ѫe@sXӳ`ƬݨӡAڭ̤@jզb Linux UҦOPAi檺ʧ@PvA
ӨtΦpPwAvOHMNOĤQ|bz쪺
UID/GID AHɮתݩʬoIAi@BӸAA{bjDAb Linux
tηGyIJo@ӨƥɡAtγ|NLwq@ӵ{ǡAåBoӵ{Ǥ@
ID A٬ PIDAPɨ̾ڱҵooӵ{ǪϥΪ̻PݩYAo PID @զĪv]wCz
qHAo PID btΤWi檺ʧ@ANPo PID vFI
ݳoөwqGSܩ_ǪaALAzonAѤsyIJoƥz~ڡI
ڭ̦bpU|IJo@ӨƥHӦP@Өƥi_QIJohHIAAѥI
{ǻP{
(process & program)
ڭ̦pͤ@ӵ{ǩOH²աANOy@ӵ{ΫOzNiHIJo@ӨƥӨo@
PID oIڭ̻LAtӬOȻ{ binary file Aڭ̭ntΤu@ɭԡAMNOݭnҰʤ@
binary file oA binary file NO{ (program) աI
ڭ̪DACӵ{TդHvACդH㦳 r/w/x vAҥHGyPϥΪ̨o
program ɡAtεv]ۦPIz|ҨӻAڭ̥iHQ touch ӫإߤ@ӪŪɮסA root o touch
OɡALoO UID/GID = 0/0 vAӷ dmtsai (UID/GID=501/501)
o touch ɡALvN root PաIڭ̱Noӷøsϥܨ@@pUG
1.1.1B{QJ{ǥHάƪܷN
pWϩҥܡA{@OmbϺФAMzLϥΪ̪IJoCIJo|JO餤@ӭANO{ǡC
F@~tΥizoӵ{ǡA]{Ǧ̪v/ݩʵѼơAå]A{һݭnOXPƩɮƵA
̫A@ PID CtδNOzLo PID ӧP_ process O_㦳viu@ILOܭnI
|ӧ`ҤlAڭ̭nާ@tΪɭԡAq`OQγsu{Ϊ̪bDenJAMoڭ̪
shell aIAڭ̪ shell O bash aAo bash b /bin/bash aAPɶCӤHnJO
/bin/bash aILACӤHovNOPI]NOAڭ̥iHoˬݡG
1.1.2B{P{Ǥt
]NOAڭ̵nJð bash ɡAtΤwgڭ̤@ PID FAo PID NO̾ڵnJ̪ UID/GID
(/etc/passwd) ӪաHW 1.1.2 tX 1.1.1 ӰܡAڭ̪D /bin/bash O@ӵ{ (program)A dmtsai
nJALo@ PID X 2234 {ǡAoӵ{Ǫ User/Group O dmtsai
Aӷoӵ{iL@~ɡAҦpW쪺 touch oӫOɡA
ѳoӵ{lͥXӪL{Ǧb@몬AUA]|uγoӵ{ǪvI
ڭ̱N{P{ǧ@`G
- { (program)Gq` binary program AmbxsC餤 (pwСBСBnСBϱa)A
ɮתAsbF
- { (process)G{QIJoA̪vPݩʡB{{XPһݸƵ|QJO餤A
@~tΨõoӰO馎椸@ѧOX (PID)AiHA{ǴNO@ӥbB@{C
bW̭Aڭ̦ҿתylͥXӪ{ǡzAOԣNNHo˻nFAڭ̵nJtΫA|o@
bash shell AMAڭ̥γo bash Ѫht@ӫOAҦp /usr/bin/passwd Ϊ̬O touch
Aǥt~檺O]|QIJo PID AIӫӰO~ͪ PID NOyl{ǡzFAӦbڭ̭쥻 bash
ҤUAN٬y{ǡzFIɥΧڭ̦b Q@ Bash ͨ쪺 export
ҥΪϥܦnFG
1.1.3B{ǬYܷN
ҥHAnDA{OʪIHWϥܨӬݡAs bash AĤG bash
{ǴNOe@ bashC]Cӵ{dz@ PID AYӵ{Ǫ{ǸӦpP_HNzL Parent PID (PPID)
ӧP_YiC~AѤQ@ export eڭ̤]QLܼƪ~ӰDAl{ǥiHo{ǪܼưաI
ڭ̨Ӷi橳UmߡAHAѤOl{/{ǡC
|
DG
Цbثe bash ҤUAAIJo@ bash AåHy ps -l zoӫO[{ǬXTC
G
bash A|iJl{ǪҤAMJ ps -l AX{G
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 8074 8072 2 76 0 - 1287 wait pts/1 00:00:00 bash
0 S 0 8102 8074 4 76 0 - 1287 wait pts/1 00:00:00 bash
4 R 0 8118 8102 0 78 0 - 1101 - pts/1 00:00:00 ps
ݨ쨺 PID P PPID ܡHĤ@ bash PID PĤG bash PPID O 8074 ڡA
]ĤG bash OӦ۩Ĥ@өҲͪIt~ACD{ҰʪA@ˡA
ҥHbAtΤWݨ쪺 PID Pڳo̪ܤ@wPIO`IԲӪ ps Oڭ̷|byᤶСA
o̧AunD ps -l iHd\{ǸTYiC
|
ܦhBͱ``|o{GyxIڱND{FAL@}lLS۰ʪ͡H
ӥBsͪӵ{Ǫ PID P٤@ˡAoO^ƩOHznháApGO crontab u@Ƶ{vTA֩w@{ǦsbAҥHAl{ǫA
{ǴN|DʦAͤ@IHҿ׳oGyzAX{ǡAMNLRNաI
l{ǻP{ǤYٮA̤jIb{ǤۤIsCb Linux {ǩIsq`٬ fork-and-exec y{
(1)I{dz|ǥѤ{ǥHƻs (fork) 觋ͤ@Ӥ@Ҥ@˪l{ǡA
MQƻsXӪl{ǦAH exec 觋Ӱڭni檺{A̲״N@Ӥl{ǪsbC
Ӭy{IUoiϡG
1.1.4B{Ǩϥ fork and exec IspܷN
(1)tΥH fork 觋ƻs@ӻP{ǬۦPȦs{ǡAoӵ{ǻP{ǰߤ@tONO PID PI
OoӼȦs{ٷ|h@ PPID ѼơAPPID peҭzANO{Ǫ{ѧOXաIM(2)Ȧs{Ƕ}lH exec
觋Jڭn檺{AHWzϥܨAs{W٬ qqq A̲פl{Ǫ{XN|ܦ qqq FI
oAѥGI
pGNڭ̤eǨ쪺@ǫOƨӬݡAڭ̤UFO²A]A ls ɮװڡB touch
إɮװڡBrm/mkdir/cp/mv OzɮװڡBchmod/chown/passwd OӺzvALA
oǫOO槹NFC]NOAӶOQIJoҲͪ PID ܧִN|פOI
S@b檺{ǰڡHMڡIӥBhOOI
|²檺ҤlӻnFAڭ̪DtΨC|h /etc/crontab Hά]wɡA
Ӷiu@Ƶ{aHӤu@Ƶ{O֭tdHMOڡI
IO crond oӵ{ҺzAڭ̱NLҰʦbI@_B@A
MyHe DOS ~N``@yܡANOy`nbO{ǡzաI
`nbO{dzq`Otd@ǨtΩҴѪ\HAȨϥΪ̦UȡA]oDZ`n{N|Qڭ̺٬GA (daemon)CtΪAȫD`hA
LDnjPtΥһݭnAȡAҦp责쪺 crond
atd A٦ syslog C٦@ǫhOtdsuAȡAҦp Apache, named, postfix,
vsftpd... CoǺAȤ쪺aAboǵ{QAL|Ұʤ@ӥiHtdťf
(port) AHѥ~Τ (client) sunDC
Linux hHhu
ڭ̲{bDFAb Linux U@ӫOɡAtη|NvBݩʡB{XPƵJOA
õoӳ椸@ӵ{ѧOX (PID)A̲ӫOiHi檺ȫhPo PID
vCھڳoӻAڭ̴NiH²檺AѡA Linux ohΤAOoCӤHiH֦ۤvҤFaI^_^
IUڭ̨ӽͽ Linux hHhuҪSG
Linux ̴ΪaNbLhHhuҤFIOyhHhuzHb Linux tΤW㦳hؤPbA
CرbSvAu@ӤH㦳ܰLWvOANO
root (tκz)CF root ~ALHn@ǭIӨCӤHiJ
Linux ҳ]wiHHۨCӤHߦnӳ]w (ٰOoڭ̦bĤQ@ BASH
L ~/.bashrc aHFINOӥI)I{bDFaH]CӤHnJo shell PID
PI
ڭ̦bĹsͨ CPU tסAثe CPU tץiFX GHzC
oN CPU CiHB@ 109 ohOCڭ̪ Linux iH CPU bUӤu@iA
]NOACӤu@Ȧh CPU XӫOơAҥH CPU CNbUӵ{ǤiաI
֥s CPU iHb@iohOB@C
CPU {Ǫu@APoǤu@iJ CPU B@Ƶ{ (CPU Ƶ{AD crontab Ƶ{) |vTtΪįI
ثe Linux ϥΪhu欰OD`Ϊ@ӾAXGiHN PC ʯ^XӡI
ѩįD`nA]hHPɵnJtήɡA|P㳡DnNFAsb@I
oNOhHhuҰաI(2)
b Linux Aw]ѤFӤrɭnJAHΤ@ӹϧάɭAAiHϥ
[Alt]+[F1].....[F7] ӤPݾɭAӥBCӲݾɭnJ٥iHPHI
ܬaIoӪFiNܦΰաIרObYӵ{ǦɭԡI
Ao]OhuҤUҲͪ@ӱpաIڭ̪ Linux
w]|ҰʤӲݾnJҪ{AҥHڭ̴N|ӲݾC
z]iHְڡINOֱҰʪݾ{NnFCԲӪƥiHd\ /etc/inittab
oɮסAӧڭ̦b}zy{ (ĤGQ) |AJӪЪI
He²ªA`OHϥ Windows 98 NiHաIӡA]u@YAݭnϥ Unix
tΡAQڥunbu@eNnA~n]Ӷ]h Unix u@ehOIҥHNϥ Windows sڪ
Unix u@u@InAڤ@ӵ{Ƕ]Uӭn 2~3 ѡA㰾``F 2.5 ѪɭԡA Windows 98
NLIhIuOLȦF
Ӧ]FsqAΤFH Windows 2000 AAoFu (HӨ) AbɭԡA
LiHȱN~{ǽ𱼡AӤzZL{ǶiAI
qHANξ߷|ssoILA2000 ٤nA]ɭ٬O|I
Linux |o˪DܡHѹ껡A Linux XGiH藍|I]LiHbɭԡA
NYӳQx{DZAMAsӵ{ǦӤέs}IaIpGڦb
Linux UHrɭnJAbùܿ~TNFʳʡAӦpOnIH
oӮɭԨw]CӵNWաIAiHHNA
[Alt]+[F1].....[F7] ӤLݾɭAMH ps -aux X𫍧~{ǡAMᵹL
kill @UAA^𫍧ݾɭIΡIS^_`oI
iHo˰OHڭ̭褣OLܡHCӵ{ǤiOWߪA]i̩ۨʡA
unWߪ{ǷARDӵ{ǡAMLNiHQtβաI^_^
- bash ҤUu@z (job control)
ڭ̦bW@Ӥp`ҿתy{ǡBl{ǡzYAڭ̵nJ bash A
NOo@ӦW bash PID FAӦboҩUҰ檺LOA
NXGOҿתl{ǤFCAboӳ@ bash UAڥiiHihӤu@ڡH
MiHաIiHyPɡziI|ҨӻAڥiHo˰G
[root@www ~]# cp file1 file2 &
|
bo@OAIb & \ALܱN file1 oɮƻs file2 ABmIA
]NOo@өROAbo@ӲݤMiHLu@Iӷo@ӫO (cp file1 file2)
槹AtαN|bAݤܧIܫKQI
hHhuT꦳ܦhnBA]zWxZA]ϥΪ̶VӶVhA
NɭPAzWxZIt~AѩϥΪ̤鲱AϥΪ̹F@wHƫA
q`AKݭnɯŤFA] CPU BP RAM jpiN|ŨϥΡI
|ӨҤlӻAezIӦnA]ϥΤF@ӫܽHƲέp{A
oӵ{|@h MySQL ƮwơA]yqjAy MySQL ܦLC
bo˪pUAnnJhgơAΪ̭nhϥΰQװϪ귽ɡA
zICܡI²NOyttzڡIӲשNoӵ{ΤFA
Hۤvg@Ӥp{ӨNAIoˤ~ CPU t (loading) ӭUӡ
ΰ_ӶZhFI ^_^
oӤu@z (job control) OΦb bash ҤUA]NOGyڭ̵nJtΨo bash shell
Ab@ݾUPɶihӤu@欰z zC|ҨӻAڭ̦bnJ bash A
Qn@ƻsɮסB@iƷjMB@isĶA٥iH@i vi {gI
Mڭ̥iHƵnJӤrݾҤALAणb@ bash FH
MiHڡINOϥ job control աI ^_^
Ou@zH
qWAAӭnAѪOGyiu@z欰A
CӤu@Oثe bash l{ǡAYOʪC
ڭ̵LkH job control 觋 tty1 ҥhz tty2 bash Iz
oӷЧAoإ߰_ӡAdҤФAAN|MAoI
γ\A|ıoܩ_ǰڡAJMڥiHbӲݤnJAϥ job control OH
uOǤlAh@|ڡInѰOFOAڭ̥iHb /etc/security/limits.conf (ĤQ|)
̭]wϥΪ̦PɥiHnJsuơAbo˪pUAYǨϥΪ̥iȯH@ӳsuӤu@OI
ҥHoAANonAѤ@Uoؤu@zҦFI~Aoӳ`e]|oAܦhƬyɦVAҥHApGѰOܡA
ȥ^ĤQ@ BASH Shell ݤ@ݳI
ѩ]ڭ̥u@ӲݤA]biHX{ܦrAާ@ҴN٬e
