|
2001. 6.30
°øÀç¼ø/ kong@certcc.or.kr
1. ¼Ò°³
LSOF´Â 'List Open File'ÀÇ ¾àÀÚ·Î, ÇØ´ç System¿¡¼ ±¸µ¿µÇ°í ÀÖ´Â ÇÁ·Î¼¼½ºµé¿¡ ÀÇÇؼ ¿·ÁÁø ÆÄÀϵéÀ»
È®ÀÎ ÇÒ ¼ö ÀÖ´Â ÅøÀÌ´Ù. ½Ã½ºÅÛÀÇ Àǽɽº·¯¿î ÇÁ·Î¼¼½º¿¡ ´ëÇÑ È®ÀÎÀÌ ¿ëÀÌÇÏ°í, ¼³Ä¡°¡ ºñ±³Àû ½¬¿ö ¸¹ÀÌ ÀÌ¿ëµÇ°í ÀÖ´Ù.
|
[cert:root]:/user/kong/lsof_4.56> lsof
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sched 0 root cwd VDIR 32,0 1024 2 /
sched 0 root 0u VCHR 12,2 0t0 140375 /devices/pseudo/sad@0:user(COMMON)
.....
.....
sendmail 23403 root 13u inet 0x603ca5b8 0t2290 TCP cert:52969->211.45.162.90:smtp
(ESTABLISHED)
sendmail 23403 root 14u inet 0x603ca5b8 0t2290 TCP cert:52969->211.45.162.90:smtp
(ESTABLISHED)
......
|
[±×¸² 1] LSOF ½ÇÇà ¿¹
Top
2. LSOF ´Ù¿î·Îµå ¹Þ±â
ÃֽŠ¹öÀüÀº ftp://vic.cc.purdue.edu/pub/tools/unix/lsof ¿¡¼ È®ÀÎ ÇÒ ¼ö ÀÖÀ¸¸ç, ¿©·¯
°³ÀÇ Mirror site °¡ Á¸ÀçÇØ ½±°Ô ´Ù¿î·Îµå ¹ÞÀ» ¼ö ÀÖ´Ù.
Mirror site URL :
* ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutiles/lsof
* ftp://ftp.cert.dfu.du/pub/tools/admin/lsof
* ftp://ftp.cetis.hvu.nl/pub/lsof
* ftp://ftp.crc.doc.ca/packages/
Version 4 LSOF ´Â gzipÀ¸·Î ¾ÐÃàµÇ¾î ÀÖÀ¸¸ç, ÆÄÀÏ¸í¿¡ revision number¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Ù.
ftp://vic.cc.purdue.edu/pub/tools/unix/lsof_<rev>_W.tar.gz
¶Ç´Â ftp://vic.cc.purdue.edu/pub/tools/unix/lsof_<rev>_W.tar.Z
¡Ø ¸®´ª½º ½Ã½ºÅÛÀÇ °æ¿ì¿¡´Â, ´ëºÎºÐ ±âº»ÀûÀ¸·Î LSOF°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù. (¸¸¾à ¼³Ä¡°¡ ¾ÈµÇ¾î ÀÖ´Â »óŶó¸é rpm ÆÐÅ°Áö·Î
¹èÆ÷ÇÏ°í ÀÖÀ¸¹Ç·Î linux ¹èÆ÷»çÀÌÆ®¸¦ ÀÌ¿ëÇÏ¸é µÉ °ÍÀÌ´Ù.)
Top
3. ¾ÐÃàÇØÁ¦
ÀÌ ¹®¼¿¡¼´Â ver.4(revision 4.56) LSOF¸¦ Solaris OS¿¡¼ ¼³Ä¡ÇÏ´Â °úÁ¤À» º¸À̵µ·Ï ÇÑ´Ù.
gzip -d lsof_4.56_W.tar.gz
tar -xvf lsof_4.56_W.tar
¡Ø Âü°í·Î 4.56 ¹öÀüÀÇ lsof.tar ÆÄÀÏÀÇ md5 checksum °ªÀº ´ÙÀ½°ú °°À¸¸ç, MD5 (lsof_4.56.tar)
= 92155bb6430d14d044f8ca96858e63b8
md5 checksum toolÀº ¾Æ·¡ »çÀÌÆ®¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Ù.
ftp://ftp.cerias.purdue.edu/pub/tools/unix/crypto/md5
Top
4. ¼³Ä¡Çϱâ
LSOF ¼³Ä¡°úÁ¤Àº Å©°Ô ¾ÐÃàÇØÁ¦ -> Inventory -> Configure -> Install 4´Ü°è·Î
º¼ ¼ö ÀÖ´Ù.
