1, 使用 lsof 命令行列出所有打开的文件
# lsof
这可是一个很长的列表,包括打开的文件和网络
上述屏幕截图中包含很多列,例如 PID、user、FD 和 TYPE 等等。
FD – File descriptor
FD 列包含这样一些值
cwd – Current working directorytxt – Text filemem – Memory Mapped filemmap – Memory Mapped deviceNumber – It represent the actual file descriptor. For example, 0u, 1w and 3r
r 是读的意思,w 是写,u 代表读写
Type 代表文件类型,例如:
>REG – Regular file >DIR – Directory>CHR – Character special file>FIFO – First in first out
2, 列出某个用户打开的文件
# lsof -u user_name
Example:
# lsof -u crybitCOMMAND PID USER FD TYPEDEVICE SIZE/OFFNODE NAMEsshd 29609 crybit cwd DIR144,2334096 117711421 /sshd 29609 crybit rtd DIR144,2334096 117711421 /sshd 29609 crybit txt REG144,233 409488 119020186 /usr/sbin/sshdsshd 29609 crybit mem REG144,2412443001619 (deleted)/dev/zero (stat: No such file or directory)sshd 29609 crybit mem REG8,37119021850 /lib64/libnss_dns-2.5.so (path dev=144,233)sshd 29609 crybit mem REG8,37119021984 /lib64/security/pam_succeed_if.so (path dev=144,233)sshd 29609 crybit mem REG8,37119022000 /lib64/security/pam_limits.so (path dev=144,233)sshd 29609 crybit mem REG8,37119021960 /lib64/security/pam_keyinit.so (path dev=144,233)sshd 29609 crybit mem REG8,37119021972 /lib64/security/pam_cracklib.so (path dev=144,233)sshd 29609 crybit mem REG8,37119021987 /lib64/security/pam_nologin.so (path dev=144,233)sshd 29609 crybit mem REG8,37119021988 /lib64/security/pam_deny.so (path dev=144,233)sshd 29609 crybit mem REG8,37119019223 /usr/lib64/libcrack.so.2.8.0 (path dev=144,233)……….
3, 列出在某个端口运行的进程
# lsof -i :port_number
Example:
# lsof -i :22COMMAND PID USER FD TYPEDEVICE SIZE/OFF NODE NAMEsshd769 root 3u IPv6 22817388440t0 TCP *:ssh (LISTEN)sshd769 root 4u IPv4 22817388460t0 TCP *:ssh (LISTEN) # lsof -i :3306COMMAND PID USER FD TYPEDEVICE SIZE/OFF NODE NAMEmysqld 11106 mysql 10u IPv4 23409751140t0 TCP *:mysql (LISTEN)
4, 只列出使用 IPv4 的打开文件
# lsof -i 4 – For IPv4
Example:
# lsof -i 4COMMANDPID USER FD TYPEDEVICE SIZE/OFF NODE NAMEsshd769 root 4u IPv4 22817388460t0 TCP *:ssh (LISTEN)named8362 named 20u IPv4 23347510170t0 TCP localhost.localdomain:domain (LISTEN)named8362 named 21u IPv4 23347510190t0 TCP crybit.com:domain (LISTEN)named8362 named 22u IPv4 23347510210t0 TCP localhost.localdomain:rndc (LISTEN)named8362 named 512u IPv4 23347510160t0 UDP localhost.localdomain:domain named8362 named 513u IPv4 23347510180t0 UDP crybit.com:domain tcpserver 9975 root 3u IPv4 23354879590t0 TCP *:pop3 (LISTEN)tcpserver 9978 root 3u IPv4 23354879670t0 TCP *:pop3s (LISTEN)tcpserver 9983 root 3u IPv4 23354879970t0 TCP *:imap (LISTEN)tcpserver 9987 root 3u IPv4 23354880140t0 TCP *:imaps (LISTEN)xinetd 10413 root 5u IPv4 23360709830t0 TCP *:ftp (LISTEN)xinetd 10413 root 6u IPv4 23360709840t0 TCP *:smtp (LISTEN)mysqld 11106 mysql 10u IPv4 23409751140t0 TCP *:mysql (LISTEN) # lsof -i 6
Example:
# lsof -i 6COMMAND PID USER FD TYPEDEVICE SIZE/OFF NODE NAMEsshd769 root 3u IPv6 22817388440t0 TCP *:ssh (LISTEN)named 8362 named 23u IPv6 23347510240t0 TCP localhost.localdomain:rndc (LISTEN)httpd 29241 root 4u IPv6 24397772060t0 TCP *:http (LISTEN)httpd 29241 root 6u IPv6 24397772110t0 TCP *:https (LISTEN)httpd 29243 apache 4u IPv6 24397772060t0 TCP *:http (LISTEN)httpd 29243 apache 6u IPv6 24397772110t0 TCP *:https (LISTEN)httpd 29244 apache 4u IPv6 24397772060t0 TCP *:http (LISTEN)httpd 29244 apache 6u IPv6 24397772110t0 TCP *:https (LISTEN)httpd 29245 apache 4u IPv6 24397772060t0 TCP *:http (LISTEN)httpd 29245 apache 6u IPv6 24397772110t0 TCP *:https (LISTEN)httpd 29246 apache 4u IPv6 24397772060t0 TCP *:http (LISTEN)
5, 列出端口在 1-1024 之间的所有进程
# lsof -i :1-1024
Example:
# lsof -i :1-1024COMMANDPID USER FD TYPEDEVICE SIZE/OFF NODE NAMEsshd769 root 3u IPv6 22817388440t0 TCP *:ssh (LISTEN)sshd769 root 4u IPv4 22817388460t0 TCP *:ssh (LISTEN)named8362 named 20u IPv4 23347510170t0 TCP localhost.localdomain:domain (LISTEN)named8362 named 21u IPv4 23347510190t0 TCP crybit.com:domain (LISTEN)named8362 named 22u IPv4 23347510210t0 TCP localhost.localdomain:rndc (LISTEN)named8362 named 23u IPv6 23347510240t0 TCP localhost.localdomain:rndc (LISTEN)tcpserver 9975 root 3u IPv4 23354879590t0 TCP *:pop3 (LISTEN)tcpserver 9978 root 3u IPv4 23354879670t0 TCP *:pop3s (LISTEN)tcpserver 9983 root 3u IPv4 23354879970t0 TCP *:imap (LISTEN)tcpserver 9987 root 3u IPv4 23354880140t0 TCP *:imaps (LISTEN)xinetd 10413 root 5u IPv4 23360709830t0 TCP *:ftp (LISTEN)xinetd 10413 root 6u IPv4 23360709840t0 TCP *:smtp (LISTEN)httpd29241 root 4u IPv6 24397772060t0 TCP *:http (LISTEN)httpd29241 root 6u IPv6 24397772110t0 TCP *:https (LISTEN)httpd29243 apache 4u IPv6 24397772060t0 TCP *:http (LISTEN)……..
6, 根据进程id来列出打开的文件
# lsof -p PID 就是对虚怀若谷谦虚谨慎八个字真正理解的人,
