測試環境為 CentOS 7 x86_64 (虛擬機)
lsof (list open files) 主要用來查看哪些檔案被誰開啟.
+d
使用參數 +d 可以查看目錄下的檔案被誰所開啟.
[root@localhost ~]# lsof +d /var/log COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME abrt-watc 6663 root 4r REG 253,0 1292716 4487200 /var/log/messages VGAuthSer 6672 root 2w REG 253,0 83395 6024746 /var/log/vmware-vgauthsvc.log.0 VGAuthSer 6672 root 4w REG 253,0 83395 6024746 /var/log/vmware-vgauthsvc.log.0 vmtoolsd 6673 root 3w REG 253,0 120800 6334380 /var/log/vmware-vmsvc.log abrt-watc 6682 root 4r REG 253,0 44534 4487216 /var/log/Xorg.0.log rsyslogd 7024 root 4w REG 253,0 11412 4487201 /var/log/secure rsyslogd 7024 root 7w REG 253,0 1292716 4487200 /var/log/messages rsyslogd 7024 root 8w REG 253,0 9304 4996769 /var/log/cron rsyslogd 7024 root 9w REG 253,0 1386 7324288 /var/log/maillog X 7222 root 4w REG 253,0 44534 4487216 /var/log/Xorg.0.log wpa_suppl 7951 root 3w REG 253,0 1960 4237186 /var/log/wpa_supplicant.log vmtoolsd 8675 root 3w REG 253,0 20135 6337225 /var/log/vmware-vmusr.log
+D
使用參數 +D 可以查看目錄下與其下的目錄檔案被誰所開啟(與 -d 的差別是,-D 含其子目錄).
[root@localhost ~]# lsof +D /var/log COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME auditd 6583 root 5w REG 253,0 3674766 8409168 /var/log/audit/audit.log abrt-watc 6663 root 4r REG 253,0 1292716 4487200 /var/log/messages VGAuthSer 6672 root 2w REG 253,0 83395 6024746 /var/log/vmware-vgauthsvc.log.0 VGAuthSer 6672 root 4w REG 253,0 83395 6024746 /var/log/vmware-vgauthsvc.log.0 vmtoolsd 6673 root 3w REG 253,0 120800 6334380 /var/log/vmware-vmsvc.log abrt-watc 6682 root 4r REG 253,0 44534 4487216 /var/log/Xorg.0.log tuned 7015 root 3w REG 253,0 79985 4237158 /var/log/tuned/tuned.log cupsd 7016 root 6u REG 253,0 213 2845195 /var/log/cups/access_log cupsd 7016 root 7u REG 253,0 0 3212301 /var/log/cups/error_log cupsd 7016 root 8u REG 253,0 0 3212302 /var/log/cups/page_log rsyslogd 7024 root 4w REG 253,0 11412 4487201 /var/log/secure rsyslogd 7024 root 7w REG 253,0 1292716 4487200 /var/log/messages ...
-u
使用參數 -u 可以查看指定使用者 (參照 /etc/passwd) 開啟了哪一些檔案.
[root@localhost ~]# lsof -u apache COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd 7312 apache cwd DIR 253,0 224 64 / httpd 7312 apache rtd DIR 253,0 224 64 / httpd 7312 apache txt REG 253,0 523680 2841113 /usr/sbin/httpd httpd 7312 apache mem REG 253,0 37216 971136 /usr/lib64/libnss_sss.so.2 httpd 7312 apache mem REG 253,0 57952 2843199 /usr/lib64/libzip.so.2.1.0 httpd 7312 apache mem REG 253,0 58496 7334636 /usr/lib64/php/modules/zip.so httpd 7312 apache mem REG 253,0 19384 164182 /usr/lib64/libgpg-error.so.0.10.0 httpd 7312 apache mem REG 253,0 535064 184769 /usr/lib64/libgcrypt.so.11.8.2 httpd 7312 apache mem REG 253,0 258344 184881 /usr/lib64/libxslt.so.1.1.28 httpd 7312 apache mem REG 253,0 87368 184879 /usr/lib64/libexslt.so.0.8.17 ...
-c
使用參數 -c 可以查看指定程序 (processes 可以利用 pstree 或是 ps -aux 來檢視) 開啟了哪一些檔案.
