| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 |
Tags
- 건대입구역
- 한강
- 러닝
- 뚝섬유원지
- zabbix
- Podman
- Shell
- 2021
- 하체
- 자전거
- Kubernetes
- Grafana
- 힐링
- Python
- GitHub
- 10km
- 소모임
- Linux
- 정보처리기사
- 대전
- 중식
- 성수대교
- 유산소
- docker
- 대구
- 오답노트
- 맛집
- 달리기
- Run The Bridge
- DSEC
Archives
- Today
- Total
Run The Bridge
lsof 란? 본문
728x90
반응형
0. 들어가기에 앞서
linux의 수많은 command 중에 lsof라고 있다.
lsof는 'list open files'의 약자로 현재 열려있는 파일들의 나열이라고 보면 된다.
더 자세히는 열려있는 모든 파일과 그 파일들을 열고 있는 프로세스들의 목록을 출력한다.
이 lsof를 어떤 용도로 사용하면 우리의 linux가 좀 더 편안해질까 알아본다.
https://ko.wikipedia.org/wiki/Lsof
1. 실습
lsof의 head는 다음과 같이 구성되어 있다.
COMMAND, PID, TID, TASKCMD, USER, FD, TYPE, DEVICE, SIZE/OFF, NODE, NAME
| 명령어 | 설명 |
| COMMAND | 실행한 명령어(ex: bash, systemd) |
| PID | Process ID |
| TID | Thread ID |
| TASKCMD | COMMAND에 나오는 명령과 동일하지만 Linux 작업에 대한 추가 정보를 기록 |
| USER | 실행한 사용자 |
| FD | File Descriptor(파일의 종류) - cwd: current working directory - rtd: root directory - mem: memory-mapped file - txt: program text |
| TYPE | 파일 종류 - dir: 디렉터리 - chr: character special file - reg: regular file - unix: 유닉스 도메인 소켓 |
| DEVICE | 장치 번호 |
| SIZE/OFF | 파일 크기/오프셋 |
| NODE | 노드 번호 |
| NAME | 파일 명 |
다음 명령으로 디렉터리에 열려있는 파일들을 확인할 수 있다.
vi /etc/cron.deny # cron.deny 파일을 연다.특정 파일을 열었으면 'lsof' 명령으로 확인이 가능하다.
# lsof [디렉토리 명]
[root@localhost ~]# lsof /etc
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bash 5577 root cwd DIR 253,0 8192 134284545 /etc
vi 125482 root cwd DIR 253,0 8192 134284545 /etc특정 유저를 생성하고, 해당 유저가 만든 특정 파일을 검색해본다.
나는 'lsof-test'라는 유저를 생성했다.
사용자를 검색하려면 '-u' 옵션을 주면 된다.
[root@localhost ~]# lsof -u lsof-test
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bash 125505 lsof-test cwd DIR 253,2 35 16777344 /home/lsof-test/lsof
bash 125505 lsof-test rtd DIR 253,0 224 128 /
bash 125505 lsof-test txt REG 253,0 1150584 284498 /usr/bin/bash
bash 125505 lsof-test mem REG 253,0 2586930 284282 /usr/lib/locale/en_US.utf8/LC_COLLATE
bash 125505 lsof-test mem REG 253,0 9253600 136025308 /var/lib/sss/mc/passwd
bash 125505 lsof-test mem REG 253,0 46272 68211333 /usr/lib64/libnss_sss.so.2
bash 125505 lsof-test mem REG 253,0 3167872 67554574 /usr/lib64/libc-2.28.so
bash 125505 lsof-test mem REG 253,0 28856 67554576 /usr/lib64/libdl-2.28.so
bash 125505 lsof-test mem REG 253,0 187496 67552190 /usr/lib64/libtinfo.so.6.1
bash 125505 lsof-test mem REG 253,0 278512 67552191 /usr/lib64/ld-2.28.so
bash 125505 lsof-test mem REG 253,0 337024 1231783 /usr/lib/locale/en_US.utf8/LC_CTYPE
bash 125505 lsof-test mem REG 253,0 54 1231785 /usr/lib/locale/en_US.utf8/LC_NUMERIC
bash 125505 lsof-test mem REG 253,0 3316 68151640 /usr/lib/locale/en_US.utf8/LC_TIME
bash 125505 lsof-test mem REG 253,0 286 68151638 /usr/lib/locale/en_US.utf8/LC_MONETARY
bash 125505 lsof-test mem REG 253,0 26998 134337564 /usr/lib64/gconv/gconv-modules.cache
bash 125505 lsof-test mem REG 253,0 57 67554550 /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
bash 125505 lsof-test mem REG 253,0 34 201520700 /usr/lib/locale/en_US.utf8/LC_PAPER
bash 125505 lsof-test mem REG 253,0 77 284285 /usr/lib/locale/en_US.utf8/LC_NAME
bash 125505 lsof-test mem REG 253,0 167 67554533 /usr/lib/locale/en_US.utf8/LC_ADDRESS