¨ç ¾ÐÃà Ç®±â
¿ì¼± Ãʱâ Wrapper¿¡ ½×ÀÎ ÆÄÀÏ ¾ÐÃàÀ» Ç®¸é ÇØ´ç µð·ºÅ丮 ³»¿¡ ´ÙÀ½°ú °°Àº 5°³ ÀÇ ÆÄÀÏÀÌ »ý¼ºµÇ°í, ÀÌ¿Í ÇÔ²² lsof_4.56
µð·ºÅ丮°¡ »ý¼ºµÈ´Ù.
[cert:root]:/user/kong> tar -xvf lsof_4.56_W.tar
x RELEASE.SUMMARY_4.56, 12803 bytes, 26 tape blocks
x README.lsof_4.56, 4129 bytes, 9 tape blocks
x 00.README.FIRST_4.56, 700 bytes, 2 tape blocks
x lsof_4.56.tar, 3317760 bytes, 6480 tape blocks
x lsof_4.56.tar.asc, 284 bytes, 1 tape blocks
|
»ý¼ºµÇ´Â ÆÄÀÏ
|
¼³¸í
|
|
00.README.FIRST_4.56
|
Readme file for the distribution
|
|
README.lsof_4.56
|
Contains distribution and security information
|
|
RELEASE.SUMMARY_4.56
|
Summary of the lsof 4.56 distribution
|
|
lsof_4.56.tar
|
LSOF 4.56 tar archive
|
|
lsof_4.56.tar.asc
|
Detached PGP certificate for lsof_4.56.tar
|
[Ç¥ 1] lsof_4.56_W.tar ¾ÐÃà ÇØÁö ÈÄ »ý¼ºµÇ´Â ÆÄÀϵé
Top
¡Ø »ý¼ºµÈ lsof_4.56 µð·ºÅ丮¿¡ »ý¼ºµÇ´Â ÁÖ¿ä ÆÄÀϵé
[sparc5:root]:/user/kong/lsof_4.56> ls
./ 00DIST 00README arg.c lsof_fields.h proto.h
../ 00FAQ 00XCONFIG dialects/ main.c regex.h
00.README.FIRST 00LSOF-L AFSConfig* lib/ misc.c scripts/
00CREDITS 00MANIFEST Configure* lsof.8 node.c store.c
00DCACHE 00PORTING Customize* lsof.h print.c usage.c
00DIALECTS 00QUICKSTART Inventory* lsof.man proc.c version
¨è Inventory
LSOF¸¦ ¼³Ä¡ ÇÒ¶§ Àý´ëÀûÀ¸·Î ÇÊ¿äÇÑ °úÁ¤Àº ¾Æ´Ï´Ù. ±×·¯³ª subdirectoryµéÀ» üũÇÏ°í, °¢ ½ºÅ©¸³Æ®µé°ú ÆÄÀÏ
Çì´õµé, ¼Ò½ºÆÄÀϵéÀÌ ½ÇÁ¦·Î Á¸ÀçÇÏ´ÂÁö µî ÆÐÅ°Áö »óŸ¦ üũ ÇØ º¼ ÇÊ¿ä°¡ ÀÖ´Ù. ´ÙÀ½°ú °°ÀÌ Inventory ½ºÅ©¸³Æ®¸¦
½ÇÇàÇÏ°Ô µÇ¸é, inventory ÀÛ¾÷¿¡ ´ëÇÑ ¼Ò°³ °¡ ³ª¿À°í ½ÇÇàÇÒ °ÍÀÎÁö ¿©ºÎ¸¦ ¹°¾î¿À´Âµ¥ 'y' ·Î ´äÇÏ¸é¼ ÁøÇàÇÏ°Ô µÇ¸é
µð·ºÅ丮µéÀÇ list ¸¦ È®ÀÎÇÒ ¼ö ÀÖ´Ù.
[cert:root]:/user/kong/lsof_4.56> ./Inventory
Conducting an inventory of the lsof distribution; this will take a while.