(foreground)AܩLu@NiHAJI (background) hȰιB@Cn`NOAJIu@QnB@ɡA
LPϥΪ̤ʡC|ҨӻA vim 藍ibI̭ (running) I]ASJƥLN|]ڡI
ӥBJIu@OiHϥ [ctrl]+c ӲפzI
`Ani bash job control n`N쪺OG
- oǤu@IJo{ǥӦ۩A shell l{(uzۤv bash)F
- eGAiHPUFOoҺ٬eu@ (foreground)F
- IGiHۦB@u@AALkϥ [ctrl]+c פLAiϥ bg/fg IsӤu@F
- Iyz{Ǥ terminal/shell J(input)
Uڭ̹ڨӺzoǤu@aI
job control z
peҭzAbash uzۤvu@ӤzL bash u@AҥHYϧAO root ]NOH bash
U job LLӰC~ASePIAMbI̭u@ASiHyȰ (stop)zPyB@
(running)zCڶi job OǡHUNӽͽ͡C
pPe쪺Aڭ̦bu@ bash ҤUApGQnPɶihӤu@A
iHNYǤu@IҷAڭ̥iH~ާ@eu@IpNu@IH
²檺kNOQΡy & zoӪNFI|²檺ҤlAڭ̭nN /etc/ ӳƥ
/tmp/etc.tar.gz BQnݡAiHo˰G
[root@www ~]# tar -zpcf /tmp/etc.tar.gz /etc &
[1] 8400 <== [job number] PID
[root@www ~]# tar: Removing leading `/' from member names
# bAXu@X (job number)AӸXP bash C
# 8400 hOoӤu@btΤ PIDCܩX{ƬO tar 檺ƬyA
# ѩڭ̨S[WƬyɦVAҥH|vTeIL|vTeާ@I
|
JӪ@@@AڦbJ@ӫOAbӫO̫᭱[W@ӡy & zNNӫOIA
bash |oӫO@ӡyu@X(job number)zANO [1] աIܩ᭱ 8400
hOӫOIJoy PID zFIӥBA쪺OAڭ̥iH~ާ@ bash OIܤaI
LAIu@ɭԧHɭԷ|ܤHpGAJXӫOAMX{oӸơG
[1]+ Done tar -zpcf /tmp/etc.tar.gz /etc
|
NN [1] oӤu@wg (Done) AӤu@OhOb᭱@OCC
oAѤFaIt~Ao & NGyNu@IhzI
`N쨺ӡyzrI~Ao˪p̤jnBOG
ȳQ [ctrl]+c _աI
~ANu@InSO`NƪyVI]AWTNX{~TAɭPڪeQvTC
MunU [enter] N|X{ܦrCpGڱN诊ӫO令G
[root@www ~]# tar -zpcvf /tmp/etc.tar.gz /etc &
|
p|ˡHbI檺OApG stdout stderr ɡALƨ¬OXùWA
ҥHAڭ̷|Lkݨ촣ܦrAM]NLknxeu@CPɥѩOIu@ tar A
ɧAU [ctrl]+c ]LkùQdIҥHoĄΪpNOQθƬyɦVA
NXƶǰeܬYɮפC|ҨӻAڥiHo˰G
[root@www ~]# tar -zpcvf /tmp/etc.tar.gz /etc > /tmp/log.txt 2>&1 &
[1] 8429
[root@www ~]#
|
Ip@ӡAXTLǰe /tmp/log.txt AMN|vTڭ̫e@~FC
o˻AzӥiHMƬyɦVnʤFaI^_^
u@X (job number) uPAo bash ҦAOLJMOӫOIJoNNAҥHM@wO@ӵ{ǡA
]A|[즳 job number ]ft@ PID I
QӱpGpGڥbϥ vi Aoo{ڦɮפDb̡Aݭn bash
ҤUijMAɬO_n vi OHIMݭnڡIunȮɱN vi LIݧYiC
ҦpHUרҡG
[root@www ~]# vi ~/.bashrc
# b vi @ҦUAU [ctrl]-z oӫ
[1]+ Stopped vim ~/.bashrc
[root@www ~]# <==QoFeޱvI
[root@www ~]# find / -print
....(Xٲ)....
# ɿù|D`LI]ùW|ܩҦɦWCЫU [ctrl]-z Ȱ
[2]+ Stopped find / -print
|
b vi @ҦUAU [ctrl] z oӫAùW|X{ [1] AܳoOĤ@Ӥu@A
+ N̪@ӳQiIu@ABثebIUw]|QΪӤu@
(P fg oӫO )IӨ Stopped hNثeoӤu@ACbw]pUAϥ [ctrl]-z
Iu@OyȰzAI
[root@www ~]# jobs [-lrs]
ﶵPѼơG
-l GFCX job number POꤧ~APɦCX PID XF
-r GȦCXbI run u@F
-s GȦCXbIȰ (stop) u@C
dҤ@G[ثe bash AҦu@AP PID
[root@www ~]# jobs -l
[1]- 10314 Stopped vim ~/.bashrc
[2]+ 10833 Stopped find / -print
|
pGQnDثeh֪u@bIAN jobs oӫOaI@ӻAUF jobs YiI
LApGAٷQnD job number PID XAiH[W -l oӰѼưաI
bXTAҦpWAJӬݨ쨺 + - I + Nw]Τu@C
ҥHGyثeڦӤu@bIAӤu@OȰA
ӦpGڶȿJ fg ɡA [2] |QeӳBzzI
+ N̪QIu@XA - N̪̫ĤGӳQmIu@XC
ӶWL̫ĤTӥH᪺u@AN| +/- ŸsbFI
责쪺ONu@Ih檺ASiHNIu@eӳBzH
ڡINO fg (foreground) աI|ҨӻAڭ̷QnNWYdҷu@XӳBzɡG
[root@www ~]# fg %jobnumber
ﶵPѼơG
%jobnumber Gjobnumber u@X(Ʀr)C`NA % OiiLI
dҤ@GH jobs [u@AANu@XG
[root@www ~]# jobs
[1]- 10314 Stopped vim ~/.bashrc
[2]+ 10833 Stopped find / -print
[root@www ~]# fg <==w]X + u@AY [2]CߧYU[ctrl]-z
[root@www ~]# fg %1 <==WwXӤu@XIAU[ctrl]-z
[root@www ~]# jobs
[1]+ Stopped vim ~/.bashrc
[2]- Stopped find / -print
|
gL fg ONNIu@eӳBzoIL쪺O̫@ܪGAڭ̷|o{ + X{bĤ@Ӥu@I
|o˰ڡHoO]AQ fg %1 NĤ@u@eS^IAɳ̫@ӳQJINܦ vi ӫOʧ@A
ҥHM [1] ᭱N|X{ + FIAѥGIt~ApGJy fg - z
hNN - Ӥu@XXӡAWNO [2]- Ӥu@XաI
ڭ̭责A [ctrl]-z iHNثeu@IUhyȰzA
p@Ӥu@bIUy Run zOHڭ̥iHbUoӮרҷӴաI
`NIUխni檺֤@II^_^
dҤ@G@ find / -perm +7000 > /tmp/text.txt AߨIhȰI
[root@www ~]# find / -perm +7000 > /tmp/text.txt
# ɡAХߨU [ctrl]-z ȰI
[3]+ Stopped find / -perm +7000 > /tmp/text.txt
dҤGGӤu@bIUiAåB[LII
[root@www ~]# jobs ; bg %3 ; jobs
[1]- Stopped vim ~/.bashrc
[2] Stopped find / -print
[3]+ Stopped find / -perm +7000 > /tmp/text.txt
[3]+ find / -perm +7000 > /tmp/text.txt & <== bg%3 pI
[1]+ Stopped vim ~/.bashrc
[2] Stopped find / -print
[3]- Running find / -perm +7000 > /tmp/text.txt &
|
ݨ̦tܡHIIISINOӪACHg Stopping ܦF Running oI
ݨtIAKKIOC̫hF@ & ŸoI
NӤu@QҰʦbIFաI ^_^
ڭ̥iH@ӤwgbIu@~u@A]iHӤu@H fg eӡA
ApGQnNӤu@OHΪ̬ONӤu@sҰʩOHoӮɭԴNoݭnӤu@@ӰT
(signal) ALDӫ@~nڡIɡA kill oӫONWγաI
[root@www ~]# kill -signal %jobnumber
[root@www ~]# kill -l
ﶵPѼơG
-l GoӬO L pgACXثe kill ϥΪT (signal) ǡH
signal GN᭱Ӥu@˪oI man 7 signal iG
-1 GsŪ@Ѽƪ]w ( reload)F
-2 GNPLJ [ctrl]-c P˪ʧ@F
-9 GߨjR@Ӥu@F
-15GH`{Ǥ觋פ@u@CP -9 O@˪C
dҤ@GXثe bash ҤUIu@AñNӤu@yjRzC
[root@www ~]# jobs
[1]+ Stopped vim ~/.bashrc
[2] Stopped find / -print
[root@www ~]# kill -9 %2; jobs
[1]+ Stopped vim ~/.bashrc
[2] Killed find / -print
# ALXAAUF jobs @AN|o{ 2 u@FI]QFI
dҡGXثe bash ҤUIu@AñNӤu@y`פzC
[root@www ~]# jobs
[1]+ Stopped vim ~/.bashrc
[root@www ~]# kill -SIGTERM %1
# -SIGTERM P -15 O@˪IziHϥ kill -l Ӭd\I
|
SOdN@UA -9 o signal q`OΦbyjR@Ӥ`u@zɩҨϥΪA
-15 hOH`BJ@u@(15]Ow])A̤äۦPI|WҤlӻA
ڥ vi ɭԡAO|ͤ@ .filename.swp ɮܡH
Aϥ -15 o signal ɡA vi |եH`BJӵ vi u@A
ҥH .filename.swp |DʪQCYOϥ -9 o signal ɡAѩ vi u@|QjA]A
.filename.swp N|~sbɮרtηCo˱zӥiHyL@UFaH
A kill άOܵLaաILft signal ҸԦCT ( man 7 signal hd\)
iHzĪzu@P{ (Process)A~A killall ]OP˪ΪkI
ܩ`Ϊ signal zܤֻݭnA 1, 9, 15 oT signal Nq~nC
~A signal FHƭȨӪܤ~A]iHϥΰTWٳI
|ҨӻAWdҤGNO@ӨҤlաIܩ signal number PW٪A
Aϥ kill -l ND(Lpg)I
t~A kill ᭱Ʀrw]|O PID ApGQnz bash u@ANon[W %Ʀr FA
oI]oSOdN~I
uzD
n`NOAڭ̦bu@z쪺yIzObݾҦUiHקK [crtl]-c _@ӱҡA
äOtΪIhIҥHAu@zI»PݾաI
bo˪pUApGAOHݳsu觋sA Linux DAåBNu@H & 觋IhA
аݡAbu@|pUAuFAӤu@ٷ|~iܡHOy_zI|~iAӬO|Q_C
HpGڪu@ݭni@jqɶAڤSmbIUAӦpBzOH
AAiHѦҫe@ at ӳBzYiI] at ONu@mtέIA
ӻPݾLCpGQnϥ at ܡAA]iHըϥ nohup oӫOӳBzIo nohup
iHAbuεnXtΫAٯu@~iCLykIoˡG
[root@www ~]# nohup [OPѼ] <==bݾeu@
[root@www ~]# nohup [OPѼ] & <==bݾIu@
|
n²檺OaIWzOݭn`NOA nohup ä䴩 bash تOA]AOnO~O~C
ڭ̨ӹժ@UUȧaI
# 1. s@|yε 500 z{G
[root@www ~]# vim sleep500.sh
#!/bin/bash
/bin/sleep 500s
/bin/echo "I have slept 500 seconds."
