It’s very important of terminating Linux processes in a proper way to avoid Linux hangs up without any trail in system log file. In short, Linux will hangs up without telling reasons in system log, when the master process (init, PID 1) becomes overloaded by too many orphan processes in a one go.
Having say that, a normal user who has access to your Linux server is possible to easily kill your Linux server in a minute!
How could we able to detect and find out a runaway process or orphan process? There is a discussion on zombie VS orphan process, the orphan processes are identified as:
non-system processes or user’s processes that are having PPID (parent process ID) of 1 (init process ID), via a mechanism known as re-parenting.
There are not much processes owned by init process. Apparently, most of the system processes that are running after system boots up are having PPID 1.
So, soon after Linux system boots up, you can run this command:
ps -elf | head -1; ps -elf | awk '{if ($5 == 1) {print $0}}'
The command snapshots all the processes with PPID 1. Keep that result. Thereafter, you may periodically run the command to compare the result of the time with snapshot taken earlier. Any differences found in the new snapshot might be potentially being orphan processes.
Note, the differences found are only suggest that they’re potential (not confirm) orphan processes in Linux system. You have to get more info to confirm them before terminating those processes. For example, how STIME figure, CPU utilization, understanding its purpose of executing, etc.
Once you have confirm them, you should not hesitate to terminate them as soon as possible, by the kill -9 command, as orphan processes will drain out your Linux system resources over the time.