Examining /user/kong/lsof_4.56: OK
Examining dialects: OK
....
....
Examining lib: OK
Examining scripts: OK
This lsof distribution seems to be complete.
Top
¨é Configure
ȯ°æ¼³Á¤¿¡ ÇÊ¿äÇÑ ¿©·¯ ´Ü°èÀÇ ÀÛ¾÷À» ÇÏ°Ô µÇ´Âµ¥, ¾Æ·¡¿Í °°ÀÌ ÇØ´ç OS¿¡ ¸Â °Ô ¼±ÅÃÇÏ°í Configure ½ºÅ©¸³Æ®¸¦
±¸µ¿ÇÏ¸é µÈ´Ù.
¡ØConfigure ½ºÅ©¸³Æ® ±¸µ¿¹æ¹ý
Configure <options> <target-dialect>
<options>: -clean : clean up previous configuration
-d|-dialects : display a list of supported dialect versions
-h|-help : display help information
-n : avoid AFS, customization, and inventory checks
|
aix | aixgcc : IBM AIX xlc (aix)
or gcc (aixgcc)
bsdi : BSDI BSD/OS
darwin : Apple Darwin
decosf : DEC OSF/1
digital_unix|du : Digital UNIX
freebsd : FreeBSD
hpux|hpuxgcc : HP-UX cc (hpux)
or gcc (hpuxgcc)
linux : Linux
netbsd : NetBSD
|
nextstep|next|ns|nxt : NEXTSTEP
openbsd : OpenBSD
openstep|os : OpenStep
osr | sco : SCO OpenServer,
SCO devloper's compiler
osrgcc|scogcc : SCO OpenServer,gcc compiler
ptx : Sequent PTX
solaris | solariscc : Solaris gcc (solaris)
or cc(solariscc)
tru64 : Tru64 UNIX
unixware | uw : SCO UnixWare
|
[Ç¥ 2] Configure ½ºÅ©¸³Æ® ±¸µ¿½Ã OS ÁöÁ¤
Top
[sparc5:root]:/user/kong/lsof_4.56> ./Configure
solaris
Testing prdata.h for PR_GWINDOWS, using gcc
Testing prdata.h for PR_LDT, using gcc
Testing vnode.h for VSOCK, using gcc
.....
°¢ Çì´õÆÄÀÏ testingÀÌ ³¡³ª¸é, ´Ù½Ã inventory ÇØ º¼ °ÍÀÎÁö¸¦ ¹°¾îº¸´Âµ¥ file treeµéÀ» º¯È½Ãų °ÍÀÌ
¾ø´Ù¸é inventory°úÁ¤À» re-runÇÒ ÇÊ¿ä¾ø´Ù.
....
....
Do you want to take inventory (y|n) [y]? n
rm -f ddev.c dfile.c dlsof.h dmnt.c dnode*.c dproc.c dproto.h dsock.c
dstore.c kernelbase.h machine.h machine.h.old new_machine.h __lseek.s
Makefile
ln -s dialects/sun/ddev.c ddev.c
ln -s dialects/sun/dfile.c dfile.c
ln -s dialects/sun/dlsof.h dlsof.h
.....
ln -s dialects/sun/machine.h machine.h
kernelbase.h assembled.
Makefile and lib/Makefile created.
Top
À§ °úÁ¤¿¡¼ Make ÆÄÀÏÀÌ »ý¼ºµÊÀ» º¼ ¼ö ÀÖÀ¸¸ç, À̾î LSOF¸¦ customize ÇÒ °ÍÀÎÁö¸¦ ¹°¾î¿À´Âµ¥ [yes/no]
questionÀ» µû¶ó ´ÙÀ½ÀÇ °¢ ¿É¼ÇÀ» »ç¿ëÀÚ°¡ ¼±ÅÃÇÒ ¼ö ÀÖ´Ù.
|
Name
|
Description
|
Default Value
|
|
HASSECURITY
|
enabled : root ¸¸ÀÌ lsof¸¦ ÀÌ¿ëÇØ ¿·ÁÁø ÆÄÀϵéÀ» È®ÀÎ ÇÒ ¼ö ÀÖÀ½.
disabled :´©±¸µç ¸ðµç ¿·ÁÁø ÆÄÀϵéÀ» lsof¸¦ ÀÌ ¿ëÇØ È®ÀÎ ÇÒ ¼ö ÀÖÀ½.