# 2. IhAåBߨnXtΡG
[root@www ~]# chmod a+x sleep500.sh
[root@www ~]# nohup ./sleep500.sh &
[1] 5074
[root@www ~]# nohup: appending output to nohup.out <==|ioӰTI
[root@www ~]# exit
|
pGAAnJܡAAϥ pstree hd\A{ǡA|o{ sleep500.sh ٦b椤Iä|Q_I
oAѷNFܡHѩڭ̪{̫|X@ӰTAO nohup PݾLFA
]oӰTXN|QɦVy ~/nohup.out zAҥHA~|ݨWzOAAJ nohup A
|X{ӴܰToC
pGAQnbIu@bAnXٯ~Aϥ nohup ft & OB@ҳI
iHѦҬݬݡI
@}lNҿתy{ǡzA]A{ǪIJoBl{ǻP{ǪʵA
~A٦ӡy{Ǫ̩ۨʡzHΩҿתyL͵{ǡzݭnOI{ǺzonOHoO]G
- A@}lNͨ쪺Aڭ̦bާ@tήɪUu@곣OgLY PID ӹF (]AA bash )A
]AणiYu@ANPӵ{ǪvFC
- AӡApGz Linux tάOӫܦLtΡAӨtθ귽֭nQϥΥɡA
zO_X̯ӨtΪӵ{ǡAMRӵ{ǡAtΫ_`OH
- ~ApGѩYӵ{gnAɭPͤ@ӦD{ǦbOAzSӦpXLAMNLOH
- pGPɦu@bztηB@A𫟺@u@~O̭nA
Ӧp@nu@QuOH
ҥHoA@Ӻ¾tκzAnx{Ǫzy{~A_htεoͰDɡAٯuOѨMDOI
Uڭ̷|Цp[{ǻP{ǪAAMA[H{DZoI
{Ǫ[
JM{dzonAڭ̦pd\tΤWbB@{ǩOH²ڡI
QRA ps Ϊ̬OʺA topAٯH pstree Ӭd\{Ǿ𤧶YI
[root@www ~]# ps aux <==[tΩҦ{Ǹ
[root@www ~]# ps -lA <==]O[ҦtΪ
[root@www ~]# ps axjf <==sP{Ǿ𪬺A
ﶵPѼơG
-A GҦ process ܥXӡAP -e 㦳P˪ĥΡF
-a GP terminal Ҧ process F
-u GĨϥΪ (effective user) process F
x Gq`P a oӰѼƤ@_ϥΡAiCXTC
X榡WG
l GBԲӪN PID TCXF
j Gu@榡 (jobs format)
-f G@ӧ㪺XC
|
ӤH{ ps oӫO man page Oܦnd\A]ܦhP Unix ϥγo ps Ӭd\{ǪAA
FnŦXPݨDAҥHo man page gD`ejI]Aq`|ijAAIӤPﶵA
@ӬOud\ۤv bash {Ǫy ps -l z@ӫhOiHd\ҦtιB@{ǡy
ps aux zI`NAASݿAOy ps aux zSӴ (-) IӬݬۤv bash {ǪA[G
dҤ@GNثeݩzۤvonJ PID PTCܥX(uPۤv bash )
[root@www ~]# ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 13639 13637 0 75 0 - 1287 wait pts/1 00:00:00 bash
4 R 0 13700 13639 0 77 0 - 1101 - pts/1 00:00:00 ps
|
tξ骺{ǹB@OD`hApGϥ ps -l hȦCXPAާ@ (bash) {ǦӤwA
Y̤Wh{Ƿ|OAۤv bash ӨS init o{ǥhI ps -l qXӪƦǩOH
ڭ̴N[ݬݡG
- FGNoӵ{ǺX (process flags)Aoӵ{Ǫ`vA`XG
- SGNoӵ{ǪA (STAT)ADnAG
- R (Running)Gӵ{bB@F
- S (Sleep)Gӵ{ثebίvA(idle)AiHQ(signal)C
- D GiQίvAAq`o{ib I/O p(ex>CL)
- T GA(stop)AiObu@(IȰ)ΰ (traced) AF
- Z (Zombie)GͪAA{ǤwgפoLkQܰO~C
- UID/PID/PPIDGNy{dzQ UID Ҿ֦/{Ǫ PID X/{Ǫ{ PID Xz
- CGN CPU ϥβvA쬰ʤF
- PRI/NIGPriority/Nice YgAN{dzQ CPU Ұ檺uǡAƭȶVpNӵ{ǶVֳQ
CPU CԲӪ PRI P NI NbU@p`C
- ADDR/SZ/WCHANGPO驰AADDR O kernel functionAXӵ{ǦbO骺ӳApGO running
{ǡA@N|ܡy - z / SZ N{ǥαhְO / WCHAN ܥثe{ǬO_B@AP˪A
Y - ܥbB@C
- TTYGnJ̪ݾmAYݵnJhϥΰʺAݤ (pts/n)F
- TIMEGϥα CPU ɶA`NAO{ǹڪO CPU B@ɶAӤOtήɶF
- CMDGNO command YgAy{ǪIJo{OC
ҥHAݨ쪺 ps -l XTALOGybash {ݩ UID 0 ϥΪ̡AAίv (sleep)A
ҥHίv]LIJoF ps (A run) GC{Ǫ PID 13639Au涶Ǭ 75 A
UF bash Ҩoݤ pts/1 AB@A (wait) CzoˤwgMFaH
zۤvոѪR@U ps @NNqOH ^_^
Uڭ̨ϥ ps [@UtΤҦ{ǪAaI
dҤGGCXثeҦbO{ǡG
[root@www ~]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 2064 616 ? Ss Mar11 0:01 init [5]
root 2 0.0 0.0 0 0 ? S< Mar11 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN Mar11 0:00 [ksoftirqd/0]
.....(ٲ).....
root 13639 0.0 0.2 5148 1508 pts/1 Ss 11:44 0:00 -bash
root 14232 0.0 0.1 4452 876 pts/1 R+ 15:52 0:00 ps aux
root 18593 0.0 0.0 2240 476 ? Ss Mar14 0:00 /usr/sbin/atd
|
A|o{ ps -l P ps aux ܪبäۦPIb ps aux ܪؤAU쪺NqG
- USERG process ݩӨϥΪ̱bH
- PID G process {ѧOXC
- %CPUG process ϥα CPU 귽ʤF
- %MEMG process ҦΪOʤF
- VSZ G process ϥαOq (Kbytes)
- RSS G process ΪTwOq (Kbytes)
- TTY G process ObӲݾWB@AYPݾLh ?At~A tty1-tty6
OWnJ̵{ǡAY pts/0 AhܬѺsiD{ǡC
- STATGӵ{ǥثeAAAܻP ps -l S XЬۦP (R/S/T/Z)
- STARTG process QIJoҰʪɶF
- TIME G process ڨϥ CPU B@ɶC
- COMMANDGӵ{ǪګOH
@ӻAps aux |̷ PID ǨӱƧܡAڭ٬OH 13639 PID ӻIӦ檺Nqy
root 檺 bash PID 13639AΤF 0.2% OeqʤAAv (S)Aӵ{DZҰʪɶ 11:44 A
BoݾҬ pts/1 CzP ps aux ݨ쪺OP@ӵ{ǰաIo˥iHzѶܡH
ڭ~ϥ ps [@ULTaI
dҤTGHdҤ@ܤeAܥXҦ{ǡG
[root@www ~]# ps -lA
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 1 0 0 76 0 - 435 - ? 00:00:01 init
1 S 0 2 1 0 94 19 - 0 ksofti ? 00:00:00 ksoftirqd/0
1 S 0 3 1 0 70 -5 - 0 worker ? 00:00:00 events/0
....(HUٲ)....
# A|o{CP ps -l XpۦPAܪ{ǫh]AtΩҦ{ǡC
dҥ|GCX{Ǿ𪺵{ܡG
[root@www ~]# ps axjf
PPID PID PGID SID TTY TPGID STAT UID TIME COMMAND
0 1 1 1 ? -1 Ss 0 0:01 init [5]
.....(ٲ).....
1 4586 4586 4586 ? -1 Ss 0 0:00 /usr/sbin/sshd
4586 13637 13637 13637 ? -1 Ss 0 0:00 \_ sshd: root@pts/1
13637 13639 13639 13639 pts/1 14266 Ss 0 0:00 \_ -bash
13639 14266 14266 13639 pts/1 14266 R+ 0 0:00 \_ ps axjf
.....(᭱ٲ).....
|
ݥXӤFaH곾bi@ǴծɡAOHsuiDӴժAҥHoAA|o{{ǤOʪաI
LA٥iHϥ pstree ӹFoӵ{ǾIHWҤlӬݡAOzL sshd ѪAȨo@ӵ{ǡA
ӵ{Ǵ bash ڨϥΡAӧڳzL bash Ah ps axjf Io˥iHݪFܡHLU쪺Nq man ps
(Mu man XӡI) oI
dҤGXP cron P syslog oӪAȦ PID XH
[root@www ~]# ps aux | egrep '(cron|syslog)'
root 4286 0.0 0.0 1720 572 ? Ss Mar11 0:00 syslogd -m 0
root 4661 0.0 0.1 5500 1192 ? Ss Mar11 0:00 crond
root 14286 0.0 0.0 4116 592 pts/1 R+ 16:15 0:00 egrep (cron|syslog)
# ҥHXO 4286 4661 ooINOo˧䪺աI
|
~Aڭ̥nDOy (zombie) z{ǬOH
q`Ay͵{Ǫ]O]ӵ{Ӥwg槹AΪ̬O]GӭnפFA
Oӵ{Ǫ{ǫoLk㪺Nӵ{ǵAӳyӵ{Ǥ@sbOC
pGAo{bYӵ{Ǫ CMD ᭱ٱW <defunct> ɡANNӵ{ǬO͵{ǰաAҦpG
apache 8683 0.0 0.9 83384 9992 ? Z 14:33 0:00 /usr/sbin/httpd <defunct>
|
tΤíwɭԴNeyҿת͵{ǡAiO]{gnաAΪ̬OϥΪ̪ާ@ߺD}ҳyC
pGAo{tΤܦh͵{ǮɡAOoڡInXӵ{Ǫ{ǡAMnnӰlܡAnniDҳ̨ΤưڡI
ݬݦaݭnﵽAnuONL kill ӤwOIMܡAU@L@͡AiN·ФFI @_@
ƹWAq`͵{dzwgLkޡAӪO浃 init o{ӭtdFA init OtβĤ@檺{A
LOҦ{{Iڭ̵Lkӵ{ (LAtδNFI)AҥHoApGͻ͵{ǡA
ӨtιL@}l٨SkzL֤߫Dg`ʪSBzӱNӵ{ǧRɡAAunzL reboot
觋ӱNӵ{ǩ٥hFI
۹ ps O^@ӮɶI{ǪAA top hiH{ǹB@AIϥΤ觋pUG
[root@www ~]# top [-d Ʀr] | top [-bnp]
ﶵPѼơG
-d G᭱iHơANOӵ{ǵesơCw]O 5 F
-b GH妸觋 top A٦hѼƥiHϥγI
q`|ftƬyɦVӱN妸GXɮסC
-n GP -b ftANqOAݭniX top XGC
-p GwYǭ PID Ӷi[ʴӤwC
b top L{iHϥΪOG
? Gܦb top iHJOF
P GH CPU ϥθ귽ƧܡF
M GH Memory ϥθ귽ƧܡF
N GH PID ӱƧdzI
T GѸ Process ϥΪ CPU ɶֿn (TIME+) ƧǡC
k GY PID @ӰT (signal)
r GY PID sq@ nice ȡC
q G} top n骺C
|
top \D`hIiHΪ]D`hIiHѦ man top I
o̶ȬOCX@dzۤv`ΪﶵӤwCUڭ̹[@Upϥ top P top eaI
dҤ@GCs@ top A[TG
[root@www ~]# top -d 2
top - 17:03:09 up 7 days, 16:16, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 80 total, 1 running, 79 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.5%us, 0.5%sy, 0.0%ni, 99.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 742664k total, 681672k used, 60992k free, 125336k buffers
Swap: 1020088k total, 28k used, 1020060k free, 311156k cached
<==pG[J k r ɡAN|r˥X{bo̳I
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
14398 root 15 0 2188 1012 816 R 0.5 0.1 0:00.05 top
1 root 15 0 2064 616 528 S 0.0 0.1 0:01.38 init
2 root RT -5 0 0 0 S 0.0 0.0 0:00.00 migration/0
3 root 34 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
|
top ]OӮ{[uIP ps ORAGXA top oӵ{iHʴӨtΪ{Ǥu@AC
bw]pUACs{Ǹ귽ɶ 5 ALAiHϥ -d ӶiקC
top DnӵeAWeӨtΪ귽ϥΪAAW`@AܪȩǬOG
- Ĥ@(top...)Go@ܪTOG
- ثeɶAYO 17:03:09 ӶءF
- }ثeҸgLɶAYO up 7days, 16:16 ӶءF
- wgnJtΪϥΪ̤HơAYO 1 userءF
- tΦb 1, 5, 15 u@tCڭ̦bĤQͨ쪺 batch
u@觋tp 0.8 NOoӭtoINO 1, 5, 15 AtΥntdB@Xӵ{(u@)NC
VpNtζVmAY 1 on`NAtε{ǬO_ӹLcƤFI
- ĤG(Tasks...)GܪOثe{Ǫ`qPӧO{ǦbA(running, sleeping, stopped, zombie)C
ݭn`NO̫᪺ zombie ӼƭȡApGO 0 Innݬݨ쩳O process ܦͤFaH
- ĤT(Cpus...)GܪO CPU tACӶإiϥ ? d\CݭnSO`NO %wa AӶإNO I/O waitA
q`Atη|ܺCO I/O ͪDjI]o̱on`NoӶدӥ CPU 귽I
