Linux command – lsof

Loading

測試環境為 CentOS 7 x86_64 (虛擬機)

lsof (list open files) 主要用來查看哪些檔案被誰開啟.

+d
使用參數 +d 可以查看目錄下的檔案被誰所開啟.

[root@localhost ~]# lsof +d /var/log
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF    NODE NAME
abrt-watc 6663 root    4r   REG  253,0  1292716 4487200 /var/log/messages
VGAuthSer 6672 root    2w   REG  253,0    83395 6024746 /var/log/vmware-vgauthsvc.log.0
VGAuthSer 6672 root    4w   REG  253,0    83395 6024746 /var/log/vmware-vgauthsvc.log.0
vmtoolsd  6673 root    3w   REG  253,0   120800 6334380 /var/log/vmware-vmsvc.log
abrt-watc 6682 root    4r   REG  253,0    44534 4487216 /var/log/Xorg.0.log
rsyslogd  7024 root    4w   REG  253,0    11412 4487201 /var/log/secure
rsyslogd  7024 root    7w   REG  253,0  1292716 4487200 /var/log/messages
rsyslogd  7024 root    8w   REG  253,0     9304 4996769 /var/log/cron
rsyslogd  7024 root    9w   REG  253,0     1386 7324288 /var/log/maillog
X         7222 root    4w   REG  253,0    44534 4487216 /var/log/Xorg.0.log
wpa_suppl 7951 root    3w   REG  253,0     1960 4237186 /var/log/wpa_supplicant.log
vmtoolsd  8675 root    3w   REG  253,0    20135 6337225 /var/log/vmware-vmusr.log

+D
使用參數 +D 可以查看目錄下與其下的目錄檔案被誰所開啟(與 -d 的差別是,-D 含其子目錄).

[root@localhost ~]# lsof +D /var/log
COMMAND    PID   USER   FD   TYPE DEVICE SIZE/OFF    NODE NAME
auditd    6583   root    5w   REG  253,0  3674766 8409168 /var/log/audit/audit.log
abrt-watc 6663   root    4r   REG  253,0  1292716 4487200 /var/log/messages
VGAuthSer 6672   root    2w   REG  253,0    83395 6024746 /var/log/vmware-vgauthsvc.log.0
VGAuthSer 6672   root    4w   REG  253,0    83395 6024746 /var/log/vmware-vgauthsvc.log.0
vmtoolsd  6673   root    3w   REG  253,0   120800 6334380 /var/log/vmware-vmsvc.log
abrt-watc 6682   root    4r   REG  253,0    44534 4487216 /var/log/Xorg.0.log
tuned     7015   root    3w   REG  253,0    79985 4237158 /var/log/tuned/tuned.log
cupsd     7016   root    6u   REG  253,0      213 2845195 /var/log/cups/access_log
cupsd     7016   root    7u   REG  253,0        0 3212301 /var/log/cups/error_log
cupsd     7016   root    8u   REG  253,0        0 3212302 /var/log/cups/page_log
rsyslogd  7024   root    4w   REG  253,0    11412 4487201 /var/log/secure
rsyslogd  7024   root    7w   REG  253,0  1292716 4487200 /var/log/messages
...

-u
使用參數 -u 可以查看指定使用者 (參照 /etc/passwd) 開啟了哪一些檔案.

[root@localhost ~]# lsof -u apache 
COMMAND  PID   USER   FD      TYPE             DEVICE SIZE/OFF    NODE NAME
httpd   7312 apache  cwd       DIR              253,0      224      64 /
httpd   7312 apache  rtd       DIR              253,0      224      64 /
httpd   7312 apache  txt       REG              253,0   523680 2841113 /usr/sbin/httpd
httpd   7312 apache  mem       REG              253,0    37216  971136 /usr/lib64/libnss_sss.so.2
httpd   7312 apache  mem       REG              253,0    57952 2843199 /usr/lib64/libzip.so.2.1.0
httpd   7312 apache  mem       REG              253,0    58496 7334636 /usr/lib64/php/modules/zip.so
httpd   7312 apache  mem       REG              253,0    19384  164182 /usr/lib64/libgpg-error.so.0.10.0
httpd   7312 apache  mem       REG              253,0   535064  184769 /usr/lib64/libgcrypt.so.11.8.2
httpd   7312 apache  mem       REG              253,0   258344  184881 /usr/lib64/libxslt.so.1.1.28
httpd   7312 apache  mem       REG              253,0    87368  184879 /usr/lib64/libexslt.so.0.8.17
...

-c
使用參數 -c 可以查看指定程序 (processes 可以利用 pstree 或是 ps -aux 來檢視) 開啟了哪一些檔案.

