[TOC]
NETWORK
http://linux.die.net/man/8/netstat
netstat -an
all sockets (not just connected), numeric so no hostname lookups
netstat -an --inet
internet ports tcp and udp (not unix)
netstat -antp --inet
tcp ports with the process id/process
netstat -lntup
Listening only, no hostname lookup, on tcp and udp ports, process id/process
netstat -antpc | grep 443
All sockets (not just connected), no hostname lookup, tcp ports, process id/process, continuous = grep filtered to 443
"Admin tool for packet filtering and NAT" http://linux.die.net/man/8/iptables
iptables -t nat --list
list all of the rules in the nat table (by default -t is the filter table)
iptables -nvL -t filter
iptables -nvL -t nat
iptables -nvL -t mangle
iptables -nvL -t raw
iptables -nvL -t security
list all of the rules in all of the tables (numeric)
1 2 3 4 | #!/bin/sh
# script to see open ports
# netstat -anp | grep LISTEN
echo "Open Ports:" ; netstat -anp | grep LISTEN | grep tcp | awk '{print $4, "\t", $7}' | more
|
PROCESSES
LSOF
"List of open files" http://ss64.com/bash/lsof.html
sudo apt-get install lsof
which lsof
/usr/bin/lsof
lsof
COMMAND, ProcessID, USER, FileDescriptor, TYPE, DEVICE, SIZE/OFF, NODE, NAME
lsof -i
which process (pid and owner) using which port
lsof -i tcp -n
all processes with tcp interface numeric only: command, pid, owner, host, port
kill -9 $(lsof -t -u USERNAME)
kill hard all of the processes running by a specific user (-t only returns the pid)
List Open Files that depend on libc
ldd --version
ldd /bin/bash
sudo find / -type f -name 'libc-*'
ls -ahl /lib/x86_64-linux-gnu/libc*
sudo lsof /lib/x86_64-linux-gnu/libc-2.15.so
lsof +c0 -d DEL
lsof -o / | awk '$4 == "DEL" && $8 == "/lib/x86_64-linux-gnu/libc-2.15.so"'
the last commands take advantage of the FileDescriptor being DEL for deleted, hence why libc vulernabilities often require a full reboot
PS
ps -eo pid,comm,lstart,etime,time,args | grep java
process start time and cpu time used
ps aux | more
ps aux | grep java
pstree -a
tree of apps and dependencies
pidof somename
process id of a given application - needs to be specific
kill -15 PROCESSID
nicely terminate a process (SIGTERM)
kill -9 PROCESSID
force kills a process based on pid
killall -v somename
nicely stop all processes with a matching name (very useful), verbose output
killall -s 9 -v somename
kills all processes with a matching name (very useful), verbose output
/etc/init.d/tomcat6 stop
service tomcat6 stop
Background and Pause
- CTRL-Z will suspend the current foreground job (task).
- Enter the job control command 'bg'
- Tap the 'Enter' key (resumes?)
jobs
displays what jobs are running
fg n
brings a job to the foreground
pidof ffmpeg
discover the process id of a job/command
sudo kill -STOP 22730
pause a job (i.e. too cpu intensive)
sudo kill -CONT 22730
resume/continue a job
at
command for scheduling jobs: http://www.linuxjournal.com/article/4087
top (realtime resource consumption)
view realtime process resource consumption
top
interactive mode, inside you can use the following
- h for help
- c to see the command line parameters for each command
- u to filter by a specific user
- 1 view the exact processor usage
- z to toggle color or mono
- k to kill a process (by pid)
- r to renice a process (by pid)
- R reverse or back to normal sort
top -b -n 1
- b for batch mode
- n 1 means only one repetition in batch mode
-
all of the above params can be applied in non intractive mode
top -p pid F allows you to pick what to sort by e.g. n = Mem %
top -u username
htop
similar to top but with more bells and whistles (charts even)
Resources
/proc/user_beancounters
You don't want the last column, failcnt, to have any numbers
(it means that some service/program/exe is asking for resources but not getting them)
RSS:
Resident set size, the non-swapped physical memory that a task has used (in kiloBytes).
VSZ:
virtual memory usage of entire process. vm_lib + vm_exe + vm_data + vm_stack
VSZ is the virtual memory size of the process, part of which may be in physical memory and part of which may be swapped to disk. RSS is the part which is in physical memory.
So if you have a Virtual Server then you have to be careful because your services/applications will assume they can put things in swap (VSZ) and make an allocation request BUT it will be counted against your total available memory (and end up with oomgaur errors)
privvmpage failcnts are failures of allocation requests.
ps aux //all processes from all users
ps vxa //one line per process
px vxam //one line per thread
if you have more than one line showing /usr/sbin/mysqld, then you have multiple mysqld processes, which is not likely what you want.