t~ApGOh֤ߪ]ơAiHUƦry1zӤP CPU tvC
- ĥ|PĤGܥثeOPO (Mem/Swap) ϥαpC
AӡAn`NO swap ϥζqnɶq֡IpG swap QΪܤjqAܨtΪObI
- ĤGoӬOb top {JOɡAܪAaC
ܩ top UbeAhOC process ϥΪ귽pCݭn`NOG
- PID GC process ID աI
- USERG process ݪϥΪ̡F
- PR GPriority ²gA{Ǫu涶ǡAVpVQF
- NI GNice ²gAP Priority A]OVpVQF
- %CPUGCPU ϥβvF
- %MEMGO骺ϥβvF
- TIME+GCPU ϥήɶ֥[F
top w]ϥ CPU ϥβv (%CPU) @ƧǪIApGAQnϥΰOϥβvƧǡAhiHUyMzA
Yn^_hUyPzYiCpGQn} top hUy q zaIpGAQnN top GXɮɡA
iHo˰G
dҤGGN top Ti 2 AMNGX /tmp/top.txt
[root@www ~]# top -b -n 2 > /tmp/top.txt
# oˤ@ӡAKKINiHN top Ts /tmp/top.txt ɮפFC
|
oNܦIiHUANYӮɬq top [쪺GsɮסAiHΦbAQnbtέIUC
ѩOIUAPݾùjpLA]iHo{ǵeIpGAQn[{ CPU
POϥβvܧCAGѬOLkbĤ@ܮɡAӫHڭ̥iH[@{dzIpUҥܡG
dҤTGڭ̦ۤv bash PID i $$ ܼƨoAШϥ top [ PID
[root@www ~]# echo $$
13639 <==NOoӼƦrILOڭ bash PID
[root@www ~]# top -d 2 -p 13639
top - 17:31:56 up 7 days, 16:45, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 1 total, 0 running, 1 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 742664k total, 682540k used, 60124k free, 126548k buffers
Swap: 1020088k total, 28k used, 1020060k free, 311276k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
13639 root 15 0 5148 1508 1220 S 0.0 0.2 0:00.18 bash
|
ݨSINu|@{ǵAݡIܮe[aInApGڷQnb top Ui@ǰʧ@OH
軡Aק NI oӼƭȩOHiHo˰G
dҥ|GӤWDAW NI ȬO 0 AQn令 10 ܡH
# bdҤT top eU r A|X{pUϼˡI
top - 17:34:24 up 7 days, 16:47, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 1 total, 0 running, 1 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.5%si, 0.0%st
Mem: 742664k total, 682540k used, 60124k free, 126636k buffers
Swap: 1020088k total, 28k used, 1020060k free, 311276k cached
PID to renice: 13639 <==U r MJo PID X
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
13639 root 15 0 5148 1508 1220 S 0.0 0.2 0:00.18 bash
|
bAWʧ@AbAC|X{pUTG
Renice PID 13639 to value: 10 <==oO nice
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
|
UӧAN|ݨpUܵeI
top - 17:38:58 up 7 days, 16:52, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 1 total, 0 running, 1 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 742664k total, 682540k used, 60124k free, 126648k buffers
Swap: 1020088k total, 28k used, 1020060k free, 311276k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
13639 root 26 10 5148 1508 1220 S 0.0 0.2 0:00.18 bash
|
ݨ줣PBFaHuaNOקFҲͪĪGI@ӻApGQnX̷l CPU
귽ӵ{ǮɡAjhϥΪNO top o{աIMjH CPU ϥθ귽ӱƧ (b top U P Yi)A
NiHܧ֪DաI ^_^ChhRγoӦnΪFI
[root@www ~]# pstree [-A|U] [-up]
ﶵPѼơG
-A GU{Ǿ𤧶sH ASCII rӳsF
-U GU{Ǿ𤧶sHUXrӳsCbYDzݤUi|~F
-p GæPɦCXC process PIDF
-u GæPɦCXC process ݱbW١C
dҤ@GCXثetΤWҦ{Ǿ𪺬ʡG
[root@www ~]# pstree -A
init-+-acpid
|-atd
|-auditd-+-audispd---{audispd} <==oPU@欰 auditd XӪl{
| `-{auditd}
|-automount---4*[{automount}] <==w]pUAۦ{Ƿ|HƦr
....(ٲ)....
|-sshd---sshd---bash---pstree <==NOڭ̫O檺Ӭ̩ۨʡI
....(Uٲ)....
# `N@UAF`٪AҥHwgRhܦh{ǤFI
dҤGGӤWDAPɨqX PID P users
[root@www ~]# pstree -Aup
init(1)-+-acpid(4555)
|-atd(18593)
|-auditd(4256)-+-audispd(4258)---{audispd}(4261)
| `-{auditd}(4257)
|-automount(4536)-+-{automount}(4537) <=={Ǭۦ PID PI
| |-{automount}(4538)
| |-{automount}(4541)
| `-{automount}(4544)
....(ٲ)....
|-sshd(4586)---sshd(16903)---bash(16905)---pstree(16967)
....(ٲ)....
|-xfs(4692,xfs) <==]{Ǿ̨֦ëD pstree ̡IҥHCXb
....(Uٲ)....
# bA () YO PID Hθӵ{Ǫ owner ILAѩڬOϥ
# root 榹@OAҥHݩ root {ǴN|ܥXӰաI
|
pGn{ǤʡAo pstree uOnΨ줣IJ pstree
iHd{ǬʡApWҥܡAٷ|ϥνuqNʵ{dzs_ӭI
@sŸiHϥ ASCII XYiAɦ]ytD|DʪH Unicode ŸӳsA
]iݾLk䴩ӽsXAγ\|yýXDC]iH[W -A ﶵӧJAuqýXDC
pstree Xڭ̤]iHܲMDAҦ{dzO̪b init o{ǩUI
JӬݤ@UAo{Ǫ PID O@I]LO Linux ֤ߩҥDʩIsĤ@{IҥH PID NO@FC
o]Oڭ̭责͵{ɦAԣoͻ͵{ǻݭns}H
] init nsҰʡAӭsҰ init NO reboot oI
pGٷQnD PID PݨϥΪ̡A[W -u -p ӰѼƧYiCڭ̫eO@A
pGl{DZIΪ̬OѬO夣l{ǮɡAӦp{ǶܡHIγo pstree NFI ^_^
{Ǫz
{ǤOiH۱I|ҨӻAAiHBsҰʦAnAAn饻Oӵ{ǡA
AJMiHoαҰʡAMNOiHӵ{ǰաI{ǬOpۺzOHOzLӵ{Ǥ@ӰT (signal)
hiӵ{ǧAQno@I]oӰTNܭnաI
ڭ̤]be bash u@zLA
nYӤwgsbIu@Yǰʧ@ɡAO@ӰTӤu@XYiC쩳h signal OH
AiHϥ kill -l (pg L ) Ϊ̬O man 7 signal iHdߨIDnTNPWٹΤeOG
| N | W | e |
| 1 | SIGHUP | ҰʳQפ{ǡAi PID sŪۤv]wɡAsҰ |
| 2 | SIGINT | ۷LJ [ctrl]-c Ӥ_@ӵ{Ǫi |
| 9 | SIGKILL | Nj_@ӵ{ǪiApGӵ{Ƕi@bA
|i|yb~z͡A vim| .filename.swp OdUӡC |
| 15 | SIGTERM | H`{ǨӲפӵ{ǡCѩO`פA
ҥHʧ@|NLCLApGӵ{ǤwgoͰDANOLkϥΥ`kפɡA
Jo signal ]OSΪC |
| 19 | SIGSTOP | ۷LJ [ctrl]-z ӼȰ@ӵ{Ǫi |
WȬO` signal ӤwAhTTЦۦ man 7 signal aI@ӻAAunOoy1, 9,
15zoTӸXNqYiCڭ̦pǰe@ӰTYӵ{ǩOHNzL kill killall aIUOӬݬݡG
kill iHڭ̱No signal ǰeYӤu@ (%jobnumber) Ϊ̬OY PID (JƦr)C
nAjժOG kill ᭱[ƦrP[W %number pOPI
oӫܭnI]u@ 1 u@AO PID 1 hOMy init zo{IAiHN init OH
init AAtδNFڡIҥHOo % OMΦbu@I
ڭ̴NΤ@U kill PW쪺 ps Ӱ²檺mߧaI
|
DG
H ps X syslog oӵ{Ǫ PID AAϥ kill ǰeTAϱo syslog iHsŪ]wɡC
G
ѩݭnsŪ]wɡA] signal O 1 CܩX syslog PID iHOo˰G
ps aux | grep 'syslog' | grep -v 'grep'| awk '{print $2}'
UӫhOڨϥ kill -1 PIDA]AO|OoˡG
kill -SIGHUP $(ps aux|grep 'syslog'|grep -v 'grep'|awk '{print $2}')
pGnT{SsҰ syslog AiHѦҵnɪeAϥΦpUOd\G
tail -5 /var/log/messages
pGAݨyMar 19 15:08:20 www syslogd 1.4.1: restartzrˡANO syslogd b 3/19 sҰ (restart) LFI
|
AѤFoӥΪkHApGӧAQnNYӲW䧮nJ̪suRܡANiHzLϥ pstree -p {ǡA
MAH kill -9 Nӵ{ǧRAӱsuN|Q𱼤FIo˫²aI
ѩ kill ᭱n[W PID (Ϊ̬O job number)AҥHAq` kill |tX
ps, pstree OA]ڭ̥n۹ӵ{Ǫ
ID IOAp@ӡAܳ·С㦳SiHQΡyUFOW١zӵTH|ҨӻAणઽN syslog
oӵ{ǵ@ SIGHUP TOHiHI killall aI
[root@www ~]# killall [-iIe] [command name]
ﶵPѼơG
-i Ginteractive NAʦAYݭnRɡA|X{ܦrϥΪ̡F
-e Gexact NAܡy᭱ command name n@PzAӧ㪺O
WL 15 ӦrC
-I GOW(itѼ)jpgC
dҤ@G syslogd oӫOҰʪ PID @ SIGHUP T
[root@www ~]# killall -1 syslogd
# pG ps aux JӬݤ@UAsyslogd ~O㪺OW١CY]tӰѼơA
# h syslogd -m 0 ~O㪺OI
dҤGGjפҦH httpd Ұʪ{
[root@www ~]# killall -9 httpd
dҤTG̦߰ݨC bash {O_ݭnQפB@I
[root@www ~]# killall -i -9 bash
Kill bash(16905) ? (y/N) n <==oӤI
Kill bash(17351) ? (y/N) y <==oӱI
# 㦳ʪ\IiH߰ݧAO_nR bash oӵ{Cn`NAYS -i ѼơA
# Ҧ bash |Qo root I]A root ۤv bash I ^_^
|
`AnRYӵ{ǡAڭ̥iHϥ PID Ϊ̬OҰʸӵ{ǪOW١A
ӦpGnRYӪAȩOHI²檺kNOQ killall A
]LiHNtηҦHYӫOWٱҰʪ{ǥRC
|ҨӻAWdҤGAtΤҦH httpd Ұʪ{ǡAN|qqQRաI ^_^
{Ǫ涶
ڭ̪D Linux OhHhuҡA top XGڭ̤]o{A
tΦPɶD`h{ǦbB椤AuOj{dzbv (sleeping) AӤwC
Q@QApGҦ{ǦPɳQA CPU ӭnBzӵ{ǩOH]NOAӵ{dzQ檺uǤH
oNonҼ{{Ǫu (Priority) P CPU Ƶ{oI
CPU Ƶ{Pe@Ҧʤu@Ƶ{ä@ˡC CPU Ƶ{OC{dzQ CPU B@tWhA
ӨҦʤu@Ƶ{hONY{wƦbYӮɶAѨtΰC CPU Ƶ{P@~tθ㦳ʡI
ڭ̪D CPU @iHB@hF G LOơAzL֤ߪ CPU Ƶ{iHU{dzQ CPU ҤB@A
]Cӵ{Ǧb@ΦhΤֳ|Q CPU 泡OXCpG{dzOb@ӦC CPU B@A
Ӥ㦳uǤA]NOڭ̥hCֳCݭnƶ@ˡACӤHOӶǨӡI
AL@MٷQA (S槹)AШ᭱~ƶݡCpIUoˡG
3.3.1BèSuǪ{ǦCܷN
WϤ] pro1, pro2 O檺{ǡA pro3, pro4 O@몺{ǡAbo˪ҤAѩ㦳uǡA
ڡIpro1, pro2 ٬Oon~ݦӨSuݩOIpG pro3, pro4 u@SSI檺 pro1, pro2
NonݭӦѥbѤ~Iu·аڡIҥHoAڭ̷QnN{ǤuǰաIpGuǸhB@ƥiHhA
ӤݭnPCu{ǷmmIڭ̥iHN{ǪuǻP CPU Ƶ{ipUϪG
3.3.2B㦳uǪ{ǦCܷN
pWϩҥܡA㰪uv pro1, pro2 iHQΨ⦸AӸn pro3, pro4 hB@Ƹ֡C
p@ pro1, pro2 NiHֳQաIn`NAW϶ȬOܷNϡAëDṳ@w|QB@⦸աI
FnFWz\Aڭ Linux {Ǥ@өҿתyu (priority, PRI)zA
o PRI ȶVCNVuNCLo PRI ȬOѮ֤߰ʺAվ㪺A
ϥΪ̵Lkվ PRI ȪC@@ PRI b̥X{H