|
Disabled
|
|
WARNINGSTATE
|
enabled : lsof°¡ ÇÊ¿äÇÒ °æ¿ì ¾ðÁ¦µçÁö warning messages¸¦ Ãâ·ÂÇÔ.
disabled : warning messages¸¦ Ãâ·ÂÇÏÁö ¾ÊÀ½. -w (disables) +w (enables)
·Î Á¶Àý °¡´ÉÇÔ.
|
Enabled
|
|
WARNDEVACCESS
|
enabled : lsof°¡ /dev (¶Ç´Â /devices)¸¦ ¾ï¼¼½º ÇÒ ¼ö ¾øÀ» ¶§, warning messages¸¦
Ãâ·ÂÇÔ.
disabled : lsof°¡ /dev (¶Ç´Â /devices)¸¦ ¾ï¼¼½º ÇÒ ¼ö ¾øÀ» ¶§, skip ÇØ ¹ö¸².
|
Enabled
|
|
HASDCACHE
|
enabled : lsof°¡ /dev (¶Ç´Â /devices)ÀÇ ÆÄÀϵ鿡 °üÇÑ Á¤º¸¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Â
device cache fileÀ» »ý¼ºÇÔ.
< define path options >
HASENVDC, HASPERSDC,
HASPERSDCPATH, HASSYSDC
disabled : lsof °¡ device cache file »ý¼ºÇÏÁö ¾ÊÀ½.
|
Enabled
|
|
HASENVDC
HASPERSDC
HASPERSDCPATH
|
HASDCACHE¸¦ Á¤ÀÇÇϸé, device cache file path¸¦ ±â¼úÇϱâ À§ÇØ ¿¬°üµÈ
´Ù¸¥ ¿É¼ÇµéÀÇ ±¸¼ºµµ Á¤ÀÇÇØ ÁÖ¾î¾ß ÇÑ´Ù.
< ÇöÀç ¼³Á¤µÈ path options >
#define HASENVDC "LSOFDEVCACHE"
#define HASPERSDC "%h/%p.lsof_%L"
#define HASPERSDCPATH "LSOFPERSDCPATH"
¡Ø ÀÚ¼¼ÇÑ »çÇ×Àº 00DCACHE ,00FAQ Âü°í
|
"LSOFDEVCACHE"
"%h/%p.lsof_%L"
"LSOFPERSDCPATH"
|
|
HASKERNIDCK
|
lsof°¡ ÇöÀçÀÇ Ä¿³Î»óÅÂ¿Í ÃÖÃÊ lsof°¡ ¼³Ä¡µÇ¾î ±¸µ¿µÇ¾úÀ» ´ç½ÃÀÇ Ä¿³Î°ú ºñ±³ÇÏ¿©,
½Ã½ºÅÛ¿¡¼ ºÎÀûÀýÇÏ°Ô ½ÇÇàµÇ´Â °ÍÀ» ŽÁöÇÒ ¼ö ÀÖ´Ù.
kernel identity check·Î ÀÎÇØ ÀϺΠUNIX
(¿¹:AIX) ½Ã½ºÅÛ¿¡¼ ±¸µ¿½Ã°£ÀÌ ¸¹ÀÌ °É¸®´Â °æ¿ì°¡ ÀÖ¾î¼ disable ½ÃÄÑ¾ß ÇÒ ¶§°¡ ÀÖÀ» ¼öµµ ÀÖÁö¸¸,
lsof¸¦ ºÎÀûÀýÇÏ°Ô ±¸µ¿ÇÔÀ¸·Î½á ¿À´Â À§Çè¿ä¼Ò°¡ Áõ°¡ÇÒ ¼ö ÀÖ´Ù´Â °ÍÀ» ¹èÁ¦ÇÒ ¼ö ¾ø´Ù.
|
Enabled
|
[Ç¥ 3] Customize ¿É¼Ç
Top
À§ÀÇ °¢ Ç׸ñµé ¹× ¼³Á¤°ªµéÀº LSOF°¡ ±âº»ÀûÀ¸·Î Á¦°øÇÏ´Â °ÍÀ¸·Î º¯°æÀ» ¿øÇÒ °æ¿ì¿¡´Â machine.h ÆÄÀÏÀ» Á÷Á¢ ¼öÁ¤Çϰųª
Customize ½ºÅ©¸³Æ®¸¦ Á÷Á¢ ±¸µ¿ÇÏ¿© º¯°æÇÒ ¼öµµ ÀÖ´Ù.
