How to Monitor Suspicious Processes

Step 1: List Processes with CPU/Memory Usage

top -c

Step 2: Find Hidden Processes

ps auxf | awk '{print $11}' | sort | uniq -c | sort -nr

Step 3: Check for Processes with Unusual Names

ps aux | egrep -i "crypt|miner|stratum|xmrig|kworker"

Step 4: Monitor Network Connections per Process

sudo lsof -i -P -n | grep ESTABLISHED

Step 5: Use Auditd to Track Process Execution

sudo auditctl -a always,exit -F arch=b64 -S execve -k process_launch

Step 6: Monitor /proc for Anomalies

sudo python3 /path/to/check_proc.py