如何使用lsof命令
短信预约 -IT技能 免费直播动态提醒
这篇文章将为大家详细讲解有关如何使用lsof命令,小编觉得挺实用的,因此分享给大家做个参考,希望大家阅读完这篇文章后可以有所收获。
lsof是系统管理/安全的尤伯工具。将这个工具称之为lsof真实名副其实,因为它是指“列出打开文件(lists openfiles)”。而有一点要切记,在Unix中一切(包括网络套接口)都是文件。
1, 使用 lsof 命令行列出所有打开的文件
# lsof这可是一个很长的列表,包括打开的文件和网络
上述屏幕截图中包含很多列,例如 PID、user、FD 和 TYPE 等等。
FD - File descriptorFD 列包含这样一些值
cwd - Current working directorytxt - Text filemem - Memory Mapped filemmap - Memory Mapped deviceNumber - It represent the actual file descriptor. For example, 0u, 1w and 3rr 是读的意思,w 是写,u 代表读写
Type 代表文件类型,例如:
>REG - Regular file>DIR - Directory>CHR - Character special file>FIFO - First in first out2, 列出某个用户打开的文件
# lsof -u user_nameExample:
# lsof -u crybitCOMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsshd 29609 crybit cwd DIR 144,233 4096 117711421 /sshd 29609 crybit rtd DIR 144,233 4096 117711421 /sshd 29609 crybit txt REG 144,233 409488 119020186 /usr/sbin/sshdsshd 29609 crybit mem REG 144,241 2443001619 (deleted)/dev/zero (stat: No such file or directory)sshd 29609 crybit mem REG 8,37 119021850 /lib64/libnss_dns-2.5.so (path dev=144,233)sshd 29609 crybit mem REG 8,37 119021984 /lib64/security/pam_succeed_if.so (path dev=144,233)sshd 29609 crybit mem REG 8,37 119022000 /lib64/security/pam_limits.so (path dev=144,233)sshd 29609 crybit mem REG 8,37 119021960 /lib64/security/pam_keyinit.so (path dev=144,233)sshd 29609 crybit mem REG 8,37 119021972 /lib64/security/pam_cracklib.so (path dev=144,233)sshd 29609 crybit mem REG 8,37 119021987 /lib64/security/pam_nologin.so (path dev=144,233)sshd 29609 crybit mem REG 8,37 119021988 /lib64/security/pam_deny.so (path dev=144,233)sshd 29609 crybit mem REG 8,37 119019223 /usr/lib64/libcrack.so.2.8.0 (path dev=144,233)..........3, 列出在某个端口运行的进程
# lsof -i :port_numberExample:
# lsof -i :22COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsshd 769 root 3u IPv6 2281738844 0t0 TCP *:ssh (LISTEN)sshd 769 root 4u IPv4 2281738846 0t0 TCP *:ssh (LISTEN)# lsof -i :3306COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEmysqld 11106 mysql 10u IPv4 2340975114 0t0 TCP *:mysql (LISTEN)4, 只列出使用 IPv4 的打开文件
# lsof -i 4 - For IPv4Example:
# lsof -i 4COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsshd 769 root 4u IPv4 2281738846 0t0 TCP *:ssh (LISTEN)named 8362 named 20u IPv4 2334751017 0t0 TCP localhost.localdomain:domain (LISTEN)named 8362 named 21u IPv4 2334751019 0t0 TCP crybit.com:domain (LISTEN)named 8362 named 22u IPv4 2334751021 0t0 TCP localhost.localdomain:rndc (LISTEN)named 8362 named 512u IPv4 2334751016 0t0 UDP localhost.localdomain:domainnamed 8362 named 513u IPv4 2334751018 0t0 UDP crybit.com:domaintcpserver 9975 root 3u IPv4 2335487959 0t0 TCP *:pop3 (LISTEN)tcpserver 9978 root 3u IPv4 2335487967 0t0 TCP *:pop3s (LISTEN)tcpserver 9983 root 3u IPv4 2335487997 0t0 TCP *:imap (LISTEN)tcpserver 9987 root 3u IPv4 2335488014 0t0 TCP *:imaps (LISTEN)xinetd 10413 root 5u IPv4 2336070983 0t0 TCP *:ftp (LISTEN)xinetd 10413 root 6u IPv4 2336070984 0t0 TCP *:smtp (LISTEN)mysqld 11106 mysql 10u IPv4 2340975114 0t0 TCP *:mysql (LISTEN)# lsof -i 6Example:
# lsof -i 6COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsshd 769 root 3u IPv6 2281738844 0t0 TCP *:ssh (LISTEN)named 8362 named 23u IPv6 2334751024 0t0 TCP localhost.localdomain:rndc (LISTEN)httpd 29241 root 4u IPv6 2439777206 0t0 TCP *:http (LISTEN)httpd 29241 root 6u IPv6 2439777211 0t0 TCP *:https (LISTEN)httpd 29243 apache 4u IPv6 2439777206 0t0 TCP *:http (LISTEN)httpd 29243 apache 6u IPv6 2439777211 0t0 TCP *:https (LISTEN)httpd 29244 apache 4u IPv6 2439777206 0t0 TCP *:http (LISTEN)httpd 29244 apache 6u IPv6 2439777211 0t0 TCP *:https (LISTEN)httpd 29245 apache 4u IPv6 2439777206 0t0 TCP *:http (LISTEN)httpd 29245 apache 6u IPv6 2439777211 0t0 TCP *:https (LISTEN)httpd 29246 apache 4u IPv6 2439777206 0t0 TCP *:http (LISTEN)5, 列出端口在 1-1024 之间的所有进程
# lsof -i :1-1024Example:
# lsof -i :1-1024COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsshd 769 root 3u IPv6 2281738844 0t0 TCP *:ssh (LISTEN)sshd 769 root 4u IPv4 2281738846 0t0 TCP *:ssh (LISTEN)named 8362 named 20u IPv4 2334751017 0t0 TCP localhost.localdomain:domain (LISTEN)named 8362 named 21u IPv4 2334751019 0t0 TCP crybit.com:domain (LISTEN)named 8362 named 22u IPv4 2334751021 0t0 TCP localhost.localdomain:rndc (LISTEN)named 8362 named 23u IPv6 2334751024 0t0 TCP localhost.localdomain:rndc (LISTEN)tcpserver 9975 root 3u IPv4 2335487959 0t0 TCP *:pop3 (LISTEN)tcpserver 9978 root 3u IPv4 2335487967 0t0 TCP *:pop3s (LISTEN)tcpserver 9983 root 3u IPv4 2335487997 0t0 TCP *:imap (LISTEN)tcpserver 9987 root 3u IPv4 2335488014 0t0 TCP *:imaps (LISTEN)xinetd 10413 root 5u IPv4 2336070983 0t0 TCP *:ftp (LISTEN)xinetd 10413 root 6u IPv4 2336070984 0t0 TCP *:smtp (LISTEN)httpd 29241 root 4u IPv6 2439777206 0t0 TCP *:http (LISTEN)httpd 29241 root 6u IPv6 2439777211 0t0 TCP *:https (LISTEN)httpd 29243 apache 4u IPv6 2439777206 0t0 TCP *:http (LISTEN)........6, 根据进程id来列出打开的文件
# lsof -p PIDExample:
# lsof -p 11106COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEmysqld 11106 mysql cwd DIR 144,233 4096 119025114 /var/lib/mysqlmysqld 11106 mysql rtd DIR 144,233 4096 117711421 /mysqld 11106 mysql txt REG 144,233 9484782 119025094 /usr/libexec/mysqldmysqld 11106 mysql mem REG 8,37 119025094 /usr/libexec/mysqld (path dev=144,233)mysqld 11106 mysql mem REG 8,37 119021850 /lib64/libnss_dns-2.5.so (path dev=144,233)mysqld 11106 mysql mem REG 8,37 119021830 /lib64/libnss_files-2.5.so (path dev=144,233)mysqld 11106 mysql mem REG 8,37 119021841 /lib64/libsepol.so.1 (path dev=144,233)mysqld 11106 mysql mem REG 8,37 119021801 /lib64/libselinux.so.1 (path dev=144,233)mysqld 11106 mysql mem REG 8,37 119021785 /lib64/libresolv-2.5.so (path dev=144,233)mysqld 11106 mysql mem REG 8,37 119021920 /lib64/libkeyutils-1.2.so (path dev=144,233)mysqld 11106 mysql mem REG 8,37 119017006 /usr/lib64/libkrb5support.so.0.1 (path dev=144,233)........7, 杀掉某个用户的所有活动进程
# killall -9 `lsof -t -u username`8, 列出某个目录中被打开的文件
# lsof +D path_of_the_directoryExample:
# lsof +D /var/log/COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsyslogd 9729 root 1w REG 144,233 0 119019158 /var/log/kernelsyslogd 9729 root 2w REG 144,233 350722 119021699 /var/log/messagessyslogd 9729 root 3w REG 144,233 591577 119019159 /var/log/securesyslogd 9729 root 4w REG 144,233 591577 119019159 /var/log/secure9, 根据进程名称列出打开的文件
# lsof -c process_nameExample:
# lsof -c sshCOMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsshd 483 root cwd DIR 8,9 4096 2 /sshd 483 root rtd DIR 8,9 4096 2 /sshd 483 root txt REG 8,9 523488 1193409 /usr/sbin/sshd10, 列出所有网络连接
# lsof -i该命令列出所有侦听和已建立的网络连接 Example:
# lsof -iCOMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsshd 769 root 3u IPv6 2281738844 0t0 TCP *:ssh (LISTEN)sshd 769 root 4u IPv4 2281738846 0t0 TCP *:ssh (LISTEN)named 8362 named 20u IPv4 2334751017 0t0 TCP localhost.localdomain:domain (LISTEN)named 8362 named 21u IPv4 2334751019 0t0 TCP crybit.com:domain (LISTEN)named 8362 named 22u IPv4 2334751021 0t0 TCP localhost.localdomain:rndc (LISTEN)named 8362 named 23u IPv6 2334751024 0t0 TCP localhost.localdomain:rndc (LISTEN)named 8362 named 512u IPv4 2334751016 0t0 UDP localhost.localdomain:domain关于“如何使用lsof命令”这篇文章就分享到这里了,希望以上内容可以对大家有一定的帮助,使各位可以学到更多知识,如果觉得文章不错,请把它分享出去让更多的人看到。
免责声明:
① 本站未注明“稿件来源”的信息均来自网络整理。其文字、图片和音视频稿件的所属权归原作者所有。本站收集整理出于非商业性的教育和科研之目的,并不意味着本站赞同其观点或证实其内容的真实性。仅作为临时的测试数据,供内部测试之用。本站并未授权任何人以任何方式主动获取本站任何信息。
② 本站未注明“稿件来源”的临时测试数据将在测试完成后最终做删除处理。有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
