john pfeiffer

stop kill processes by name ps pstree netstat process system usage top lsof background pause job

[TOC]

NETWORK

http://linux.die.net/man/8/netstat

netstat -an

all sockets (not just connected), numeric so no hostname lookups

netstat -an --inet

internet ports tcp and udp (not unix)

netstat -antp --inet

tcp ports with the process id/process

netstat -lntup

Listening only, no hostname lookup, on tcp and udp ports, process id/process

netstat -antpc | grep 443

All sockets (not just connected), no hostname lookup, tcp ports, process id/process, continuous = grep filtered to 443

"Admin tool for packet filtering and NAT" http://linux.die.net/man/8/iptables

iptables -t nat --list

list all of the rules in the nat table (by default -t is the filter table)

iptables -nvL -t filter
iptables -nvL -t nat
iptables -nvL -t mangle
iptables -nvL -t raw
iptables -nvL -t security

list all of the rules in all of the tables (numeric)

1
2
3
4
#!/bin/sh
# script to see open ports
# netstat -anp | grep LISTEN
echo "Open Ports:" ; netstat -anp | grep LISTEN | grep tcp | awk  '{print $4, "\t", $7}' | more

PROCESSES

LSOF

"List of open files" http://ss64.com/bash/lsof.html

sudo apt-get install lsof
which lsof

/usr/bin/lsof

lsof

COMMAND, ProcessID, USER, FileDescriptor, TYPE, DEVICE, SIZE/OFF, NODE, NAME

lsof -i

which process (pid and owner) using which port

lsof -i tcp -n

all processes with tcp interface numeric only: command, pid, owner, host, port

kill -9 $(lsof -t -u USERNAME)

kill hard all of the processes running by a specific user (-t only returns the pid)

List Open Files that depend on libc

ldd --version
ldd /bin/bash
sudo find / -type f -name 'libc-*'
ls -ahl /lib/x86_64-linux-gnu/libc*
sudo lsof /lib/x86_64-linux-gnu/libc-2.15.so
lsof +c0 -d DEL
lsof -o / | awk '$4 == "DEL" && $8 == "/lib/x86_64-linux-gnu/libc-2.15.so"'

the last commands take advantage of the FileDescriptor being DEL for deleted, hence why libc vulernabilities often require a full reboot

PS

http://linux.die.net/man/1/ps

ps -eo pid,comm,lstart,etime,time,args | grep java

process start time and cpu time used

ps aux | more

ps aux | grep java

pstree -a

tree of apps and dependencies

pidof somename

process id of a given application - needs to be specific

kill -15 PROCESSID

nicely terminate a process (SIGTERM)

kill -9 PROCESSID

force kills a process based on pid

killall -v somename

nicely stop all processes with a matching name (very useful), verbose output

killall -s 9 -v somename

kills all processes with a matching name (very useful), verbose output

/etc/init.d/tomcat6 stop

service tomcat6 stop

Background and Pause

  1. CTRL-Z will suspend the current foreground job (task).
  2. Enter the job control command 'bg'
  3. Tap the 'Enter' key (resumes?)

jobs

displays what jobs are running

fg n

brings a job to the foreground

pidof ffmpeg

discover the process id of a job/command

sudo kill -STOP 22730

pause a job (i.e. too cpu intensive)

sudo kill -CONT 22730

resume/continue a job

at command for scheduling jobs: http://www.linuxjournal.com/article/4087

top (realtime resource consumption)

view realtime process resource consumption

top

interactive mode, inside you can use the following

  • h for help
  • c to see the command line parameters for each command
  • u to filter by a specific user
  • 1 view the exact processor usage
  • z to toggle color or mono
  • k to kill a process (by pid)
  • r to renice a process (by pid)
  • R reverse or back to normal sort

top -b -n 1

  • b for batch mode
  • n 1 means only one repetition in batch mode

  • all of the above params can be applied in non intractive mode

    top -p pid F allows you to pick what to sort by e.g. n = Mem %

    top -u username

htop

similar to top but with more bells and whistles (charts even)

Resources

/proc/user_beancounters

You don't want the last column, failcnt, to have any numbers

(it means that some service/program/exe is asking for resources but not getting them)

RSS:

Resident set size, the non-swapped physical memory that a task has used (in kiloBytes).

VSZ:

virtual memory usage of entire process. vm_lib + vm_exe + vm_data + vm_stack

VSZ is the virtual memory size of the process, part of which may be in physical memory and part of which may be swapped to disk. RSS is the part which is in physical memory.

So if you have a Virtual Server then you have to be careful because your services/applications will assume they can put things in swap (VSZ) and make an allocation request BUT it will be counted against your total available memory (and end up with oomgaur errors)

privvmpage failcnts are failures of allocation requests.

ps aux          //all processes from all users
ps vxa          //one line per process
px vxam         //one line per thread

if you have more than one line showing /usr/sbin/mysqld, then you have multiple mysqld processes, which is not likely what you want.

Published

Category

linux

~757 words

Tags