[root@localhost ~]# lsof -c httpd 
COMMAND  PID   USER   FD      TYPE             DEVICE SIZE/OFF    NODE NAME
httpd   7040   root  cwd       DIR              253,0      224      64 /
httpd   7040   root  rtd       DIR              253,0      224      64 /
httpd   7040   root  txt       REG              253,0   523680 2841113 /usr/sbin/httpd
httpd   7040   root  mem       REG              253,0    57952 2843199 /usr/lib64/libzip.so.2.1.0
httpd   7040   root  mem       REG              253,0    58496 7334636 /usr/lib64/php/modules/zip.so
httpd   7040   root  mem       REG              253,0    19384  164182 /usr/lib64/libgpg-error.so.0.10.0
httpd   7040   root  mem       REG              253,0   535064  184769 /usr/lib64/libgcrypt.so.11.8.2
httpd   7040   root  mem       REG              253,0   258344  184881 /usr/lib64/libxslt.so.1.1.28
httpd   7040   root  mem       REG              253,0    87368  184879 /usr/lib64/libexslt.so.0.8.17
httpd   7040   root  mem       REG              253,0    37176 7334669 /usr/lib64/php/modules/xsl.so
httpd   7040   root  mem       REG              253,0    49240 7334667 /usr/lib64/php/modules/xmlwriter.so
httpd   7040   root  mem       REG              253,0    33008 7334665 /usr/lib64/php/modules/xmlreader.so
httpd   7040   root  mem       REG              253,0    36832 7334664 /usr/lib64/php/modules/wddx.so
httpd   7040   root  mem       REG              253,0    15792 7334658 /usr/lib64/php/modules/sysvshm.so
httpd   7040   root  mem       REG              253,0    11568 7334657 /usr/lib64/php/modules/sysvsem.so
httpd   7040   root  mem       REG              253,0    19984 7334654 /usr/lib64/php/modules/sysvmsg.so
...

-p
使用參數 -p 可以查看指定 PID (Processes ID , 可以利用 pstree -p 或是 ps -aux 來檢視) 開啟了哪一些檔案.

[root@localhost ~]# lsof -p 1 | more
COMMAND PID USER   FD      TYPE             DEVICE SIZE/OFF       NODE NAME
systemd   1 root  cwd       DIR              253,0      224         64 /
systemd   1 root  rtd       DIR              253,0      224         64 /
systemd   1 root  txt       REG              253,0  1620416     957407 /usr/lib/systemd/systemd
systemd   1 root  mem       REG              253,0    20112     164134 /usr/lib64/libuuid.so.1.3.0
systemd   1 root  mem       REG              253,0   265624     184787 /usr/lib64/libblkid.so.1.1.0
systemd   1 root  mem       REG              253,0    90248     367721 /usr/lib64/libz.so.1.2.7
systemd   1 root  mem       REG              253,0   157424     164155 /usr/lib64/liblzma.so.5.2.2
systemd   1 root  mem       REG              253,0    23968     164148 /usr/lib64/libcap-ng.so.0.0.0
systemd   1 root  mem       REG              253,0    19896     150134 /usr/lib64/libattr.so.1.1.0
systemd   1 root  mem       REG              253,0    19288     366270 /usr/lib64/libdl-2.17.so
systemd   1 root  mem       REG              253,0   402384     150110 /usr/lib64/libpcre.so.1.2.0
...

-i
使用參數 -i 可以查看與網路相關的檔案是被開啟(服務是啟動的狀況)

  • tcp
    列出與 TCP 相關的.

    [root@localhost ~]# lsof -i tcp
    COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    systemd    1   root   43u  IPv4  35967      0t0  TCP *:sunrpc (LISTEN)
    systemd    1   root   45u  IPv6  35969      0t0  TCP *:sunrpc (LISTEN)
    rpcbind 6590    rpc    4u  IPv4  35967      0t0  TCP *:sunrpc (LISTEN)
    rpcbind 6590    rpc    6u  IPv6  35969      0t0  TCP *:sunrpc (LISTEN)
    sshd    6982   root    3u  IPv4  43646      0t0  TCP *:ssh (LISTEN)
    sshd    6982   root    4u  IPv6  43655      0t0  TCP *:ssh (LISTEN)
    cupsd   6983   root   11u  IPv6  43812      0t0  TCP localhost:ipp (LISTEN)
    cupsd   6983   root   12u  IPv4  43813      0t0  TCP localhost:ipp (LISTEN)
    httpd   6997   root    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    mysqld  7313  mysql   13u  IPv4  47680      0t0  TCP *:mysql (LISTEN)
    master  7553   root   13u  IPv4  46598      0t0  TCP localhost:smtp (LISTEN)
    master  7553   root   14u  IPv6  46599      0t0  TCP localhost:smtp (LISTEN)
    dnsmasq 7574 nobody    6u  IPv4  46571      0t0  TCP localhost.localdomain:domain (LISTEN)
    sshd    8316   root    3u  IPv4  54679      0t0  TCP localhost.localdomain:ssh->192.168.95.1:49890 (ESTABLISHED)
    httpd   8706 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8707 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8708 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8709 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8711 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    
  • udp
    列出與 UDP 相關的.

