天天學一個 Linux 命令(68):lsof
推薦閱讀:天天學一個 Linux 命令(67):nmaplinux
命令簡介
lsof 命令用於顯示 Linux 系統當前已打開的全部文件列表。查看進程或系統打開的文件會給調試帶來極大的幫助。下面簡單地介紹 lsof 常使用的功能。vim
lsof (list open files)命令用於查看你進程打開的文件,打開文件的進程,進程打開的端口(TCP、UDP),還能夠用於找回/恢復被刪除的文件。lsof 命令須要訪問核心內存和各類文件,因此須要具有 root 超級管理員權限的用戶才能執行此命令。bash
語法格式
lsof [Options]
選項說明
-a #顯示打開文件的進程 -c<進程名> #顯示指定進程所打開的文件 -g #顯示GID號進程詳情 -d<文件號> #顯示佔用該文件號的進程 +d<目錄> #顯示目錄下被打開的文件 +D<目錄> #遞歸列出目錄下被打開的文件 -n<目錄> #顯示使用NFS的文件 -l #在輸出顯示用戶ID而不是用戶名 -i<條件> #輸出符合條件的進程 -p<進程號> #輸出指定進程號所打開的文件 -u #顯示指定UID號進程詳情 -h #顯示幫助信息 -t #僅獲取進程ID -U #獲取UNIX套接口地址 -F #格式化輸出結果 -v #顯示版本信息
應用舉例
顯示全部鏈接服務器
[root@CentOS7-1 ~]# lsof -i COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME chronyd 629 chrony 5u IPv4 16952 0t0 UDP localhost:323 chronyd 629 chrony 6u IPv6 16953 0t0 UDP localhost:323 sshd 866 root 3u IPv4 19638 0t0 TCP *:ssh (LISTEN) sshd 866 root 4u IPv6 19647 0t0 TCP *:ssh (LISTEN) master 976 root 13u IPv4 20415 0t0 TCP localhost:smtp (LISTEN) master 976 root 14u IPv6 20416 0t0 TCP localhost:smtp (LISTEN) netdata 18325 netdata 4u IPv4 114083 0t0 TCP *:dnp-sec (LISTEN) netdata 18325 netdata 5u IPv6 114084 0t0 TCP *:dnp-sec (LISTEN) netdata 18325 netdata 36u IPv6 114297 0t0 UDP localhost:8125 netdata 18325 netdata 37u IPv4 114298 0t0 UDP localhost:8125 netdata 18325 netdata 38u IPv6 114302 0t0 TCP localhost:8125 (LISTEN) netdata 18325 netdata 39u IPv4 114303 0t0 TCP localhost:8125 (LISTEN) sshd 18968 root 3u IPv4 118704 0t0 TCP CentOS7-1:ssh->192.168.1.93:62148 (ESTABLISHED)
只顯示IPV6的鏈接信息ssh
[root@CentOS7-1 ~]# lsof -i 6 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME chronyd 629 chrony 6u IPv6 16953 0t0 UDP localhost:323 sshd 866 root 4u IPv6 19647 0t0 TCP *:ssh (LISTEN) master 976 root 14u IPv6 20416 0t0 TCP localhost:smtp (LISTEN) netdata 18325 netdata 5u IPv6 114084 0t0 TCP *:dnp-sec (LISTEN) netdata 18325 netdata 36u IPv6 114297 0t0 UDP localhost:8125 netdata 18325 netdata 38u IPv6 114302 0t0 TCP localhost:8125 (LISTEN)
只顯示IPV4的鏈接信息tcp
[root@CentOS7-1 ~]# lsof -i 4 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME chronyd 629 chrony 5u IPv4 16952 0t0 UDP localhost:323 sshd 866 root 3u IPv4 19638 0t0 TCP *:ssh (LISTEN) master 976 root 13u IPv4 20415 0t0 TCP localhost:smtp (LISTEN) netdata 18325 netdata 4u IPv4 114083 0t0 TCP *:dnp-sec (LISTEN) netdata 18325 netdata 37u IPv4 114298 0t0 UDP localhost:8125 netdata 18325 netdata 39u IPv4 114303 0t0 TCP localhost:8125 (LISTEN) sshd 18968 root 3u IPv4 118704 0t0 TCP CentOS7-1:ssh->192.168.1.93:62148 (ESTABLISHED)
僅顯示TCP鏈接ui
[root@CentOS7-1 ~]# lsof -i tcp COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 866 root 3u IPv4 19638 0t0 TCP *:ssh (LISTEN) sshd 866 root 4u IPv6 19647 0t0 TCP *:ssh (LISTEN) master 976 root 13u IPv4 20415 0t0 TCP localhost:smtp (LISTEN) master 976 root 14u IPv6 20416 0t0 TCP localhost:smtp (LISTEN) netdata 18325 netdata 4u IPv4 114083 0t0 TCP *:dnp-sec (LISTEN) netdata 18325 netdata 5u IPv6 114084 0t0 TCP *:dnp-sec (LISTEN) netdata 18325 netdata 38u IPv6 114302 0t0 TCP localhost:8125 (LISTEN) netdata 18325 netdata 39u IPv4 114303 0t0 TCP localhost:8125 (LISTEN) sshd 18968 root 3u IPv4 118704 0t0 TCP CentOS7-1:ssh->192.168.1.93:62148 (ESTABLISHED)
僅顯示UDP鏈接spa