¨ê build & install
Configure °úÁ¤À» ¸¶Ä¡°í ³ª¸é, ½Ã½ºÅÛ¿¡ ÀνºÅç ÇÒ ¼ö ÀÖ´Ù. ±âº»ÀûÀÎ install °ú Á¤Àº ¾Æ·¡¿Í °°´Ù.
¡á build LSOF system
[cert:root]:/user/kong/lsof_4.56> make
(cd lib; make DEBUG="-O" CFGF="-Dsolaris=20600 -DHASPR_GWINDOWS -DHAS_VSOCK
-DLSOF_VSTR=\"5.6\"")
gcc -Dsolaris=20600 -DHASPR_GWINDOWS -DHAS_VSOCK -DLSOF_VSTR="5.6" -O
-c ckkv.c
.....
.....
gcc -o lsof -Dsolaris=20600 -DHASPR_GWINDOWS -DHAS_VSOCK -DLSOF_VSTR=\"5.6\"
-O ddev.o dfile.o dmnt.o dnode.o dnode1.o dnode2.o dproc.o dsock.o dstore.o
arg.o main.o misc.o node.o print.o proc.o store.o usage.o -L./lib -llsof
-lkvm -lelf -lsocket -lnsl
Top
¡á Install LSOF system
[cert:root]:/user/kong/lsof_4.56> make install
(cd lib; make DEBUG="-O" CFGF="-Dsolaris=20600 -DHASPR_GWINDOWS -DHAS_VSOCK
-DLSOF_VSTR=\"5.6\"")
Constructing version.h
gcc -Dsolaris=20600 -DHASPR_GWINDOWS -DHAS_VSOCK -DLSOF_VSTR=\"5.6\" -O
-c usage.c
gcc -o lsof -Dsolaris=20600 -DHASPR_GWINDOWS -DHAS_VSOCK -DLSOF_VSTR=\"5.6\"
-O ddev.o dfile.o dmnt.o dnode.o dnode1.o dnode2.o dproc.o dsock.o dstore.o
arg.o main.o misc.o node.o print.o proc.o store.o usage.o -L./lib -llsof
-lkvm -lelf -lsocket -lnsl
¿©±â±îÁö °úÁ¤À» ¸¶Ä¡¸é ÀϹÝÀûÀÎ ¼³Ä¡´Â ¸ðµÎ ³¡³ª°í lsof ½ÇÇàÆÄÀÏÀÌ »ý¼ºµÈ´Ù.
¡Ø º°µµ·Î install ruleset ÁöÁ¤ÇÏ°íÀÚ ÇÒ °æ¿ì
°¡»ó¸Þ¸ð¸®ÀÇ Ä¿³Î image¸¦ ´ã°íÀÖ´Â ÆÄÀÏÀÎ /dev/kmem(¶Ç´Â /dev/mem)¸¦ read ÇÒ ¼ö ÀÖµµ·Ï LSOF´Â
setgid ·Î ¼³Ä¡µÇ¾î¾ß Çϴµ¥, ÀϹÝÀûÀ¸·Î ´ÙÀ½°ú °°Àº ruleset ÇüÅ·ΠÁöÁ¤ÇÑ´Ù.
SunOS install rule actions :
install <options> -m 2755 -g kmem lsof <bin_dest>
install <options> -m 444 lsof.8 <man_dest>
Solaris install rule actions :
install -[cf] <bin_dest> <options>
-m 2755 -g sys lsof
install -[cf] <man_dest> <options> -m 444 lsof.8
Top
5. LSOF »ç¿ëÇϱâ
¡á LSOF ¿É¼Ç
|
¿É¼Ç
|
±â ´É
|
¿É¼Ç
|
±â ´É
|
|
-?