[root@www ~]# ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 18625 18623 2 75 0 - 1514 wait pts/1 00:00:00 bash
4 R 0 18653 18625 0 77 0 - 1102 - pts/1 00:00:00 ps
|
ѩ PRI O֤߰ʺAվ㪺Aڭ̨ϥΪ̤]LvhzA PRI IpGAQnվ{ǪuǮɡANonzL Nice
ȤFINice ȴNOW NI աI@ӻA PRI P NI ʦpUG
PRI(new) = PRI(old) + nice
LAnSOdNApG쥻 PRI O 50 AäOڭ̵@ nice = 5 AN| PRI ܦ 55 I
] PRI OtΡyʺAzMwAҥHAM nice ȬOiHvT PRI ALA
̲ת PRI OngLtΤR~|MwCt~A nice ȬOtAӬJM PRI VpVQA
ҥHA nice ȬtȮɡAӵ{ǴN|C PRI
ȡAY|ܪuQBzC~AAndNG
- nice ȥiվ㪺d -20 ~ 19 F
- root iHNվۤvΥLH{Ǫ Nice ȡABd -20 ~ 19 F
- @ϥΪ̶ȥiվۤv{Ǫ Nice ȡABdȬ 0 ~ 19 (קK@Τmtθ귽)F
- @ϥΪ̶ȥiN nice ȶVնVAҦp nice 5 AhӶȯվj 5F
o]NOAnվYӵ{ǪuǡANOyվӵ{Ǫ nice ȡzաIpYӵ{ nice
ȩOHؤ觋AOOG
- @}l{NߧY@ӯSw nice ȡG nice OF
- վYӤwgsb PID nice ȡG renice OC
[root@www ~]# nice [-n Ʀr] command
ﶵPѼơG
-n G᭱@ӼƭȡAƭȪd -20 ~ 19C
dҤ@G root @ nice Ȭ -5 AΩ vi A[ӵ{ǡI
[root@www ~]# nice -n -5 vi &
[1] 18676
[root@www ~]# ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 18625 18623 0 75 0 - 1514 wait pts/1 00:00:00 bash
4 T 0 18676 18625 0 72 -5 - 1242 finish pts/1 00:00:00 vi
4 R 0 18678 18625 0 77 0 - 1101 - pts/1 00:00:00 ps
# 쥻 bash PRI 75 AҥH vi w] 75CLѩ nice -5 A
# ] vi PRI CFIëDC 70 A]֤ٷ|ʺAվI
[root@www ~]# kill -9 %1 <==էN vi
|
NpPeA nice OΨӽվ{ǪuǡIo̥uO@Ӱ檺dҽ}FI
q`ɭԭnN nice ȽդjOH|ҨӻAtΪIu@A
YǤn{ǤiGҦpƥu@Iѩƥu@۷Өtθ귽A
oӮɭԴNiHNƥO nice Ƚդj@ǡAiHϨtΪ귽tI
[root@www ~]# renice [number] PID
ﶵPѼơG
PID GYӵ{Ǫ ID ڡI
dҤ@GXۤv bash PID AñN PID nice վ 10
[root@www ~]# ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 18625 18623 0 75 0 - 1514 wait pts/1 00:00:00 bash
4 R 0 18712 18625 0 77 0 - 1102 - pts/1 00:00:00 ps
[root@www ~]# renice 10 18625
18625: old priority 0, new priority 10
[root@www ~]# ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 18625 18623 0 85 10 - 1514 wait pts/1 00:00:00 bash
4 R 0 18715 18625 0 87 10 - 1102 - pts/1 00:00:00 ps
|
pGnվ㪺OwgsbYӵ{ǪܡANonϥ renice FCϥΪk²A
renice ᭱WƭȤ PID YiC]᭱O PID AҥHAȥnH ps
Ϊ̨L{[OhX PID ~ڡI
ѤWoӽdҷڭ̤]ݪXӡAMק諸O bash ӵ{ǡAOӵ{ǩIJo ps
O nice ]|~ӦӬ 10 IAѤFaI nice ȬOiHb{ --> l{ǤǻOI
t~AF renice ~A top P˪]OiHվ nice ȪI
tθ귽[
FtΪ{Ǥ~Aڭ٥NtΪ@Ǹ귽iˬdڡI|ҨӻAڭ̨ϥ top
iHݨܦhtΪ귽aIA٦SLuiHd\H
MڡIUoǤuOiH@I
[root@www ~]# free [-b|-k|-m|-g] [-t]
ﶵPѼơG
-b GJ free ɡAܪO KbytesAڭ̥iHϥ b(bytes), m(Mbytes)
k(Kbytes), g(Gbytes) ܳI
-t GbX̲GAܹOP swap `qC
dҤ@GܥثetΪOeq
[root@www ~]# free -m
total used free shared buffers cached
Mem: 725 666 59 0 132 287
-/+ buffers/cache: 245 479
Swap: 996 0 996
|
JӬݬݡAڪtη 725MB kOAڪ swap 1GB kA
ڨϥ free -m H MBytes ܮɡAN|X{WTCMem @ܪOO骺qA
Swap hOO骺qC total O`qA used OwQϥΪqA free hOѾliΪqC
᭱ shared/buffers/cached hObwQϥΪqAΨӧ@wĤΧ֨qC
JӪݨdҤ@XAڭ̪ Linux եΥDOܥZAڥSu@A
OAڪOOXGQΥpOILAܤ֦ 132MB ΦbwİO (buffers) u@A
287MB hΦb֨ (cached) u@A]NOAtάOyܦIJvNҦOΥzA
تOFtΪsį[tաI
ܦhBͳ|ݨoӰDyڪtΩܻPAO|QΥHz{bAFaH
QΥO`Iӻݭn`NϦӬO swap qC@ӻA swap ̦nnQϥΡAר swap ̦nnQϥζWL 20% HWA
pGzo{ swap ζqWL 20% AA̦n٬OROӴaI
]A Swap įObtܦhAӨtη|ϥΨ swap A
O]O餣F~|o˰IpAAѧaI
Linux tάFn[ttήįAҥH|Ṉ`ϥΨ쪺Ϊ̬O̪ϥΨ쪺ɮƧ֨ (cache) UӡA
o˥ӨtέnϥθɮɡANѰO餤jMXAӤݭnsŪwСAtפWMN[֤FI
]AOQΥO`I
[root@www ~]# uname [-asrmpi]
ﶵPѼơG
-a GҦtάTA]AUƳ|QCXӡF
-s Gtή֤ߦW
-r G֤ߪ
-m GtΪwW١AҦp i686 x86_64 F
-p GCPU AP -m AuOܪO CPU I
-i Gw骺x (ix86)
dҤ@GXtΪT
[root@www ~]# uname -a
Linux www.vbird.tsai 2.6.18-92.el5 #1 SMP Tue Jun 10 18:49:47 EDT 2008 i686
i686 i386 GNU/Linux
|
oөNNڭ̫eϥιLܦhFIuname iHCXثetΪ֤ߪB
Dnw饭xH CPU TCHWdҤ@AӻAڪ Linux
DϥΪ֤ߦW٬ LinuxAӥDW٬ www.vbird.tsaiA֤ߪ
2.6.18-92.el5 AӮ֤ߪإߪ 2008/6/10AAΪw饭x i386 HWŪw饭xC
oӫOܳ©OINOܥXثetΤwg}h[ɶAH 1, 5, 15
tNOFCٰOo top aHSաIo uptime iHܥX top e̤W@I
[root@www ~]# uptime
15:39:13 up 8 days, 14:52, 1 user, load average: 0.00, 0.00, 0.00
# top oӫOwgLTAAI
|
o netstat ]OnAoӫO`QΦbʱ譱ALAb{Ǻz譱]OݭnAѪաI
oӫOpUҥܡGWA netstat XjAOOPtΦۤv{ǬʳG
[root@www ~]# netstat -[atunlp]
ﶵPѼơG
-a GNثetΤWҦsuBťBSocket ƳCX
-t GCX tcp ʥ]
-u GCX udp ʥ]
-n GH{ǪAȦW١AH (port number) ܡF
-l GCXثebť (listen) AȡF
-p GCXӺAȪ{ PID
dҤ@GCXثetΤwgإߪsuP unix socket A
[root@www ~]# netstat
Active Internet connections (w/o servers) <==P
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 132 192.168.201.110:ssh 192.168.:vrtl-vmf-sa ESTABLISHED
Active UNIX domain sockets (w/o servers) <==P{Ǧۤv(D)
Proto RefCnt Flags Type State I-Node Path
unix 20 [ ] DGRAM 9153 /dev/log
unix 3 [ ] STREAM CONNECTED 13317 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 13233 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 13208 /tmp/.font-unix/fs7100
....(ٲ)....
|
bWGAܤFӳAOOsuH linux W socket {ǬʳC
ڭ̥ӬݬݺںsupG
- Proto Gʥ]wADn TCP P UDP ʥ]AƽаѦAgF
- Recv-QGDѨϥΪ̵{s즹 socket ƻs` bytes ơF
- Send-QGDѻݥDǰeLӪ acknowledged ` bytes ơF
- Local Address Gaݪ IP:port p
- Foreign AddressGݥD IP:port p
- State GsuAADnإ(ESTABLISED)κť(LISTEN)F
ڭ̬ݤWȦ@suơALNqOGyzL TCP ʥ]suAݪ 192.168.:vrtl.. su쥻aݪ
192.168.201.110:ssh AosuAOإ (ESTABLISHED) AIzܩhһA
Not@Agd\oI
FWsu~A Linux tΤW{ǬOiHP{ǩҵoeӪTANO Linux WY
(socket file)Cڭ̦bĤɮyL socket ɮסA
ɥͨ{ǪAҥHS`JͽסCsocket file iHqӵ{ǤTA]{ǥiHoǰeLӪơC
ѩ socket fileA] X Window oػݭnzLsnAثes distributions NH socket
ӶisuqFCW socket file X즳G
- Proto G@NO unix աF
- RefCntGs즹 socket {ǼƶqF
- Flags GsuXСF
- Type Gsocket sCDnT{su STREAM PݽT{ DGRAM ءF
- State GY CONNECTED ܦhӵ{ǤwgsuإߡC
- Path Gs즹 socket {|IΪ̬OƿX|C
HWXҡA̫ᨺTb /tmp/.xx UơANO X Window {ǰաI
PATH VNOoǵ{ǭn洫ƪɮoInI netstat iHڭ̶i椰ȩOH
ܦhIڭ̥ӬݬݡAQ netstat hݬݧڭ̪ǵ{ǦҰʭǺyzOH
dҤGGXثetΤWwbťsuΨ PID
[root@www ~]# netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 4566/hpiod
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 4328/portmap
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 4597/cupsd
tcp 0 0 0.0.0.0:728 0.0.0.0:* LISTEN 4362/rpc.statd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 4629/sendmail:
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 4571/python
tcp 0 0 :::22 :::* LISTEN 4586/sshd
# FiHCXťPA~A̫@ٯܦAȪ
# PID XHε{ǪOWٳIҦp̫@檺 4586 NO PID
dҤTGNWza 127.0.0.1:631 ӺAܡH
[root@www ~]# kill -9 4597
[root@www ~]# killall -9 cupsd
|
ܦhBͱ``ðݡANOAڪDثe쩳}FXӪ(ports)IAץDѤ˪AȡA
@wn۹ program bDW~ڡI|ҨӻAڭ̳骺 Linux DѪNO WWW
AȡAڪDM@ӵ{b WWW AȰڡINO Apache oӳnҴѪաI ^_^C
ҥHAڰFoӵ{AڪtΦ۵MNiH WWW AȤFCpڡH
Nӵ{IJoӵ{ǴNnFIҦpWdҤTҴѪҤlڡI ^_^
tΦb}ɭԡA֤߷|htΪwAAYǵw쩳SQANPoӮɭԪC
OoǰL{nOSܦbùWANOܭ֪bùW@{ӳuIण֤߰TX@@H
iHANϥ dmesg aI
Ҧ֤߰TAެO}ɭ٬OtιB@L{AϥunO֤߲ͪTA|QOO餤YӫO@ϬqC
dmesg oӫONNӰϬqTŪXӪI]TbӦhFAҥHɥiH[JoӺuOy
| more zӨϵeȰI
dҤ@GXҦ֤߶}ɪT
[root@www ~]# dmesg | more
dҤGGjM}ɭԡAwЪTH
[root@www ~]# dmesg | grep -i hd
ide0: BM-DMA at 0xd800-0xd807, BIOS settings: hda:DMA, hdb:DMA
ide1: BM-DMA at 0xd808-0xd80f, BIOS settings: hdc:pio, hdd:pio
hda: IC35L040AVER07-0, ATA DISK drive
hdb: ASUS DRW-2014S1, ATAPI CD/DVD-ROM drive
hda: max request size: 128KiB
....(Uٲ)....