[root@CentOS7-1 ~]# lsof -i udp COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME chronyd 629 chrony 5u IPv4 16952 0t0 UDP localhost:323 chronyd 629 chrony 6u IPv6 16953 0t0 UDP localhost:323 netdata 18325 netdata 36u IPv6 114297 0t0 UDP localhost:8125 netdata 18325 netdata 37u IPv4 114298 0t0 UDP localhost:8125
顯示指定端口的鏈接信息3d
[root@CentOS7-1 ~]# lsof -i :22 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 866 root 3u IPv4 19638 0t0 TCP *:ssh (LISTEN) sshd 866 root 4u IPv6 19647 0t0 TCP *:ssh (LISTEN) sshd 18968 root 3u IPv4 118704 0t0 TCP CentOS7-1:ssh->192.168.1.93:62148 (ESTABLISHED) [root@CentOS7-1 ~]# lsof -i :80 [root@CentOS7-1 ~]# lsof -i :62148 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 18968 root 3u IPv4 118704 0t0 TCP CentOS7-1:ssh->192.168.1.93:62148 (ESTABLISHED)
列由某個用戶打開的進程或文件調試
[root@CentOS7-1 ~]# lsof -u root | head -5 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 1 root cwd DIR 253,0 262 64 / systemd 1 root rtd DIR 253,0 262 64 / systemd 1 root txt REG 253,0 1628608 16959493 /usr/lib/systemd/systemd systemd 1 root mem REG 253,0 20064 1679454 /usr/lib64/libuuid.so.1.3.0 #列出除了root之外用戶打開的文件 [root@CentOS7-1 ~]# lsof -u ^root | head COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF NODE NAME polkitd 618 polkitd cwd DIR 253,0 262 64 / polkitd 618 polkitd rtd DIR 253,0 262 64 / polkitd 618 polkitd txt REG 253,0 120432 17108633 /usr/lib/polkit-1/polkitd polkitd 618 polkitd mem REG 253,0 61560 18290 /usr/lib64/libnss_files-2.17.so polkitd 618 polkitd mem REG 253,0 68192 40949 /usr/lib64/libbz2.so.1.0.6 polkitd 618 polkitd mem REG 253,0 99952 324334 /usr/lib64/libelf-0.176.so polkitd 618 polkitd mem REG 253,0 19896 46144 /usr/lib64/libattr.so.1.1.0 polkitd 618 polkitd mem REG 253,0 20064 1679454 /usr/lib64/libuuid.so.1.3.0 polkitd 618 polkitd mem REG 253,0 265576 20649 /usr/lib64/libblkid.so.1.1.0
顯示指定的鏈接信息
#顯示指定到指定主機的鏈接 [root@CentOS7-1 ~]# lsof -i@192.168.1.100 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 18968 root 3u IPv4 118704 0t0 TCP CentOS7-1:ssh->192.168.1.93:62148 (ESTABLISHED) #顯示指定到指定主機端口的鏈接 [root@CentOS7-1 ~]# lsof -i@192.168.1.100:22 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 18968 root 3u IPv4 118704 0t0 TCP CentOS7-1:ssh->192.168.1.93:62148 (ESTABLISHED)
顯示某些狀態的端口信息
#找出處於監聽狀態的端口 [root@CentOS7-1 ~]# lsof -i -sTCP:LISTEN COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 866 root 3u IPv4 19638 0t0 TCP *:ssh (LISTEN) sshd 866 root 4u IPv6 19647 0t0 TCP *:ssh (LISTEN) master 976 root 13u IPv4 20415 0t0 TCP localhost:smtp (LISTEN) master 976 root 14u IPv6 20416 0t0 TCP localhost:smtp (LISTEN) netdata 18325 netdata 4u IPv4 114083 0t0 TCP *:dnp-sec (LISTEN) netdata 18325 netdata 5u IPv6 114084 0t0 TCP *:dnp-sec (LISTEN) netdata 18325 netdata 38u IPv6 114302 0t0 TCP localhost:8125 (LISTEN) netdata 18325 netdata 39u IPv4 114303 0t0 TCP localhost:8125 (LISTEN) ##找出處於已鏈接狀態的端口 [root@CentOS7-1 ~]# lsof -i -sTCP:ESTABLISHED COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 18968 root 3u IPv4 118704 0t0 TCP CentOS7-1:ssh->192.168.1.93:62148 (ESTABLISHED)
終止用戶行爲
