发布时间:2014-09-05 17:04:22作者:知识屋
首先看这个 http://www.zhishiwu.com/os/201108/100604.html
关于lsof,网管员应该了解以下这个用法:
# 显示当前SSH的连接用户和源IP地址
$ sudo lsof -n | grep sshd | grep TCP | cut -c18-28,70-
root TCP *:22 (LISTEN)
root TCP *:22 (LISTEN)
root TCP 1.2.3.4:22->6.7.8.9:2544 (ESTABLISHED)
huangwei TCP 1.2.3.4:22->6.7.8.9:2544 (ESTABLISHED)
root TCP 1.2.3.4:22->6.7.8.9:29340 (ESTABLISHED)
huangwei TCP 1.2.3.4:22->6.7.8.9:29340 (ESTABLISHED)
root TCP 1.2.3.4:22->6.7.8.9:33223 (ESTABLISHED)
huangwei TCP 1.2.3.4:22->6.7.8.9:33223 (ESTABLISHED)
huangwei TCP [::1]:cisco-sccp (LISTEN)
huangwei TCP 127.0.0.1:cisco-sccp (LISTEN)
huangwei TCP 1.2.3.4:40183->74.125.227.8:https (ESTABLISHED)
root TCP 1.2.3.4:22->6.7.8.9:43698 (ESTABLISHED)
huangwei TCP 1.2.3.4:22->6.7.8.9:43698 (ESTABLISHED)
root TCP 1.2.3.4:22->6.7.8.9:44943 (ESTABLISHED)
huangwei TCP 1.2.3.4:22->6.7.8.9:44943 (ESTABLISHED)
huangwei TCP 1.2.3.4:38038->74.125.227.20:www (ESTABLISHED)
看看是谁在大量并发连接呢?
DDoS?网站管理员的噩梦!一条”简单”命令就能找出script kids?看过来:
$ sudo netstat -anp |grep 'tcp/|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
8 192.168.0.218
7 192.168.0.38
6 192.168.0.14
6 0.0.0.0
2 192.168.0.166
2 192.168.0.110
2 192.168.0.10
1 192.168.232.223
1 192.168.0.70
1 192.168.0.6
1 192.168.0.50
1 192.168.0.22
1 192.168.0.210
1 192.168.0.194
看看现在服务器打开了多少端口?看过来:
$ sudo lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 1190 mysql 10u IPv4 5022 0t0 TCP localhost:mysql (LISTEN)
apache2 1347 root 3u IPv4 5327 0t0 TCP *:www (LISTEN)
svnserve 1759 svn 3u IPv4 6612 0t0 TCP ooxx-vpn:svn (LISTEN)
sshd 2583 root 3r IPv4 1194924 0t0 TCP 192.168.1.176:8822->192.168.2.223:40876 (ESTABLISHED)
sshd 2651 huangwei 3u IPv4 1194924 0t0 TCP 192.168.1.176:8822->192.168.2.223:40876 (ESTABLISHED)
apache2 2714 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2715 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2722 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2722 www-data 11u IPv4 1198941 0t0 TCP ooxx-vpn:www->192.168.0.50:4068 (ESTABLISHED)
apache2 2723 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2725 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2725 www-data 11u IPv4 1198939 0t0 TCP ooxx-vpn:www->192.168.0.194:15397 (ESTABLISHED)
apache2 2734 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2809 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2809 www-data 11u IPv4 1198940 0t0 TCP ooxx-vpn:www->192.168.0.218:1521 (ESTABLISHED)
apache2 2810 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2811 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2818 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2819 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2845 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2845 www-data 11u IPv4 1198938 0t0 TCP ooxx-vpn:www->192.168.0.14:36802 (ESTABLISHED)
proftpd 7191 ftp 0u IPv4 29954 0t0 TCP ooxx-vpn:ftp (LISTEN)
sshd 9720 root 3u IPv4 47070 0t0 TCP *:8822 (LISTEN)
sshd 9720 root 4u IPv6 47072 0t0 TCP *:8822 (LISTEN)
svnserve 11217 svn 4u IPv4 1019658 0t0 TCP ooxx-vpn:svn->192.168.0.166:6211 (ESTABLISHED)
svnserve 11350 svn 4u IPv4 1020389 0t0 TCP ooxx-vpn:svn->192.168.0.166:6286 (ESTABLISHED)
svnserve 12706 svn 4u IPv4 627093 0t0 TCP ooxx-vpn:svn->192.168.0.22:1084 (ESTABLISHED)
看看本机上所有占用 TCP 80端口的应用程序
$ sudo lsof -i tcp:80
样例输出如下:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 2827 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2827 www-data 11u IPv4 2026780 0t0 TCP ooxx-vpn:www->192.168.0.22:14949 (ESTABLISHED)
apache2 2875 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2919 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2920 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2921 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2924 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2926 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2928 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2930 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2932 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2933 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 26081 root 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
猪在笑
linux一键安装web环境全攻略 在linux系统中怎么一键安装web环境方法
Linux网络基本网络配置方法介绍 如何配置Linux系统的网络方法
Linux下DNS服务器搭建详解 Linux下搭建DNS服务器和配置文件
对Linux进行详细的性能监控的方法 Linux 系统性能监控命令详解
linux系统root密码忘了怎么办 linux忘记root密码后找回密码的方法
Linux基本命令有哪些 Linux系统常用操作命令有哪些
Linux必学的网络操作命令 linux网络操作相关命令汇总
linux系统从入侵到提权的详细过程 linux入侵提权服务器方法技巧
linux系统怎么用命令切换用户登录 Linux切换用户的命令是什么
在linux中添加普通新用户登录 如何在Linux中添加一个新的用户
2012-07-10
CentOS 6.3安装(详细图解教程)
Linux怎么查看网卡驱动?Linux下查看网卡的驱动程序
centos修改主机名命令
Ubuntu或UbuntuKyKin14.04Unity桌面风格与Gnome桌面风格的切换
FEDORA 17中设置TIGERVNC远程访问
StartOS 5.0相关介绍,新型的Linux系统!
解决vSphere Client登录linux版vCenter失败
LINUX最新提权 Exploits Linux Kernel <= 2.6.37
nginx在网站中的7层转发功能