|
ѽdҤGNDڳoDwЪ榡OFaISաI٥iHd\णdIdNO
eth AҥHAJ dmesg | grep -i eth լݬݩOI
pGAQnʺAAѤ@Utθ귽B@Ao vmstat TiH@Ivmstat iHy CPU /
O / ϺпJXA zApGAQnAѤ@ctΨ쩳O`̲֤HA
iHϥ vmstat RݬݡCUO`ﶵPѼƻG
[root@www ~]# vmstat [-a] [ [`p]] <==CPU/O鵥T
[root@www ~]# vmstat [-fs] <==O
[root@www ~]# vmstat [-S ] <==]wܼƾڪ
[root@www ~]# vmstat [-d] <==PϺЦ
[root@www ~]# vmstat [-p μ] <==PϺЦ
ﶵPѼơG
-a Gϥ inactive/active(DP_) N buffer/cache OXTF
-f G}ثeAtνƻs (fork) {ǼơF
-s GN@Ǩƥ (}ܥثe) ɭPOܤƱpCF
-S G᭱iHAܪƦCҦp K/M N bytes eqF
-d GCXϺЪŪg`qέp
-p G᭱CXμѡAiܸӤμѪŪg`qέp
dҤ@GέpثeD CPU AAC@A@pTI
[root@www ~]# vmstat 1 3
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free buff cache si so bi bo in cs us sy id wa st
0 0 28 61540 137000 291960 0 0 4 5 38 55 0 0 100 0 0
0 0 28 61540 137000 291960 0 0 0 0 1004 50 0 0 100 0 0
0 0 28 61540 137000 291964 0 0 0 0 1022 65 0 0 100 0 0
|
Q vmstat ƦܥiHilܳIAiHϥy vmstat 5 zNCs@ABLasIAU
[ctrl]-c CpGAQnYɪDtθ귽B@AAoӫONणDIWU쪺NqH
pUG
- { (procs) ؤOG
r GݹB@{ǼƶqFbGiQ{ǼƶqCoӶضVhANtζVL
(]tΤӦAҥHܦh{ǴNLkQΤ@bݦӵLkQG)C
- O (memory) ؤOG
swpdGOQϥΪeqF freeGQϥΪOeqF buffGΩwİOF cacheGΩ֨OC
ohP free OۦPC
- OmŶ (swap) ؤOG
siGѺϺФN{ǨXqF soGѩO餣ӱNSΨ쪺{ǼgJϺЪ swap eqC
pG si/so ƭȤӤjAܰO馎Ʊ``obϺлPDO𫗪ǨӶǥhAtήį|ܮtI
- ϺŪg (io) ؤOG
biGѺϺмgJ϶ƶqF boGgJϺХh϶ƶqCpGoȶVANtΪ I/O D`LI
- t (system) ؤOG
inGCQ_{ǦơF csGCi檺ƥơFoӼƭȶVjANtλPP]ƪqD`WcI
oǩP]ƷM]AϺСBdBɶC
- CPU ؤOG
usGD֤h CPU ϥΪAF syG֤hҨϥΪ CPU AF idGmAF waG I/O үӶO CPU AF
stGQ (virtual machine) ҵsΪ CPU ϥΪA (2.6.11 H~䴩)C
ѩOվAҥHèS I/O Ϊ̬O CPU LpCpGѧAAD`LɡA
Ooϥ vmstat hݬݡA쩳Oӳ귽QϥΪ̬WcI@ӻApG I/O ܦLܡAAtη|ܪD`CI
ڭ̦AӬݬݡAϺЪӦp[G
dҤGGtΤWҦϺЪŪgA
[root@www ~]# vmstat -d
disk- ------------reads------------ ------------writes----------- -----IO------
total merged sectors ms total merged sectors ms cur sec
ram0 0 0 0 0 0 0 0 0 0 0
....(ٲ)....
hda 144188 182874 6667154 7916979 151341 510244 8027088 15244705 0 848
hdb 0 0 0 0 0 0 0 0 0 0
|
ԲӪUNнѦjwd\@U man vmstat oIϥPŪgաIoAѥGI
ڭ̦bĤCgͨSv SUID/SGID/SBIT
AMĤCwgNoTدSv@FԲӪALAڭ̨nӱQOA쩳ovAy{ǡzOpvTH
~A{ǥi|ϥΨtθ귽A|ҨӻAϺдNO𫟺@귽CѧAb umount ϺЮɡAtΦѬOX{y device is
busy zrˡ쩳O^ưڡHڭ̩UNӽͤ@ͳoǩM{ǦYӸ`G
㦳 SUID/SGID vO檬A
SUID vP{ǪʫD`jIOHӬݬ SUID {OpQ@ϥΪ̰AB㦳SOH
- SUID vȹGi{(binary program)ġF
- ̹ӵ{ݭn㦳 x ivF
- vȦbӵ{L{ (run-time)F
- ̱N㦳ӵ{֦ (owner) vC
ҥHA SUID v|ͮĬOѩy㦳v{QIJozAӧڭ̪D@ӵ{QIJo|ܦ{ǡA
ҥHoḀiH㦳{֦̪vNObӵ{ܦ{ǪӮɭաIĤCڭ٨Sͨ{ǪA
ҥHAγ\ɭԷ|ıoܩ_ǡAԣF passwd AN㦳 root vOHO@ϥΪ̰檺ܡH
oO]AbIJo passwd A|o@ӷs{ǻP PIDA PID ͮɳzL SUID ӵ PID Sv]wաI
ڭ̨ϥ dmtsai nJtΥB passwd AzLu@ӲzѤ@UI
[dmtsai@www ~]$ passwd
Changing password for user dmtsai.
Changing password for dmtsai
(current) UNIX password: <==o̫U [ctrl]-z åBU [enter]
[1]+ Stopped passwd
[dmtsai@www ~]$ pstree -u
init-+-acpid
....(ٲ)....
|-sshd---sshd---sshd(dmtsai)---bash-+-more
| |-passwd(root)
| `-pstree
....(Uٲ)....
|
qWGڭ̥iHo{AuOݩ dmtsai oӤ@bvASr骺hO root vI
AݨFA passwd TO bash lͥXӪILNOv@ˡIzLo˪ѪRA
A]|MP{ҲͪvPFaIoOѩySUID {B@L{ͪ{ǡzYաI
JM SUID/SGID vOiȪAzӦpd߾ӨtΪ SUID/SGID ɮשOH
ӬO٤|ѰOaHϥ find YiڡI
find / -perm +6000
/proc/* NNq
Aڭ̤e쪺ҿת{dzObOIӰOƤSOgJ
/proc/* oӥؿUAҥHoAڭ̷MiH[ /proc oӥؿɮװڡI
pGA[L /proc oӥؿܡAӷ|o{LIoˡG
[root@www ~]# ll /proc
dr-xr-xr-x 5 root root 0 Mar 11 08:46 1
dr-xr-xr-x 5 root root 0 Mar 11 00:46 10
dr-xr-xr-x 5 root root 0 Mar 11 00:46 11
....(ٲ)....
-r--r--r-- 1 root root 0 Mar 20 12:11 uptime
-r--r--r-- 1 root root 0 Mar 20 12:11 version
-r--r--r-- 1 root root 0 Mar 20 12:11 vmstat
-r--r--r-- 1 root root 0 Mar 20 12:11 zoneinfo
|
WAثeDWUӵ{Ǫ PID OHؿAsb /proc C
|ҨӻAڭ̶}Ұ檺Ĥ@{ init L PID O 1 A
o PID ҦTgJb /proc/1/* IYڭ̪[ PID 1 ƦnFALIoˡG
[root@www ~]# ll /proc/1
dr-xr-xr-x 2 root root 0 Mar 12 11:04 attr
-r-------- 1 root root 0 Mar 17 14:32 auxv
-r--r--r-- 1 root root 0 Mar 17 14:32 cmdline <==NOO
-rw-r--r-- 1 root root 0 Mar 17 14:32 coredump_filter
-r--r--r-- 1 root root 0 Mar 17 14:32 cpuset
lrwxrwxrwx 1 root root 0 Mar 17 14:32 cwd -> /
-r-------- 1 root root 0 Mar 17 14:32 environ <==@ܼ
lrwxrwxrwx 1 root root 0 Mar 17 14:32 exe -> /sbin/init <==ڰ檺O
....(HUٲ)....
|
̭ٮhALA쪺OɮסAOOG
- cmdlineGoӵ{dzQҰʪOF
- environGoӵ{ǪܼƤeC
ܦaIpGAd\@U cmdline ܡAN|o{G
[root@www ~]# cat /proc/1/cmdline
init [5]
|
NOoӫOBﶵPѼƱҰ init աIo٬OYӯSw PID eOApGOw
Linux tάѼƩOHNOb /proc ؿUɮװաIɮPeOo˪G
(3)
| ɦW | ɮפe |
| /proc/cmdline | J kernel ɩҤUFѼơId\ɮסAiAѨtάOpҰʪI |
| /proc/cpuinfo | CPU TA]tɯߡBPB\ |
| /proc/devices | oɮװOFtΦUӥDn˸mDn˸mNAP
mknod OI |
| /proc/filesystems | ثetΤwgJɮרtoI |
| /proc/interrupts | ثetΤW IRQ tAC |
| /proc/ioports | ثetΤWUӸ˸mҰtm I/O }C |
| /proc/kcore | oӴNOO骺jpաInjaIOnŪLաI |
| /proc/loadavg | ٰOo top H uptime
aHSIWYTӥƭȴNOObI |
| /proc/meminfo | ϥ free CXOTAKKIbo̤]d\I |
| /proc/modules | ثeڭ̪ Linux wgJҲզCA]iHQOXʵ{աI |
| /proc/mounts | tΤwgơANO mount oӫOIsXӪưաI |
| /proc/swaps | 쩳tαJOb̡HIϥα partition NObաI |
| /proc/partitions | ϥ fdisk -l |X{ثeҦ partition
aHboɮ]I |
| /proc/pci | b PCI yƤWACӸ˸mԲӱpIi lspci Ӭd\I |
| /proc/uptime | NO uptime ɭԡA|X{TաI |
| /proc/version | ֤ߪANO uname -a ܪeաI |
| /proc/bus/* | @Ƕyƪ˸mA٦ USB ˸m]ObI |
AWoɮ׳bijziHϥ cat hd\ݬݡA`JAѡA
LA[ݹLɮפeA|PıաIpGӱzQnۦ漶gYǤunA
oӥؿUɮץi|zIUI
dߤw}ɮשΤw{Ƕ}Ҥɮ
٦@ǻP{ǬOiHȱoѦһPΪAڭ̨ӽͤ@͡G
ɭԧڷQnDڪ{Ǩ쩳boҰʹL{}ҤFhɮסAiHQ fuser [աI
|ҨӻAApGɵo{tγqGy device is busy zAܳoɮרtΥbLA
ܦY{ǦQΨɮרtΰաIANiHQ fuser ӰloIfuser ykIoˡG
[root@www ~]# fuser [-umv] [-k [i] [-signal]] file/dir
ﶵPѼơG
-u GF{Ǫ PID ~APɦCXӵ{Ǫ̡֦F
-m G᭱ɦW|DʪWɮרtΪ̳hA umount \ܦġI
-v GiHCXCɮP{٦OʡI
-k GXϥθɮ/ؿ PID AøչϥH SIGKILL oӰT PIDF
-i GP -k tXAbR PID e|߰ݨϥΪ̷N@I
-signalGҦp -1 -15 AY[ܡAw]O SIGKILL (-9) oI
dҤ@GXثeҦbؿϥ PID/ݱb/v H
[root@www ~]# fuser -uv .