[root@CentOS7-1 ~]# lsof -u mingongge COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME bash 20369 mingongge cwd DIR 253,0 82 462615 /home/mingongge bash 20369 mingongge rtd DIR 253,0 262 64 / bash 20369 mingongge txt REG 253,0 964536 50333070 /usr/bin/bash bash 20369 mingongge mem REG 253,0 106172832 50333042 /usr/lib/locale/locale-archive bash 20369 mingongge mem REG 253,0 61560 18290 /usr/lib64/libnss_files-2.17.so bash 20369 mingongge mem REG 253,0 2156240 18266 /usr/lib64/libc-2.17.so bash 20369 mingongge mem REG 253,0 19248 18273 /usr/lib64/libdl-2.17.so bash 20369 mingongge mem REG 253,0 174576 20696 /usr/lib64/libtinfo.so.5.9 bash 20369 mingongge mem REG 253,0 163312 1679434 /usr/lib64/ld-2.17.so bash 20369 mingongge mem REG 253,0 26970 16806930 /usr/lib64/gconv/gconv-modules.cache bash 20369 mingongge 0u CHR 136,1 0t0 4 /dev/pts/1 bash 20369 mingongge 1u CHR 136,1 0t0 4 /dev/pts/1 bash 20369 mingongge 2u CHR 136,1 0t0 4 /dev/pts/1 bash 20369 mingongge 255u CHR 136,1 0t0 4 /dev/pts/1 vim 20391 mingongge cwd DIR 253,0 82 462615 /home/mingongge vim 20391 mingongge rtd DIR 253,0 262 64 / vim 20391 mingongge txt REG 253,0 2337192 51061591 /usr/bin/vim vim 20391 mingongge mem REG 253,0 61560 18290 /usr/lib64/libnss_files-2.17.so vim 20391 mingongge mem REG 253,0 106172832 50333042 /usr/lib/locale/locale-archive vim 20391 mingongge mem REG 253,0 11392 8814 /usr/lib64/libfreebl3.so vim 20391 mingongge mem REG 253,0 14424 1679441 /usr/lib64/libutil-2.17.so vim 20391 mingongge mem REG 253,0 40600 18271 /usr/lib64/libcrypt-2.17.so vim 20391 mingongge mem REG 253,0 115816 18278 /usr/lib64/libnsl-2.17.so vim 20391 mingongge mem REG 253,0 109976 18302 /usr/lib64/libresolv-2.17.so vim 20391 mingongge mem REG 253,0 19896 46144 /usr/lib64/libattr.so.1.1.0 vim 20391 mingongge mem REG 253,0 402384 20698 /usr/lib64/libpcre.so.1.2.0 vim 20391 mingongge mem REG 253,0 2156240 18266 /usr/lib64/libc-2.17.so vim 20391 mingongge mem REG 253,0 142144 18300 /usr/lib64/libpthread-2.17.so vim 20391 mingongge mem REG 253,0 1647328 282389 /usr/lib64/perl5/CORE/libperl.so vim 20391 mingongge mem REG 253,0 19248 18273 /usr/lib64/libdl-2.17.so vim 20391 mingongge mem REG 253,0 27752 669 /usr/lib64/libgpm.so.2.1.0 vim 20391 mingongge mem REG 253,0 37064 18281 /usr/lib64/libacl.so.1.1.0 vim 20391 mingongge mem REG 253,0 174576 20696 /usr/lib64/libtinfo.so.5.9 vim 20391 mingongge mem REG 253,0 155744 1679449 /usr/lib64/libselinux.so.1 vim 20391 mingongge mem REG 253,0 1136944 18275 /usr/lib64/libm-2.17.so vim 20391 mingongge mem REG 253,0 163312 1679434 /usr/lib64/ld-2.17.so vim 20391 mingongge 0u CHR 136,1 0t0 4 /dev/pts/1 vim 20391 mingongge 1u CHR 136,1 0t0 4 /dev/pts/1 vim 20391 mingongge 2u CHR 136,1 0t0 4 /dev/pts/1 vim 20391 mingongge 3u REG 253,0 12288 462619 /home/mingongge/.test.sh.swp 而後咱們使用下面的命令來終止這個用戶的這些操做行爲 [root@CentOS7-1 ~]# kill -9 `lsof -t -u mingongge` [root@CentOS7-1 ~]# lsof -u mingongge #你會發現這個用戶的全部操做都被終止了
這個命令組合,在平常使用環境下還能夠用於檢查服務器被攻擊的行爲,若是有行爲異常的用戶登陸操做,能夠使用管理員暫時將此用戶的一切操做所有幹掉,而後再找出解決方法。
相關文章
- 1. 天天一個linux命令(51):lsof命令
- 2. Linux--天天學習一個命令(一)
- 3. 天天一個linux命令
- 4. 天天一個linux命令:mv命令
- 5. 天天一個linux 命令 find命令
- 6. 天天一個linux命令:ps命令
- 7. 天天一個linux命令:scp命令
- 8. 天天一個linux命令:cd命令
- 9. 天天學一個 Linux 命令(5):grep
- 10. 天天學一個 Linux 命令(12):chown
- 更多相關文章...
- • 第一個MyBatis程序 - MyBatis教程
- • 第一個Spring程序 - Spring教程
- • Docker 清理命令
- • Kotlin學習(一)基本語法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
