对於Linux的系统管理者来说肯定要看懂ps aux命令，如果你想成为一个Linux系统管理者，
或是你是一个Linux的使用者，都应该都要看的懂这个命令
ps就是process status的简称，系统上跑了什么样的进程，状态如何运行的身份是谁都可以透过这个命令查出来。
看到一些不该出现的进程，可能系统被入侵，被来挖矿了

以下是我用Synology Nas上跑ps aux的示意画面

root     32617  0.0  0.0 622580 15148 ?        Sl    2022   1:55 synoccc_had
devin    32650  0.0  0.0      0     0 ?        Z    00:32   0:00 [sshd] <defunct>
devin    32651  0.0  0.0      0     0 ?        Zs   00:32   0:00 [sftp-server] <defunct>
root     24567  0.0  0.0 208784  5360 ?        S    12:33   0:00 sshd: devin@pts/1
devin    24568  0.0  0.0  26592  4352 pts/1    Ss+  12:33   0:00 -sh
root     19003  0.0  0.0   5552  2560 ?        SLs  Jan05   0:00 /bin/vmtouch -l /usr/syno/bin/synoschedtask /usr/syno/bin/synoschedtool /usr/syno/bin/s
root     29468  0.2  0.1 786436 56680 ?        Ssl   2022  35:16 /var/packages/Virtualization/target/bin/synocccd
Synolog+ 24662  0.0  0.0  23712  5772 ?        Ss    2022   1:43 /var/packages/SynologyApplicationService/target/daemon/pgbouncer -q /var/packages/Synol
root     25856  0.0  0.0 402676 16932 ?        SNs   2022   0:00 /var/packages/VideoStation/target/sbin/synovideoindexd
root     25869  0.0  0.0 701852 13204 ?        Ssl   2022   2:25 /var/packages/VideoStation/target/sbin/synovpcd
root     25891  0.0  0.0 318144 14212 ?        SNs   2022   0:00 /var/packages/VideoStation/target/sbin/synovideoconversiond
vmcomm   29515  0.0  0.0  37156   392 ?        Ss    2022   3:40 /var/packages/Virtualization/target/bin/synohostsvcd
root     29611  0.0  0.2 436700 76716 ?        S<Ls  2022   6:43 /var/packages/Virtualization/target/bin/synohostcmdd

本文便是我研究关於ps状态的相关数据提供给需要的人参考看看罗:

S    interruptible sleep (waiting for an event to complete)
      S 可中断睡眠（等待事件完成）

D    uninterruptible sleep (usually IO)
       D 不间断睡眠（通常是IO）

+    is in the foreground process group
      + 在前台进程组中

完整的process状态码，man page中找到
PROCESS STATE CODES
      Here are the different values that the s, stat and state output specifiers (header "STAT" or "S") will display to describe the state of a process:

              D    uninterruptible sleep (usually IO)
              I    Idle kernel thread
              R    running or runnable (on run queue)
              S    interruptible sleep (waiting for an event to complete)
              T    stopped by job control signal
              t    stopped by debugger during the tracing
              W    paging (not valid since the 2.6.xx kernel)
              X    dead (should never be seen)
              Z    defunct ("zombie") process, terminated but not reaped by its parent

      For BSD formats and when the stat keyword is used, additional characters may be displayed:

              <    high-priority (not nice to other users)
              N    low-priority (nice to other users)
              L    has pages locked into memory (for real-time and custom IO)
              s    is a session leader
              l    is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)
              +    is in the foreground process group