USER PID ACCESS COMMAND
.: root 20639 ..c.. (root)bash
|
ݨXGSHLy.zU PID 20639 {ǡAӵ{ݩ root BO bash C
쪺O ACCESS ءAӶإNNqG
- c G{ǦbeؿU(Dؿ)F
- e GiQIJo檬AF
- f GO@ӳQ}ҪɮסF
- r GNhؿ (root directory)F
- F Gɮ׳Q}ҤFALbݦ^F
- m GiରɪʺA祃wF
pGAQnd\YɮרtΩUhֵ{ǥbθɮרtήɡA -m ﶵNܦUFI
եDȦΥX /, /boot, /home AҥHLkiաCLnb٦ /proc ɮרtΡA
ڭ̨AѤ@Uo /proc ɮרtΦhֵ{ǥbQΥLaI
dҤGGҦϥΨ /proc oɮרtΪ{ǧaI
[root@www ~]# fuser -uv /proc
# |ܥơA]S{Ƿ|hϥ /proc oӥؿڡI
# |QΨ쪺O /proc UɮװաIҥHAӭno˰G
[root@www ~]# fuser -mvu /proc
USER PID ACCESS COMMAND
/proc: root 4289 f.... (root)klogd
root 4555 f.... (root)acpid
haldaemon 4758 f.... (haldaemon)hald
root 4977 F.... (root)Xorg
# oX{Ǧbi /proc ɮרtΪsIo˲MFܡH
|
JMiHwɮרtΡAणȰw@ɮװڡHMiHoIݤ@UUרҥG
dҤTG /var Uݩ FIFO ɮסAåBXsɮת{
[root@www ~]# find /var -type p
/var/gdm/.gdmfifo <==ڭ̰woNYiI
/var/run/autofs.fifo-misc
/var/run/autofs.fifo-net
[root@www ~]# fuser -uv /var/gdm/.gdmfifo
USER PID ACCESS COMMAND
/var/gdm/.gdmfifo: root 4892 F.... (root)gdm-binary
dҥ|GPdҤTAչϧR PIDHBynzRI
[root@www ~]# fuser -ki /var/gdm/.gdmfifo
/var/gdm/.gdmfifo: 4892
Kill process 4892 ? (y/N) n
|
pHܦ쪺@ӫOaIzLo fuser ڭ̥iHXϥθɮסBؿ{ǡAǥH[աI
LIP ps, pstree PC fuser iHڭAѨYɮ (ɮרt) ثebQǵ{ǩҧQΡI
۹ fuser OɮשΪ̸˸mhXϥθɮשθ˸m{ǡAϹLӻA
pdXYӵ{Ƕ}ҩΪ̨ϥΪɮP˸mOHIIINOϥ lsof o
[root@www ~]# lsof [-aUu] [+d]
ﶵPѼơG
-a GhƻݭnyPɦߡz~ܥXGɡI
-U GȦCX Unix like tΪ socket ɮF
-u G᭱ usernameACXӨϥΪ̬{ǩҶ}ҪɮסF
+d G᭱ؿAYXYӥؿUwgQ}ҪɮסI
dҤ@GCXثetΤWҦwgQ}ҪɮP˸mG
[root@www ~]# lsof
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
init 1 root cwd DIR 3,2 4096 2 /
init 1 root rtd DIR 3,2 4096 2 /
init 1 root txt REG 3,2 38620 1426405 /sbin/init
....(Uٲ)....
# `NFܡHOAbw]pUA lsof |NثetΤWwg}Ҫ
# ɮץCXӡҥHAeh~HڡIziH`NAĤ@ɮ init 檺
# aNbڥؿAӮڥؿAKKIҦb inode ]ܥXӳI
dҤGGȦCX root Ҧ{Ƕ}Ҫ socket ɮ
[root@www ~]# lsof -u root -a -U
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
udevd 400 root 3u unix 0xedd4cd40 1445 socket
auditd 4256 root 7u unix 0xedd4c380 9081 socket
audispd 4258 root 0u unix 0xedd4c1e0 9080 socket
# `N쨺 -a aIpGAOJ lsof -u root lsof -U A|ԣTH
# ϥ lsof -u root -U lsof -u root -a -U AIPաI
# -a γ~NObѨMPɻݭnӶس߮ɰڡI ^_^
dҤTGЦCXثetΤWҦQҰʪP˸m
[root@www ~]# lsof +d /dev
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
init 1 root 10u FIFO 0,16 1147 /dev/initctl
udevd 400 root 0u CHR 1,3 1420 /dev/null
udevd 400 root 1u CHR 1,3 1420 /dev/null
udevd 400 root 2u CHR 1,3 1420 /dev/null
# ݧaI]˸mb /dev ̭IҥHoAϥηjMؿYiڡI
dҥ|GqXݩ root bash o{Ҷ}Ҫɮ
[root@www ~]# lsof -u root | grep bash
bash 20639 root cwd DIR 3,2 4096 648321 /root
bash 20639 root rtd DIR 3,2 4096 2 /
bash 20639 root txt REG 3,2 735004 1199424 /bin/bash
bash 20639 root mem REG 3,2 46680 64873 /lib/libnss_files-2.5.so
....(Uٲ)....
|
oӫOiHXzQnDYӵ{ǬO_ҥέǸTHҦpWY쪺dҥ|浲GOI ^_^
[root@www ~]# pidof [-sx] program_name
ﶵPѼơG
-s GȦCX@ PID ӤCXҦ PID
-x GPɦCX program name i PPID ӵ{Ǫ PID
dҤ@GCXثetΤW init H syslogd oӵ{ PID
[root@www ~]# pidof init syslogd
1 4286
# zפWAӷ| PID ~CWܤ]OX{F PID C
# OO init syslogd o{ PID աC
|
²檺ΪkaAzLo pidof OAåBtX ps aux PWܪkANiHܻzҷQn{ǤeFOC
biJF CentOS 5.x ASELinux wgOӫD`ƪ֤ҲդFICentOS 5.x ѤFܦhz SELinux OPA
]b[cWHen¥Beާ@zIҥHAbo@HAڭ̫ijjadUn SELinux oNI
ڭ̨ӥJӪoåaI
O SELinux
O SELinux OHLOy Security Enhanced Linux
zYgArWNqNOwjƪ Linux NIҿתywjơzOjƭӳH
Ow٬OvzHUNڭ̨ӽͽͧaI
SELinux OѬaw (NSA) }oA}ooNتO]ܦh~ɵo{A
q`tΥX{D]jbyu귽~ΡzҾɭPAڥѥ~oʪϦӨSoYC
Oyu귽~ΡzOH|ҨӻApGӤOtΪtκzFۤv]wKANҦbؿ
/var/www/html/ v]w drwxrwxrwx ɡAAıo|Ʊo͡H
{bڭ̪DҦtθ귽OzL{ǨӶisA /var/www/html/ pG]w 777 A
NҦ{ǧiӥؿsAU@AuҰ WWW AnAӳnIJo{DZNiHgJӥؿA
Ӹӵ{ǫoO Internet ѪAȪIunߤHIJo{ǡAӥBӵ{ǭnSѨϥΪ̶igJ\A
~HܥiN|AtμgJDzW䧮FIiuOoFI@Ӥpp 777 DiOjjI
Fo譱vP{ǪDAҥHawNۤBz@~tγo譱ޡC
ѩ Linux OۥѳnA{XO}A]o̫Kϥ Linux ӧ@sؼСA
̫NsGX Linux ֤߸̭hANO SELinux աIҥHA SELinux OX֤ߪ@ӼҲճI
h SELinux iHѦҡG
o]NOG SELinux Obi{ǡBɮӳv]w̾ڪ@Ӯ֤ҲաI
ѩҰʺAȪ]O{ǡA]n]Aȯ_stθ귽@DdI
ҥHAb SELinux tΪseAڭ̱oӦ^U@Ueͨ쪺tɮvPϥΪ̤YC
]ͧoӧA~|Dݭn SELinux աI
ڭĤQ|eADtΪbDntκz
(root) P@ΤAӳoب_ϥΨtΤWɮ귽hP rwx v]wC
LAn`NOAUv]w root OLĪC]AYӵ{ǷQnɮisɡA
tδN|ھڸӵ{Ǫ֦/sաAäɮתvAYqLvˬdANiHsɮפFC
oئsɮרtΪ觋Q٬yۥDs (Discretionary Access Control,
DAC)zAWANO̾ڵ{Ǫ֦̻Pɮ귽 rwx vӨMwLsOC
Lo DAC sXӧxZANOG
- root 㦳̰vGpGp߬Y{dzQߤHhoA
Bӵ{ݩ root vAo{ǴNiHbtΤWi귽sIuOnRI
- ϥΪ̥iHo{Ǩܧɮ귽svGpGAp߱NYӥؿv]w
777 AѩHv|ܦ rwx A]ӥؿN|QHҥNsI
oǰDOD`YIרOAtάOQYǺgߪtκzҴxɡIo̬Ʀıoؿvլ 777
]SF_MI...
{bڭ̪D DAC xZNOϥΪ̨o{ǫALiHǥѳo{ǻPۤvw]vӳBzLۤvɮ귽C
U@oӨϥΪ̹ Linux tΤANܥi|귽~ΪD͡CFקK DAC eoͪDA]
SELinux ɤJFes (Mandatory Access Control, MAC) kI
es (MAC) աILiHwSw{ǻPSwɮ귽ӶivޡI
]NOAYϧAO root AbϥΤP{ǮɡAAүovä@wO root A
ӱonݷɸӵ{Ǫ]wөwCp@ӡAڭ̰wﱱyDzܦFy{ǡzӤOϥΪ̳I
~AoӥD{Ǥ]NϥΨtɮ귽A]Cɮ귽]wӥD{dz]wiΪvI
p@ӡAشNӪhFIӨtε{ǨhBɮרhA@@iNSSFI
ҥH SELinux ]Ѥ@ǹw]F (Policy) AæbӬFѦhӳWh (rule) AAiHܬO_ҥθӱWhI
bes]wUAڭ̪{ǯʪŶNܤpFI|ҨӻA WWW An骺F{Ǭ httpd o{A
ӹw]pUA httpd ȯb /var/www/ oӥؿUsɮסApG httpd oӵ{ǷQnLؿhsƮɡA
FWh]wn}~AؼХؿ]on]w httpd iŪҦ (type) ~ID`hI
ҥHAYϤp httpd Q cracker oFvAL]Lvs /etc/shadow n]wɳI
SELinux B@Ҧ
Aƻ@UASELinux OzL MAC 觋ӱ{ǡALDO{ǡA
ӥؼЫhOӵ{ǯ_Ūyɮ귽zIҥHӻ@UoǩNNʰաI(4)
- D (Subject)G
SELinux DnQnzNO{ǡA]AiHNyDzͨ쪺 process WF
- ؼ (Object)G
D{ǯ_syؼи귽z@NOɮרtΡC]oӥؼжإiHɮרtιWF
- F (Policy)G
ѩ{ǻPɮƶqejA] SELinux |̾ڬYǪAȨӨqswʬFCoǬFٷ|ԲӪWh (rule)
ӫwPAȶ}YǸ귽sP_Cbثe CentOS 5.x ̭ȦѨӥDnFAOOG
- targetedGwAȭhAw糧֡AOw]FF
- strictG㪺 SELinux A譱YC
ijϥιw] targeted FYiC
- wʥ (security context)G
ڭ̭ͨFDBؼлPFAODणsؼаFFw~ADPؼЪwʥ奲@P~QsC
oӦwʥ (security context) IɮרtΪ rwx աIwʥ媺eP]wOD`nI
pG]w~AAYǪA(D{)NLksɮרt(ؼи귽)AMN|@X{yvšz~TFI
5.2.1BSELinux B@U(ϰѦҤp{ѮvWq)
WϪIbyDzpoyؼСz귽svI
ѤWϧڭ̥iHo{AD{ǥnqL SELinux FWhANiHPؼи귽iwʥ媺A
Y異ѫhLksؼСAY令\hiH}lsؼСCDOA̲ׯ_sؼ٬OPɮרtΪ rwx
v]wIp@ӡA[JF SELinux AX{vŪpɡAANon@B@BRiDFI
CentOS 5.x wgڭ̨qnD`hWhFAoAunDp}/YWhP_YiC
Ӧwʥ·СI]Aiݭnۦ]wɮתwʥOIݭnۦ]wڡH
|ҨӻAA]``iɮת rwx s]wܡHowʥANNLQ
SELinux ƪ rwx NOFIoˤnzѰաC
wʥsbD{ǤPؼɮ귽C{ǦbO馎AҥHwʥiHsJOSDC
ɮתwʥOOb̩OHƹWAwʥOmɮת inode
A]D{ǷQnŪؼɮ귽ɡAP˻ݭnŪ inode A
o inode NiHwʥH rwx vȬO_TAӵAŪv̾ڡC
wʥ쩳O˪sbOHڭ̥Ӭݬ /root UɮתwʥnFC
[wʥiϥΡy ls -Z zh[pUG(`NGAwgҰʤF SELinux
~IY|ҰʡAoеyLݹL@MYiCU|ЦpҰ SELinux I)
[root@www ~]# ls -Z
drwxr-xr-x root root root:object_r:user_home_t Desktop
-rw-r--r-- root root root:object_r:user_home_t install.log
-rw-r--r-- root root root:object_r:user_home_t install.log.syslog
# WzSr骺ANOwʥ媺eI
|
pWҥܡAwʥDnΫ_TAoT쪺NqG
oT쪺NqJӪ@UaG
- ѧO (Identify)G
۷b譱ѧOIDnѧOhUTر`G
- rootG root bApPWܪO root aؿUưڡI
- system_uGܨtε{Ǥ譱ѧOAq`NO{oF
- user_uGNO@ϥΪ̱bC
A|o{ѧOAF root ~ALѧO᭱|[Wy _u zr˩OI
oӨѧOIAڭAѸӸƬبҦ
ӨtΤWjƳ|O system_u root աIܩpGOb /home UơAjӴN|O user_u oI
- (Role)G
zLAڭ̥iHDoӸƬOݩ{ǡBɮ귽٬ONϥΪ̡C@몺⦳G
- object_rGNOɮשΥؿɮ귽AoӬO̱`oF
- system_rGNNO{ǰաILA@ϥΪ̤]|Qw system_r I
A]|o{⪺̫᭱ϥΡy _r zӵI]O role NI
- (Type) G(̭nI)
bw] targeted FA Identify P Role WOnInbo (type) I
WA@ӥD{ǯणŪoɮ귽AP즳IbɮP{ǪwqӬۦPAOOG
- typeGbɮ귽 (Object) W٬ (Type)F
- domainGbD{ (Subject) h٬ (domain) FI
domain ݭnP type ftAhӵ{Ǥ~QŪɮ귽աI