bash 125505 lsof-test mem REG 253,0 59 68151639 /usr/lib/locale/en_US.utf8/LC_TELEPHONE
bash 125505 lsof-test mem REG 253,0 23 68151637 /usr/lib/locale/en_US.utf8/LC_MEASUREMENT
bash 125505 lsof-test mem REG 253,0 368 68151636 /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
bash 125505 lsof-test 0u CHR 136,0 0t0 3 /dev/pts/0
bash 125505 lsof-test 1u CHR 136,0 0t0 3 /dev/pts/0
bash 125505 lsof-test 2u CHR 136,0 0t0 3 /dev/pts/0
bash 125505 lsof-test 3r REG 253,0 9253600 136025308 /var/lib/sss/mc/passwd
bash 125505 lsof-test 255u CHR 136,0 0t0 3 /dev/pts/0
vim 125537 lsof-test cwd DIR 253,2 35 16777344 /home/lsof-test/lsof
vim 125537 lsof-test rtd DIR 253,0 224 128 /
vim 125537 lsof-test txt REG 253,0 3063600 830690 /usr/bin/vim
vim 125537 lsof-test mem REG 253,0 9253600 136025308 /var/lib/sss/mc/passwd
vim 125537 lsof-test mem REG 253,0 46272 68211333 /usr/lib64/libnss_sss.so.2
vim 125537 lsof-test mem REG 253,0 2586930 284282 /usr/lib/locale/en_US.utf8/LC_COLLATE
vim 125537 lsof-test mem REG 253,0 26704 67554873 /usr/lib64/libattr.so.1.1.2448
vim 125537 lsof-test mem REG 253,0 543160 67552159 /usr/lib64/libpcre2-8.so.0.7.1
vim 125537 lsof-test mem REG 253,0 3167872 67554574 /usr/lib64/libc-2.28.so
vim 125537 lsof-test mem REG 253,0 321552 67554588 /usr/lib64/libpthread-2.28.so
vim 125537 lsof-test mem REG 253,0 28856 67554576 /usr/lib64/libdl-2.28.so
vim 125537 lsof-test mem REG 253,0 28984 67802711 /usr/lib64/libgpm.so.2.1.0
vim 125537 lsof-test mem REG 253,0 59272 67554876 /usr/lib64/libacl.so.1.1.2253
vim 125537 lsof-test mem REG 253,0 187496 67552190 /usr/lib64/libtinfo.so.6.1
vim 125537 lsof-test mem REG 253,0 168536 67552166 /usr/lib64/libselinux.so.1
vim 125537 lsof-test mem REG 253,0 2191840 67554578 /usr/lib64/libm-2.28.so
vim 125537 lsof-test mem REG 253,0 278512 67552191 /usr/lib64/ld-2.28.so
vim 125537 lsof-test mem REG 253,0 337024 1231783 /usr/lib/locale/en_US.utf8/LC_CTYPE
vim 125537 lsof-test mem REG 253,0 54 1231785 /usr/lib/locale/en_US.utf8/LC_NUMERIC
vim 125537 lsof-test mem REG 253,0 3316 68151640 /usr/lib/locale/en_US.utf8/LC_TIME
vim 125537 lsof-test mem REG 253,0 286 68151638 /usr/lib/locale/en_US.utf8/LC_MONETARY
vim 125537 lsof-test mem REG 253,0 26998 134337564 /usr/lib64/gconv/gconv-modules.cache
vim 125537 lsof-test mem REG 253,0 57 67554550 /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
vim 125537 lsof-test mem REG 253,0 34 201520700 /usr/lib/locale/en_US.utf8/LC_PAPER
vim 125537 lsof-test mem REG 253,0 77 284285 /usr/lib/locale/en_US.utf8/LC_NAME
vim 125537 lsof-test mem REG 253,0 167 67554533 /usr/lib/locale/en_US.utf8/LC_ADDRESS
vim 125537 lsof-test mem REG 253,0 59 68151639 /usr/lib/locale/en_US.utf8/LC_TELEPHONE
vim 125537 lsof-test mem REG 253,0 23 68151637 /usr/lib/locale/en_US.utf8/LC_MEASUREMENT
vim 125537 lsof-test mem REG 253,0 368 68151636 /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
vim 125537 lsof-test 0u CHR 136,0 0t0 3 /dev/pts/0
vim 125537 lsof-test 1u CHR 136,0 0t0 3 /dev/pts/0
vim 125537 lsof-test 2u CHR 136,0 0t0 3 /dev/pts/0
vim 125537 lsof-test 3r REG 253,0 9253600 136025308 /var/lib/sss/mc/passwd
vim 125537 lsof-test 5u REG 253,2 12288 16777346 /home/lsof-test/lsof/.test.swp기본적으로 user가 생성되면 열리는 파일이 일단은 lib 파일들이 대다수 있다.