-h
|
list help
|
-a
|
AND selections (OR)
|
|
-d
-D
|
s select by FD set
D ?|i|b|r|u[path]
|
+|-f
|
-files +filesys
|
|
-l
|
list UID numbers
|
-n
-N
|
no host names
select NFS files
|
|
-s
|
list file size
|
-t
-T
|
terse listing
disable TCP/TPI info
|
|
-v
-V
|
display version info
verbose search
|
-F [f]
|
select fields;-F? for help
|
|
-o o
|
o 0t offset digits (8)
|
-S [t]
|
t second stat timeout(15)
|
|
-i i
|
select by IPv4 address: [proto][@host|addr][:svc_list|port_list]
|
+|-r [t]
|
repeat every t seconds (15);
+ until no files, - forever
|
|
-b
|
avoid kernel blocks
|
-c c
|
list command c
|
|
-P
|
no port names
|
-i
|
select IPv4 files
|
|
-p s
|
select by PID set
|
-C
|
no kernel name cache
|
|
+|-w
|
Warnings (+)
|
-R
|
list paRent PID
|
|
-k k
|
kernelsymbols (/dev/ksyms)
|
-U
|
select Unix socket
|
|
-u s
|
exclude(^)/select login/UID s
|
-m m
|
kernel memory (/dev/kmem)
|
|
+|-M
|
portMap registration (-)
|
--
|
end option scan
|
|
-g [s]
|
select by process group ID set and print process group IDs
|
|
names
|
select named files or files on named file systems
|
Top
¡á ½ÇÇà°á°ú º¸±â
½ÇÇà°á°ú¿¡ ÇØ´çµÇ´Â °¢ column µéÀ» °£´ÜÇÏ°Ô »ìÆ캸¸é ´ÙÀ½ [Ç¥5] ¿Í °°´Ù.
|
Column
|
¼³ ¸í
|
|
Command
|
ÇÁ·Î¼¼½º¿Í °ü·ÃµÈ Unix command À̸§
|
|
PID
PPID
PGRP
|
Process IDentification number
|
|
Parent Process IDentification number
(ÇØ´ç ÇÁ·Î¼¼½ºÀÇ ºÎ¸ð ÇÁ·Î¼¼½º ID)
|
|
Process Group IDentification number
(ÇØ´ç ÇÁ·Î¼¼½º¿Í °ü·ÃµÈ ÇÁ·Î¼¼½º ±×·ì ID)
|
|
USER
|
ÇØ´ç ÇÁ·Î¼¼½º¸¦ ¼ÒÀ¯ÇÑ »ç¿ëÀÚ ID ¶Ç´Â login name
|
|
FD
|
File Descriptor number
(ex) cwd : current working directory
r : read access / w : write access / u : read and write access
|
|
TYPE
|
ÇØ´ç ÆÄÀÏ°ú °ü·ÃÇÑ ³ëµå ŸÀÔ
(ex) inet : Internet domain socket
|
|
DEVICE
|
device number
|
|
SIZE
SIZE/OFF
OFFSET
|
file À̳ª file offsetÀÇ »çÀÌÁî
|
|
INODE
NODE-ID
|
local file ÀÇ node number ¶Ç´Â Internet protocol type
¶Ç´Â ¼¹ö È£½ºÆ®ÀÇ NFS fileÀÇ inode number
|
|
NAME
|
ÇØ´ç ÆÄÀÏÀÌ ¼Ò¼ÓµÈ mount point³ª ÆÄÀÏ ½Ã½ºÅÛÀÇ À̸§
|
[Ç¥ 6] lsof ½ÇÇà°á°úÀÇ °¢ Column
Top
¡á LSOF ÁÖ¿ä ¿É¼Ç »ç¿ë ¿¹
* ƯÁ¤ ÆÄÀÏÀ» ¾ï¼¼½ºÇÏ°í ÀÖ´Â ÇÁ·Î¼¼½º È®ÀÎ : lsof <path/file-name>
[cert:root]:/> lsof /etc/passwd
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
ns-httpd 244 root 9r VREG 32,0 3044 99217 /etc/passwd
....
* internet socket È®ÀÎ : lsof -i
Internet address Ãâ·ÂÇü½Ä : [protocol][@hostname|hostaddr][:service|port]
Top
- ƯÁ¤ È£½ºÆ®(¶Ç´Â ip)¿¡ ´ëÇÑ Á¢¼Ó È®ÀÎ
[cert:root]:/> lsof -i@172.16.2.146
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
in.telnet 10124 root 0u inet 0x61d4b788 0t71 TCP cert:telnet->172.16.2.146:1109
(ESTABLISHED)
in.telnet 10124 root 1u inet 0x61d4b788 0t71 TCP cert:telnet->172.16.2.146:1109
(ESTABLISHED)
in.telnet 10124 root 2u inet 0x61d4b788 0t71 TCP cert:telnet->172.16.2.146:1109
(ESTABLISHED)
.....