[root@localhost ~]# lsof -c httpd COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd 7040 root cwd DIR 253,0 224 64 / httpd 7040 root rtd DIR 253,0 224 64 / httpd 7040 root txt REG 253,0 523680 2841113 /usr/sbin/httpd httpd 7040 root mem REG 253,0 57952 2843199 /usr/lib64/libzip.so.2.1.0 httpd 7040 root mem REG 253,0 58496 7334636 /usr/lib64/php/modules/zip.so httpd 7040 root mem REG 253,0 19384 164182 /usr/lib64/libgpg-error.so.0.10.0 httpd 7040 root mem REG 253,0 535064 184769 /usr/lib64/libgcrypt.so.11.8.2 httpd 7040 root mem REG 253,0 258344 184881 /usr/lib64/libxslt.so.1.1.28 httpd 7040 root mem REG 253,0 87368 184879 /usr/lib64/libexslt.so.0.8.17 httpd 7040 root mem REG 253,0 37176 7334669 /usr/lib64/php/modules/xsl.so httpd 7040 root mem REG 253,0 49240 7334667 /usr/lib64/php/modules/xmlwriter.so httpd 7040 root mem REG 253,0 33008 7334665 /usr/lib64/php/modules/xmlreader.so httpd 7040 root mem REG 253,0 36832 7334664 /usr/lib64/php/modules/wddx.so httpd 7040 root mem REG 253,0 15792 7334658 /usr/lib64/php/modules/sysvshm.so httpd 7040 root mem REG 253,0 11568 7334657 /usr/lib64/php/modules/sysvsem.so httpd 7040 root mem REG 253,0 19984 7334654 /usr/lib64/php/modules/sysvmsg.so ...
-p
使用參數 -p 可以查看指定 PID (Processes ID , 可以利用 pstree -p 或是 ps -aux 來檢視) 開啟了哪一些檔案.
[root@localhost ~]# lsof -p 1 | more COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 1 root cwd DIR 253,0 224 64 / systemd 1 root rtd DIR 253,0 224 64 / systemd 1 root txt REG 253,0 1620416 957407 /usr/lib/systemd/systemd systemd 1 root mem REG 253,0 20112 164134 /usr/lib64/libuuid.so.1.3.0 systemd 1 root mem REG 253,0 265624 184787 /usr/lib64/libblkid.so.1.1.0 systemd 1 root mem REG 253,0 90248 367721 /usr/lib64/libz.so.1.2.7 systemd 1 root mem REG 253,0 157424 164155 /usr/lib64/liblzma.so.5.2.2 systemd 1 root mem REG 253,0 23968 164148 /usr/lib64/libcap-ng.so.0.0.0 systemd 1 root mem REG 253,0 19896 150134 /usr/lib64/libattr.so.1.1.0 systemd 1 root mem REG 253,0 19288 366270 /usr/lib64/libdl-2.17.so systemd 1 root mem REG 253,0 402384 150110 /usr/lib64/libpcre.so.1.2.0 ...
-i
使用參數 -i 可以查看與網路相關的檔案是被開啟(服務是啟動的狀況)
- tcp
列出與 TCP 相關的.[root@localhost ~]# lsof -i tcp COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 1 root 43u IPv4 35967 0t0 TCP *:sunrpc (LISTEN) systemd 1 root 45u IPv6 35969 0t0 TCP *:sunrpc (LISTEN) rpcbind 6590 rpc 4u IPv4 35967 0t0 TCP *:sunrpc (LISTEN) rpcbind 6590 rpc 6u IPv6 35969 0t0 TCP *:sunrpc (LISTEN) sshd 6982 root 3u IPv4 43646 0t0 TCP *:ssh (LISTEN) sshd 6982 root 4u IPv6 43655 0t0 TCP *:ssh (LISTEN) cupsd 6983 root 11u IPv6 43812 0t0 TCP localhost:ipp (LISTEN) cupsd 6983 root 12u IPv4 43813 0t0 TCP localhost:ipp (LISTEN) httpd 6997 root 4u IPv6 45451 0t0 TCP *:http (LISTEN) mysqld 7313 mysql 13u IPv4 47680 0t0 TCP *:mysql (LISTEN) master 7553 root 13u IPv4 46598 0t0 TCP localhost:smtp (LISTEN) master 7553 root 14u IPv6 46599 0t0 TCP localhost:smtp (LISTEN) dnsmasq 7574 nobody 6u IPv4 46571 0t0 TCP localhost.localdomain:domain (LISTEN) sshd 8316 root 3u IPv4 54679 0t0 TCP localhost.localdomain:ssh->192.168.95.1:49890 (ESTABLISHED) httpd 8706 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8707 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8708 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8709 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8711 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN)
- udp
列出與 UDP 相關的.[root@localhost ~]# lsof -i udp COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 1 root 44u IPv4 35968 0t0 UDP *:sunrpc systemd 1 root 46u IPv6 35970 0t0 UDP *:sunrpc rpcbind 6590 rpc 5u IPv4 35968 0t0 UDP *:sunrpc rpcbind 6590 rpc 7u IPv6 35970 0t0 UDP *:sunrpc rpcbind 6590 rpc 10u IPv4 36481 0t0 UDP *:823 rpcbind 6590 rpc 11u IPv6 36482 0t0 UDP *:823 avahi-dae 6629 avahi 12u IPv4 39542 0t0 UDP *:mdns avahi-dae 6629 avahi 13u IPv4 39552 0t0 UDP *:52667 dhclient 6762 root 6u IPv4 41391 0t0 UDP *:bootpc dnsmasq 7574 nobody 3u IPv4 46567 0t0 UDP *:bootps dnsmasq 7574 nobody 5u IPv4 46570 0t0 UDP localhost.localdomain:domain
