任何进程都与文件关联;我们会用到lsof工具(list opened files),作用是列举系统中已经被打开的文件。在linux环境中,任何事物都是文件,设备是文件,目录是文件,甚至sockets也是文件。用好lsof命令,对日常的linux管理非常有帮助。
查询进程
1 2 3 4 5 [root@caoxl ~] UID PID PPID C STIME TTY TIME CMD root 1 0 0 Aug03 ? 00:00:14 /usr/lib/systemd/systemd --switched-root --sys root 2 0 0 Aug03 ? 00:00:00 [kthreadd] root 3 2 0 Aug03 ? 00:00:06 [ksoftirqd/0]
1 2 3 4 5 6 7 [root@caoxl ~]# ps -ef | grep caoxl root 4243 3740 0 15 :36 pts /0 00 :00 :00 grep --color=auto caoxl [root@caoxl ~]# ps -lu caoxl F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD [root@caoxl ~]# ps -lu git F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
1 2 3 4 5 pgrep 查找进程[root@caoxl ~] 2 kthreadd
1 2 3 4 5 [root@caoxl ~] PPID PID PGID SID TTY TPGID STAT UID TIME COMMAND 0 1 1 1 ? -1 Ss 0 0:14 /usr/lib/systemd/systemd --switched-r 0 2 0 0 ? -1 S 0 0:00 [kthreadd] 2 3 0 0 ? -1 S 0 0:06 [ksoftirqd/0]
1 2 3 4 5 6 7 8 9 10 11 [root@caoxl ~] top - 15:39:34 up 20 days, 6:00, 1 user, load average: 0.00, 0.01, 0.05 Tasks: 91 total, 1 running, 90 sleeping, 0 stopped, 0 zombie %Cpu(s): 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st KiB Mem : 1015436 total, 103440 free, 309648 used, 602348 buff/cache KiB Swap: 0 total, 0 free, 0 used. 527000 avail Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 1 root 20 0 43392 3080 1888 S 0.0 0.3 0:14.48 systemd 2 root 20 0 0 0 0 S 0.0 0.0 0:00.17 kthreadd 3 root 20 0 0 0 0 S 0.0 0.0 0:06.59 ksoftirqd/0
1 2 3 4 5 [root@caoxl ~] COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME python 1448 root 4 u IPv6 15329 0 t0 TCP *:smc-https (LISTEN) python 1448 root 6 u IPv6 15330 0 t0 UDP *:smc-https python 1448 root 10 u IPv6 774840 0 t0 TCP caoxl:smc-https->61.140 .74.96 :25124 (ESTABLISHED)
1 2 3 4 5 6 [root@caoxl ~] COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME mysqld_sa 777 root cwd DIR 253 ,1 4096 1445566 /usr/local/mysql mysqld_sa 777 root rtd DIR 253 ,1 4096 2 / mysqld_sa 777 root txt REG 253 ,1 964544 1055537 /usr/bin/bash ...
1 2 3 4 5 6 7 [root@caoxl ~] COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME mysqld_sa 777 root cwd DIR 253,1 4096 1445566 /usr/local/mysql mysqld_sa 777 root rtd DIR 253,1 4096 2 / mysqld_sa 777 root txt REG 253,1 964544 1055537 /usr/bin/bash mysqld_sa 777 root mem REG 253,1 62184 1053860 /usr/lib64/libnss_files-2.17.so ...
查询指定目录下被进程开启的文件(使用+D 递归目录):
1 2 3 [root@caoxl ~] COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME mysqld_sa 777 root cwd DIR 253 ,1 4096 1445566 /usr/local/mysql
终止进程
杀死指定PID的进程 (PID为Process ID)
进程监控
输入top命令后,进入到交互界面;接着输入字符命令后显示相应的进程状态:
P: 根据CPU使用百分比大小进行排序。M: 根据驻留内存大小进行排序i: 使top不显示任何闲置或者僵死进程。
分析线程栈 使用命令pmap,来输出进程内存的状况,可以用来分析线程堆栈;
1 2 3 4 5 6 [root@caoxl ~] 777 : /bin/ sh /usr/ local/mysql/ bin/mysqld_safe --datadir=/u sr/local/my sql/var --pid-file=/u sr/local/my sql/var/i zj6c6djex81rijczh0t8yz.pid0000000000400000 884 K r-x-- bash00000000006 dd000 4 K r---- bash00000000006 de000 36 K rw--- bash...
综合运用
将用户caoxl下的所有进程名以av_开头的进程终止:
1 ps -u caoxl | awk '/av_/ {print "kill -9 " $1 }' | sh
将用户caoxl下所有进程名中包含HOST的进程终止:
1 ps -fe| grep caoxl|grep HOST |awk '{print $2 }' | xargs kill -9 ;