    [root@localhost ~]# lsof -i udp
    COMMAND    PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    systemd      1   root   44u  IPv4  35968      0t0  UDP *:sunrpc 
    systemd      1   root   46u  IPv6  35970      0t0  UDP *:sunrpc 
    rpcbind   6590    rpc    5u  IPv4  35968      0t0  UDP *:sunrpc 
    rpcbind   6590    rpc    7u  IPv6  35970      0t0  UDP *:sunrpc 
    rpcbind   6590    rpc   10u  IPv4  36481      0t0  UDP *:823 
    rpcbind   6590    rpc   11u  IPv6  36482      0t0  UDP *:823 
    avahi-dae 6629  avahi   12u  IPv4  39542      0t0  UDP *:mdns 
    avahi-dae 6629  avahi   13u  IPv4  39552      0t0  UDP *:52667 
    dhclient  6762   root    6u  IPv4  41391      0t0  UDP *:bootpc 
    dnsmasq   7574 nobody    3u  IPv4  46567      0t0  UDP *:bootps 
    dnsmasq   7574 nobody    5u  IPv4  46570      0t0  UDP localhost.localdomain:domain 
    
  • :port_Number , :port_Name
    顯示 port_Number 相關的.

    [root@localhost ~]# lsof -i :80
    COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    httpd   6997   root    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8706 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8707 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8708 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8709 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8711 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    
    [root@localhost ~]# lsof -i tcp:80
    COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    httpd   6997   root    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8706 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8707 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8708 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8709 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8711 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    
    [root@localhost ~]# lsof -i :http
    COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    httpd   6997   root    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8706 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8707 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8708 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8709 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8711 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    
    [root@localhost ~]# lsof -i tcp:1-80
    COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    sshd    6982   root    3u  IPv4  43646      0t0  TCP *:ssh (LISTEN)
    sshd    6982   root    4u  IPv6  43655      0t0  TCP *:ssh (LISTEN)
    httpd   6997   root    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    master  7553   root   13u  IPv4  46598      0t0  TCP localhost:smtp (LISTEN)
    master  7553   root   14u  IPv6  46599      0t0  TCP localhost:smtp (LISTEN)
    dnsmasq 7574 nobody    6u  IPv4  46571      0t0  TCP localhost.localdomain:domain (LISTEN)
    sshd    8316   root    3u  IPv4  54679      0t0  TCP localhost.localdomain:ssh->192.168.95.1:49890 (ESTABLISHED)
    httpd   8706 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8707 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8708 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8709 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8711 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    
  • -s
    列出限定 state 相關的.

    [root@localhost ~]# lsof -i TCP -s TCP:LISTEN
    COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    systemd    1   root   43u  IPv4  35967      0t0  TCP *:sunrpc (LISTEN)
    systemd    1   root   45u  IPv6  35969      0t0  TCP *:sunrpc (LISTEN)
    rpcbind 6590    rpc    4u  IPv4  35967      0t0  TCP *:sunrpc (LISTEN)
    rpcbind 6590    rpc    6u  IPv6  35969      0t0  TCP *:sunrpc (LISTEN)
    sshd    6982   root    3u  IPv4  43646      0t0  TCP *:ssh (LISTEN)
    sshd    6982   root    4u  IPv6  43655      0t0  TCP *:ssh (LISTEN)
    cupsd   6983   root   11u  IPv6  43812      0t0  TCP localhost:ipp (LISTEN)
    cupsd   6983   root   12u  IPv4  43813      0t0  TCP localhost:ipp (LISTEN)
    httpd   6997   root    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    mysqld  7313  mysql   13u  IPv4  47680      0t0  TCP *:mysql (LISTEN)
    master  7553   root   13u  IPv4  46598      0t0  TCP localhost:smtp (LISTEN)
    master  7553   root   14u  IPv6  46599      0t0  TCP localhost:smtp (LISTEN)
    dnsmasq 7574 nobody    6u  IPv4  46571      0t0  TCP localhost.localdomain:domain (LISTEN)
    httpd   8706 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8707 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8708 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8709 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    httpd   8711 apache    4u  IPv6  45451      0t0  TCP *:http (LISTEN)
    
    [root@localhost ~]# lsof -i TCP -s TCP:ESTABLISHED
    COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    sshd    8316 root    3u  IPv4  54679      0t0  TCP localhost.localdomain:ssh->192.168.95.1:49890 (ESTABLISHED)
    
沒有解決問題,試試搜尋本站其他內容

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料