: "\$1~/^$A$/{print}" | awk -F: '{print $6}')"
LoginShell=$(cat /etc/passwd | awk -F: "\$1~/^$A$/{print}" | awk -F: '{print $7}')
if [ "$LoginShell" = "/bin/bash" ]; then
  echo "User has login permission!!"
elif [ "$LoginShell" = "/sbin/nologin" ]; then
  echo "User does NOT have login permission!!"
fi

4. System hardening configurations

#!/bin/bash
# Function: strengthen password policies and other security settings
read -p "Maximum days before password change: " A
read -p "Minimum days between password changes: " B
read -p "Minimum password length: " C
read -p "Days before expiration to warn user: " D
sed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS $A/" /etc/login.defs
sed -i "s/^PASS_MIN_DAYS.*/PASS_MIN_DAYS $B/" /etc/login.defs
sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN $C/" /etc/login.defs
sed -i "s/^PASS_WARN_AGE.*/PASS_WARN_AGE $D/" /etc/login.defs

echo "Password policy hardened: new passwords must contain digits, lower‑case and upper‑case letters."
sed -i "s/^#?password.*requisite.*pam_pwquality.so.*/password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= difok=1 minlen=8 ucredit=-1 lcredit=-1 dcredit=-1/" /etc/pam.d/system-auth

echo "Account lockout after 3 failed attempts enabled."
n=$(grep -c "auth required pam_tally2.so" /etc/pam.d/sshd)
if [ $n -eq 0 ]; then
  sed -i "/@include common-auth/a\auth required pam_tally2.so deny=3 unlock_time=150 even_deny_root root_unlock_time=300" /etc/pam.d/sshd
fi

echo "Root remote login disabled."
sed -i "s/^#?PermitRootLogin.*/PermitRootLogin no/" /etc/ssh/sshd_config

read -p "History size (HISTSIZE): " E
read -p "Auto‑logout timeout (TMOUT seconds): " F
sed -i "s/^HISTSIZE.*/HISTSIZE=$E/" /etc/profile
sed -i "/^HISTSIZE/a\TMOUT=$F" /etc/profile

echo "Only members of the wheel group may use su."
sed -i "s/^#?auth.*pam_wheel.so.*/auth required pam_wheel.so use_uid/" /etc/pam.d/su
if ! grep -q "SU_WHEEL_ONLY" /etc/login.defs; then
  echo "SU_WHEEL_ONLY yes" >> /etc/login.defs
fi

echo "Listing users with login shells:"
awk -F: '($7=="/bin/bash"){print $1}' /etc/passwd

echo "Listing users with UID 0:"
awk -F: '($3=="0"){print $1}' /etc/passwd

N=$(awk -F: '($2==""){print $1}' /etc/shadow | wc -l)
echo "Number of accounts with empty passwords: $N"
if [ $N -eq 0 ]; then
  echo "Congratulations, no empty‑password accounts!"
else
  i=1
  while [ $N -gt 0 ]; do
    user=$(awk -F: '($2==""){print $1}' /etc/shadow | awk "NR==$i{print}")
    echo "------------------------"
    echo "$user"
    echo "Setting password for empty account..."
    passwd $user
    N=$((N-1))
    i=$((i+1))
  done
fi

echo "Locking critical system files to prevent addition/removal of users and groups."
read -p "Proceed with locking? (Y/N): " ans
case $ans in
  [Yy])
    chattr +i /etc/passwd
    chattr +i /etc/shadow
    chattr +i /etc/group
    chattr +i /etc/gshadow
    echo "Lock successful!"
    ;;
  [Nn])
    chattr -i /etc/passwd
    chattr -i /etc/shadow
    chattr -i /etc/group
    chattr -i /etc/gshadow
    echo "Lock cancelled."
    ;;
  *)
    echo "Please answer Y or N."
    ;;
esac

The above scripts provide practical commands for Linux administrators to inspect processes, retrieve user details, and enforce security policies, serving as a concise reference for system hardening tasks.

Linuxbashshell scriptingsecurity hardening
Linux Cloud Computing Practice
Written by

Linux Cloud Computing Practice

Welcome to Linux Cloud Computing Practice. We offer high-quality articles on Linux, cloud computing, DevOps, networking and related topics. Dive in and start your Linux cloud computing journey!

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment