SIGTERM vs SIGKILL
While examining a server, I noticed a process reinfecting the whole system no matter how many times it was fixed.
All attempts to stop the process with the standard "kill [PID]", which sends a SIGTERM signal, were unsuccessful.
Resorting to 'kill -9'
When other options failed, I used kill -9 [PID] to send a SIGKILL.
This signal terminated the process immediately.
Beyond SIGTERM and SIGKILL
It's important to know other signals too:
SIGINT (2): Stops the process but allows cleanup. Usually generated by CTRL+C.
SIGHUP (1): Used to restart services, commonly triggered with kill -1 [PID].
SIGQUIT (3): Stops the process and generates a core dump for debugging, triggered with kill -3 [PID].
SIGSTOP (17,19,23): Pauses the process, allowing for resumption with SIGCONT.
SIGCONT (18,20,24): Resumes a paused process, providing control over process flow.
Using the right "kill" command can be a real lifesaver especially when investigating security incidents.