- ƯÁ¤ Æ÷Æ®·Î Á¢¼ÓÇÑ ¸®½ºÆ® È®ÀÎ
[cert:root]:/usr/sbin> lsof -i @certcc.or.kr:23
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
in.telnet 104 root 2u inet 0x612df850 0t152 TCP cert:telnet->172.16.2.159:1176
(ESTABLISHED)
in.telnet 28462 root 0u inet 0x61aee578 0t71 TCP cert:telnet->172.16.2.146:4250
(ESTABLISHED)
.....
Top
* ƯÁ¤ user°¡ ¿ÀÇÂÇÑ ÇÁ·Î¼¼½º¸¦ È®ÀÎ : lsof -u <loginname> ȤÀº lsof -u <UID>
[cert:root]:/> lsof -u kong
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
csh 21309 kong cwd VDIR 32,4 1536 223602 /user/kong/lsof_4.56
csh 21309 kong txt VREG 32,6 158608 298136 /usr/bin/csh
.......
- ƯÁ¤»ç¿ëÀÚ Á¦¿Ü½Ã "^" ½Éº¼À» »ç¿ëÇÏ°í, ¿©·¯¸íÀ» µ¿½Ã¿¡ ÁöÁ¤ÇÏ·Á¸é ","¸¦ ÀÌ¿ëÇÑ´Ù.
[cert:root]:/dev/pts> lsof -u ^root,kong,yjkim
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
csh 8992 yjkim cwd VDIR 32,0 1024 2 /
csh 8992 yjkim txt VREG 32,6 158608 298136 /usr/bin/csh
csh 8992 yjkim txt VREG 32,6 70996 136979 /usr/lib/locale/ko/ko.so.1
csh 8992 yjkim txt VREG 32,6 1024888 6749 /usr/lib/libc.so.1
.....
csh 21309 kong cwd VDIR 32,4 1536 223602
/user/kong/lsof_4.56
csh 21309 kong txt VREG 32,6 158608 298136 /usr/bin/csh
....
Top
* ƯÁ¤ ÇÁ·Î¼¼½º°¡ ¿ÀÇÂÇÑ ÆÄÀÏ ¸®½ºÆ® È®ÀÎ : lsof -p <PID>
- PID 112¸¦ °¡Áø ÇÁ·Î¼¼½º°¡ »ç¿ëÇÏ´Â ÆÄÀϵé È®ÀÎ
[cert:root]:/usr/sbin> lsof -p 143
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
inetd 143 root cwd VDIR 32,0 1024 2 /
inetd 143 root txt VREG 32,6 33492 310933 /usr/sbin/inetd
inetd 143 root txt VREG 32,6 10696 6352 /usr (/dev/dsk/c0t0d0s6)
....
....
inetd 143 root 4u inet 0x603cab38 0t0 TCP *:ftp (LISTEN)
inetd 143 root 5u inet 0x610b13c0 0t0 TCP *:telnet (LISTEN)
inetd 143 root 6u inet 0x610b1240 0t0 TCP *:pop3 (LISTEN)
......
Top
* ps ¸í·ÉÀÌ º¯Á¶µÈ ½Ã½ºÅÛ¿¡¼´Â Àǽɽº·¯¿î Æ÷Æ® È®ÀÎÇϱ⠿¹
[root@linux /root]# netstat -a
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:auth *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:telnet *:* LISTEN
tcp 0 0 *:login *:* LISTEN
tcp 0 0 *:2626 *:* LISTEN
.......
[root@linux /dev]# fuser -n tcp 2626
2626/tcp: 607
[root@linux /dev]# lsof -p 607
PID TTY STAT TIME COMMAND
607 ? S 0:00 /usr/sbin/mingetty
¡Ø Âü°íÀÚ·á
1. lsof 4.56 README file and man page
2. Installing, configuring and using lsof 4.50 to list open files on
systems running Solaris 2.x
http://www.cert.org/security-improvement/implementations/i042.05.html
Top
|