그중에는 나를 아주 많이 고생시킨 /usr/lib64/libdl-2.28.so 라이브러리 파일도 보인다...
2. PORT 확인하기
lsof 명령으로 PORT도 확인할 수 있다.
현재 내가 ssh로 연결되어 있어서 ssh 관련 포트를 확인할 수 있다.
[root@localhost ~]# lsof -i TCP:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 5556 root 5u IPv4 37374 0t0 TCP localhost.localdomain:ssh->192.168.200.195:cvspserver (ESTABLISHED)
sshd 5560 root 5u IPv4 37438 0t0 TCP localhost.localdomain:ssh->192.168.200.195:taskmaster2000 (ESTABLISHED)
sshd 5561 root 5u IPv4 37374 0t0 TCP localhost.localdomain:ssh->192.168.200.195:cvspserver (ESTABLISHED)
sshd 5565 root 5u IPv4 37438 0t0 TCP localhost.localdomain:ssh->192.168.200.195:taskmaster2000 (ESTABLISHED)
sshd 43192 root 4u IPv4 94959 0t0 TCP *:ssh (LISTEN)
sshd 43192 root 6u IPv6 94961 0t0 TCP *:ssh (LISTEN)
sshd 121559 root 5u IPv4 207368 0t0 TCP localhost.localdomain:ssh->192.168.200.195:corbaloc (ESTABLISHED)
sshd 121903 root 5u IPv4 207732 0t0 TCP localhost.localdomain:ssh->192.168.200.195:gsiftp (ESTABLISHED)
sshd 121910 root 5u IPv4 207368 0t0 TCP localhost.localdomain:ssh->192.168.200.195:corbaloc (ESTABLISHED)
sshd 121929 root 5u IPv4 207732 0t0 TCP localhost.localdomain:ssh->192.168.200.195:gsiftp (ESTABLISHED)3. 정규표현식으로 필터링하기
lsof는 정규표현식도 사용 가능하다.
다음 명령으로 root를 제외한 목록을 확인할 수 있다.
[root@localhost ~]# lsof -u ^root | more
COMMAND PID TID TASKCMD USER FD TYPE DEVICE SIZE/OFF NODE NAME
dbus-daem 886 dbus cwd DIR 253,0 224 128 /
dbus-daem 886 dbus rtd DIR 253,0 224 128 /
dbus-daem 886 dbus txt REG 253,0 245648 446650 /usr/bin/dbus-daemon (deleted)
dbus-daem 886 dbus DEL REG 253,0 135123536 /var/lib/sss/mc/initgroups
dbus-daem 886 dbus DEL REG 253,0 135123521 /var/lib/sss/mc/passwd
dbus-daem 886 dbus DEL REG 253,0 67862845 /usr/lib64/libnss_systemd.so.2
dbus-daem 886 dbus DEL REG 253,0 67554587 /usr/lib64/libnss_files-2.28.so
dbus-daem 886 dbus DEL REG 253,0 68211334 /usr/lib64/libnss_sss.so.2
dbus-daem 886 dbus mem REG 253,0 145984 67554794 /usr/lib64/libgpg-error.so.0.24.2
dbus-daem 886 dbus DEL REG 253,0 67554763 /usr/lib64/libuuid.so.1.3.0
dbus-daem 886 dbus DEL REG 253,0 67862969 /usr/lib64/libblkid.so.1.1.0
dbus-daem 886 dbus DEL REG 253,0 67554577 /usr/lib64/libdl-2.28.so
dbus-daem 886 dbus mem REG 253,0 543160 67552159 /usr/lib64/libpcre2-8.so.0.7.1
dbus-daem 886 dbus DEL REG 253,0 67109003 /usr/lib64/libgcc_s-8-20200928.so.1
dbus-daem 886 dbus DEL REG 253,0 67554931 /usr/lib64/libgcrypt.so.20.2.5
dbus-daem 886 dbus DEL REG 253,0 67862807 /usr/lib64/libmount.so.1.1.0
dbus-daem 886 dbus DEL REG 253,0 67554750 /usr/lib64/libcap.so.2.26
dbus-daem 886 dbus DEL REG 253,0 67555012 /usr/lib64/liblz4.so.1.8.3
dbus-daem 886 dbus mem REG 253,0 192024 67554741 /usr/lib64/liblzma.so.5.2.4
dbus-daem 886 dbus DEL REG 253,0 67554593 /usr/lib64/librt-2.28.so
dbus-daem 886 dbus DEL REG 253,0 67554575 /usr/lib64/libc-2.28.so
dbus-daem 886 dbus DEL REG 253,0 67554589 /usr/lib64/libpthread-2.28.so
dbus-daem 886 dbus DEL REG 253,0 67554824 /usr/lib64/libcap-ng.so.0.0.0
dbus-daem 886 dbus mem REG 253,0 123336 67554829 /usr/lib64/libaudit.so.1.0.0