- :port_Number , :port_Name
顯示 port_Number 相關的.[root@localhost ~]# lsof -i :80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd 6997 root 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8706 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8707 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8708 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8709 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8711 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN)
[root@localhost ~]# lsof -i tcp:80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd 6997 root 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8706 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8707 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8708 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8709 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8711 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN)
[root@localhost ~]# lsof -i :http COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd 6997 root 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8706 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8707 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8708 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8709 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8711 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN)
[root@localhost ~]# lsof -i tcp:1-80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 6982 root 3u IPv4 43646 0t0 TCP *:ssh (LISTEN) sshd 6982 root 4u IPv6 43655 0t0 TCP *:ssh (LISTEN) httpd 6997 root 4u IPv6 45451 0t0 TCP *:http (LISTEN) master 7553 root 13u IPv4 46598 0t0 TCP localhost:smtp (LISTEN) master 7553 root 14u IPv6 46599 0t0 TCP localhost:smtp (LISTEN) dnsmasq 7574 nobody 6u IPv4 46571 0t0 TCP localhost.localdomain:domain (LISTEN) sshd 8316 root 3u IPv4 54679 0t0 TCP localhost.localdomain:ssh->192.168.95.1:49890 (ESTABLISHED) httpd 8706 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8707 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8708 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8709 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8711 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN)
- -s
列出限定 state 相關的.[root@localhost ~]# lsof -i TCP -s TCP:LISTEN COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 1 root 43u IPv4 35967 0t0 TCP *:sunrpc (LISTEN) systemd 1 root 45u IPv6 35969 0t0 TCP *:sunrpc (LISTEN) rpcbind 6590 rpc 4u IPv4 35967 0t0 TCP *:sunrpc (LISTEN) rpcbind 6590 rpc 6u IPv6 35969 0t0 TCP *:sunrpc (LISTEN) sshd 6982 root 3u IPv4 43646 0t0 TCP *:ssh (LISTEN) sshd 6982 root 4u IPv6 43655 0t0 TCP *:ssh (LISTEN) cupsd 6983 root 11u IPv6 43812 0t0 TCP localhost:ipp (LISTEN) cupsd 6983 root 12u IPv4 43813 0t0 TCP localhost:ipp (LISTEN) httpd 6997 root 4u IPv6 45451 0t0 TCP *:http (LISTEN) mysqld 7313 mysql 13u IPv4 47680 0t0 TCP *:mysql (LISTEN) master 7553 root 13u IPv4 46598 0t0 TCP localhost:smtp (LISTEN) master 7553 root 14u IPv6 46599 0t0 TCP localhost:smtp (LISTEN) dnsmasq 7574 nobody 6u IPv4 46571 0t0 TCP localhost.localdomain:domain (LISTEN) httpd 8706 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8707 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8708 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8709 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN) httpd 8711 apache 4u IPv6 45451 0t0 TCP *:http (LISTEN)
[root@localhost ~]# lsof -i TCP -s TCP:ESTABLISHED COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 8316 root 3u IPv4 54679 0t0 TCP localhost.localdomain:ssh->192.168.95.1:49890 (ESTABLISHED)
沒有解決問題,試試搜尋本站其他內容