dbus-daem 886 dbus mem REG 253,0 168536 67552166 /usr/lib64/libselinux.so.1
dbus-daem 886 dbus mem REG 253,0 243984 67554787 /usr/lib64/libexpat.so.1.6.7
dbus-daem 886 dbus DEL REG 253,0 67862847 /usr/lib64/libsystemd.so.0.23.0
dbus-daem 886 dbus DEL REG 253,0 67862809 /usr/lib64/libdbus-1.so.3.19.7
dbus-daem 886 dbus DEL REG 253,0 67554568 /usr/lib64/ld-2.28.so
dbus-daem 886 dbus 0u CHR 1,3 0t0 1027 /dev/null4. NFS files 선택하기
-N 옵션을 사용하면 NFS files를 선택할 수 있다.
5. lsof --help
[root@localhost ~]# lsof --help
lsof: illegal option character: -
lsof: -e not followed by a file system path: "lp"
lsof 4.93.2
latest revision: https://github.com/lsof-org/lsof
latest FAQ: https://github.com/lsof-org/lsof/blob/master/00FAQ
latest (non-formatted) man page: https://github.com/lsof-org/lsof/blob/master/Lsof.8
usage: [-?abhKlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-E] [+|-e s] [+|-f[gG]]
[-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s]
[+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [-Z [Z]] [--] [names]
Defaults in parentheses; comma-separated set (s) items; dash-separated ranges.
-?|-h list help -a AND selections (OR) -b avoid kernel blocks
-c c cmd c ^c /c/[bix] +c w COMMAND width (9) +d s dir s files
-d s select by FD set +D D dir D tree *SLOW?* +|-e s exempt s *RISKY*
-i select IPv[46] files -K [i] list|(i)gn tasKs -l list UID numbers
-n no host names -N select NFS files -o list file offset
-O no overhead *RISKY* -P no port names -R list paRent PID
-s list file size -t terse listing -T disable TCP/TPI info
-U select Unix socket -v list version info -V verbose search
+|-w Warnings (+) -X skip TCP&UDP* files -Z Z context [Z]
-- end option scan
-E display endpoint info +E display endpoint info and files
+f|-f +filesystem or -file names +|-f[gG] flaGs
-F [f] select fields; -F? for help
+|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0)
+m [m] use|create mount supplement
+|-M portMap registration (-) -o o o 0t offset digits (8)
-p s exclude(^)|select PIDs -S [t] t second stat timeout (15)
-T qs TCP/TPI Q,St (s) info
-g [s] exclude(^)|select and print process group IDs
-i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list]
+|-r [t[m<fmt>]] repeat every t seconds (15); + until no files, - forever.
An optional suffix to t is m<fmt>; m must separate t from <fmt> and
<fmt> is an strftime(3) format for the marker line.
-s p:s exclude(^)|select protocol (p = TCP|UDP) states by name(s).
-u s exclude(^)|select login|UID set s
-x [fl] cross over +d|+D File systems or symbolic Links
names select named files or files on named file systems
Anyone can list all files; /dev warnings disabled; kernel ID check disabled.그밖에 필요한 명령이 있으면 그때그때 찾아서 사용하면 될 것 같다.
감사합니다.
728x90
반응형
'Cloud > Linux' 카테고리의 다른 글
| linux disk pv, vg, lv 설정 (2) | 2022.03.21 |
|---|---|
| tshark 란? (6) | 2022.03.13 |
| podman 4.0.0 install (2) | 2022.03.07 |
| 알마 리눅스, 로키 리눅스 (0) | 2022.03.04 |
| disk i/o 확인하기 (0) | 2022.03.04 |
'Cloud/Linux' Related Articles
more
Comments