oTpQΩOHڭ̨@@D{ǦboT쪺NqIzLѧOP쪺wqA
ڭ̥iHDYӵ{ǩҥNNqIWAoǹƦb targeted FUpUG
| ѧO | | ӹb targeted Nq |
| root | system_r | N root bnJɩҨov |
| system_u | system_r | ѩtαbA]ODͦtιB@{ |
| user_u | system_r | @inJϥΪ̪{oI |
NpWҭzA̭nOADPؼФO_㦳iHŪgvAP{Ǫ domain ɮת
type Io̪Yڭ̥iHϥιF WWW A\ httpd o{P /var/www/html oӺmؿӻC
AݬݳoөNNwʥ夺eG
[root@www ~]# ll -Zd /usr/sbin/httpd /var/www/html
-rwxr-xr-x root root system_u:object_r:httpd_exec_t /usr/sbin/httpd
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t /var/www/html
# ̪쳣O object_r ANOɮסI httpd ݩ httpd_exec_t A
# /var/www/html hݩ httpd_sys_content_t oI
|
httpd ݩ httpd_exec_t oӥiH檺A /var/www/html hݩ httpd_sys_content_t oӥiH
httpd (domain) ŪCrݰ_ӤӮeAѧaIڭ̨ϥιϥܨӻo̪YI
5.2.2BD{Ǩo domain Pؼɮ귽 type ۤY
WϪNqڭ̥iHoˬݪG
- AڭIJo@ӥi檺ؼɮסANO㦳 httpd_exec_t o /usr/sbin/httpd ɮסF
- ɮת|oɮשҳyD{ (Subject) 㦳 httpd oӻ (domain)A
ڭ̪FwoӻwgwF\hWhA𫟺]AoӻiHŪؼи귽F
- ѩ httpd domain Q]wiHŪ httpd_sys_content_t oؼɮ (Object)A
]Am /var/www/html/ ؿUANQ httpd {ǩŪFF
- ̲ׯणŪ쥿TơAٱon rwx O_ŦX Linux vWdI
Wzy{iDڭ̴XӭIAĤ@ӬOFݭnqԲӪ domain/type ʡFĤGӬOYɮת type ]w~A
Yv]w rwx } 777 AӥD{Ǥ]LkŪؼɮ귽աILp@ӡA
]NiHקKϥΪ̱NLaؿ]w 777 ɩҳyvxZC
SELinux ҰʡBP[
ëDҦ Linux distributions 䴩 SELinux AҥHAn[@UAtΪI
o̤Ъ CentOS 5.x N䴩 SELinux աIҥHAݭnۦsĶ SELinux A Linux ֤ߤI
ثe SELinux 䴩TؼҦAOpUG
- enforcingGjҦAN SELinux B@ABwgT}l domain/type FF
- permissiveGeeҦGN SELinux B@ALȷ|ĵiTä|ڭ
domain/type sCoؼҦiHBӧ@ SELinux debug ΡF
- disabledGASELinux èSڹB@C
ADثe SELinux ҦOHNzL getenforce aI
[root@www ~]# getenforce
Enforcing <==աINܥXثeҦ Enforcing oI
|
t~Aڭ̤SpD SELinux F (Policy) OHoɥiHϥ sestatus [G
[root@www ~]# sestatus [-vb]
ﶵPѼơG
-v GˬdC /etc/sestatus.conf ɮP{Ǫwʥ夺eF
-b GNثeFWhLȦCXAYYdzWh (rule) O_nҰ (0/1) NF
dҤ@GCXثe SELinux ϥέӬF (Policy)H
[root@www ~]# sestatus
SELinux status: enabled <==O_Ұ SELinux
SELinuxfs mount: /selinux <==SELinux ɮƱI
Current mode: enforcing <==ثeҦ
Mode from config file: enforcing <==]wɫwҦ
Policy version: 21
Policy from config file: targeted <==ثeFH
|
pWҥܡAثeOҰʪAӥBO Enforcing ҦAӥѳ]wɬd߱o笰 Enforcing ҦC
~Aثew]F targeted o@ӡCAӭnðݪOA SELinux ]wɬOɮװڡH
NO /etc/selinux/config oɮ׳Iڭ̨ӬݬݤeG
[root@www ~]# vi /etc/selinux/config
SELINUX=enforcing <==վ enforcing|disabled|permissive
SELINUXTYPE=targeted <==ثeȦ targeted P strict
|
WOw]FPҰʪҦIAn`NOApGܤFFhݭns}FpG enforcing permissive
令 disabled AΥ disabled 令LӡA]ns}CoO] SELinux OX֤߸̭hA
AuiHb SELinux B@Uj (enforcing) μee (permissive) ҦA SELinux I
PɡA SELinux (disable) A}ҪA]ݭns}աIҥHApGAo{ getenforce X{ disabled ɡA
ШWzɮק令 enforcing aI
ҥHApGAnҰ SELinux ܡAбNWz SELINUX=enforcing ]wAåBw SELINUXTYPE=targeted o@ӳ]wA
åB /boot/grub/menu.lst oɮץhAݬݮ֤ߦL SELinux FOH
[root@www ~]# vi /boot/grub/menu.lst
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-92.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-92.el5 ro root=LABEL=/1 rhgb quiet selinux=0
initrd /initrd-2.6.18-92.el5.img
# pGnҰ SELinux AhiHX{ selinux=0 r˦b kernel ᭱I
|
Ъ`NWSr骺@AT{ kernel ᭱iHy selinux=0 zoӶءI] selinux=0 w֤߮ɡA
h֤߷|۰ʪ /etc/selinux/config ]wȡAӪL SELinux JAҥHA SELinux ҦN|ܦ disabled
աI]ڭ̭nҰʡAҥHo̱onT{sb selinux=0 ~IOOI
pG@]wAUӴNO reboot s}aI
LAn`NOApGq disable Ұ SELinux ҦɡA
ѩtΥnwɮgJwʥ媺TA]}L{|O֮ɶbݭsgJ SELinux wʥ
(ɤ]٬ SELinux Label) AӥBbgٱonAs}@IAnݯ@qɶI
U}\AAϥ getenforce sestatus
[ݬݦ_\Ұʨ Enforcing ҦoI
pGAwgb Enforcing ҦAOiѩ@dz]wDɭP SELinux YǪAȵLk`B@A
ɧAiHN Enforcing Ҧאּee (permissive) ҦA SELinux u|ĵiLkQsuTA
ӤOץD{ǪŪvC SELinux Ҧb enforcing P permissive kG
[root@www ~]# setenforce [0|1]
ﶵPѼơG
0 Gন permissive eeҦF
1 Gন Enforcing jҦ
dҤ@GN SELinux b Enforcing P permissive P[
[root@www ~]# setenforce 0
[root@www ~]# getenforce
Permissive
[root@www ~]# setenforce 1
[root@www ~]# getenforce
Enforcing
|
LЪ`NA setenforce Lkb Disabled ҦUiҦI
SELinux AȹB@d
ѩ CentOS 5.x w]ϥ targeted oӬFAӳoӬFDnObzAȡAݪ{ǫh SELinux ިC
JMWYڭ̴g|L /usr/sbin/httpd oӵ{ӷ@dҡAڭ̴Nϥ WWW Aӻ@U SELinux
B@觋aC
Aڭ̱Ұ httpd oAȧaInOoOA@AȱҰʪ}|b /etc/init.d/ UA
ҥHڭ̥iHo˱ҰʻP[G
# 1. ҰʳoӺAȧaI
[root@www ~]# /etc/init.d/httpd start
bҰ httpd: [ Tw ]
# 2. [L{ǡAåB[{Ǫ SELinux wʥ
[root@www ~]# pstree | grep httpd
|-httpd---8*[httpd] <==httpd |ͫܦhl{ǨӭtdAȳI
[root@www ~]# ps aux -Z |grep http
root:system_r:httpd_t root 24089 0.2 1.2 22896 9256 ? Ss 16:06 0:00 /usr/sbin/httpd
root:system_r:httpd_t apache 24092 0.0 0.6 22896 4752 ? S 16:06 0:00 /usr/sbin/httpd
root:system_r:httpd_t apache 24093 0.0 0.6 22896 4752 ? S 16:06 0:00 /usr/sbin/httpd
....(᭱ٲ)....
|
ps -Z oӡy -Z zﶵiHڭ̬d\{ǪwʥIL{ǻЦۦd\WU`eC
ڭ̥iHo{oӵ{Ǫ domain O httpd_t oөNNIAӧڭ̨ӳBz@UƥC
ѩOm /var/www/htmlABɦWӭnOy index.html zA]ڭ̥iHo²檺s@G
[root@www ~]# echo "This is my first web page." > /var/www/html/index.html
|
UӡApGAbsWJy http://127.0.0.1 zӷ|ݨpUe~I
5.4.1Bhttpd QB@ɡAݨ쪺e
ɧAs|zL httpd oӵ{Ǿ֦ httpd_t o domain hŪ /var/www/html/index.html oɮתI
ӬݬݳoɮתvP SELinux wʥơG
[root@www ~]# ll -Z /var/www/html/index.html
-rw-r--r-- root root root:object_r:httpd_sys_content_t /var/www/html/index.html
|
vO apache iHŪ r лxA SELinux hO httpd_sys_content_t (type)A]O httpd_t ŪI
httpd_t iHŪOH] targeted F̭]wIF]wdߧڭ̥iHbja@СA
o̥AѤ@UYiC
ڭ̨AѤ@UO~wʥ]wnFI{bAڭ̱NnƦb root aؿUs@I
]wpUG
# 1. b root aؿظmһݪG
[root@www ~]# echo "My 2nd web page..." > index.html
# 2. N index.html yhz /var/www/html ؿhG
[root@www ~]# rm /var/www/html/index.html
[root@www ~]# mv index.html /var/www/html
# oӴժIb mv oӫOBzWIȥϥ mv I
|
Wzʧ@ApGbsJ http://127.0.0.1/index.html AAӷ|Qe|X{ڭ̷Qny My 2nd web
page...z~AOGoܦG
5.4.2B~wʥҳyxZ
Oonb}Cw index.html _hX{|ܦwﭺeCӿùWX{~TOSv
(You don't have permission...)Cݬݳo /var/www/html/index.html vaI
[root@www ~]# ll -Z /var/www/html/index.html
-rw-r--r-- root root root:object_r:user_home_t /var/www/html/index.html
|
A|o{AvO諸 (apache ϥΪ̨¥iHŪ)AOwʥ夺eoOϥΪ̮aؿOI
uOnRIoӨϥΪ̮aؿw]i൹ httpd_t o domain ŪIҥHNͿ~աIӦpBmOH
JMwʥOANNL^ӧYiIקOHiHzLӫOIڭ̨ϥ chcon ӳBzG
[root@www ~]# chcon [-R] [-t type] [-u user] [-r role] ɮ
[root@www ~]# chcon [-R] --reference=d ɮ
ﶵPѼơG
-R GsPӥؿUؿ]PɭקF
-t G᭱wʥ媺IҦp httpd_sys_content_t F
-u G᭱ѧOAҦp system_uF
-r G᭱AҦp system_rF
--reference=dɡGYɮdҨӭקɮתI
dҤ@GN𫍧 index.html אּ httpd_sys_content_t
[root@www ~]# chcon -t httpd_sys_content_t /var/www/html/index.html
[root@www ~]# ll -Z /var/www/html/index.html
-rw-r--r-- root root root:object_r:httpd_sys_content_t /var/www/html/index.html
# @Io˴N^ӰաI
dҤGGH /etc/passwd ̾ڡAN index.html ק令
[root@www ~]# ll -Z /etc/passwd
-rw-r--r-- root root system_u:object_r:etc_t /etc/passwd
[root@www ~]# chcon --reference=/etc/passwd /var/www/html/index.html
[root@www ~]# ll -Z /var/www/html/index.html
-rw-r--r-- root root root:object_r:etc_t /var/www/html/index.html
# ݬݡIO_PW /etc/passwd ۦPFILAoSO~wʥI
# nۭקIڭ̨Ӷi橳Ut~@ӫOBmݬݡI
|
chcon OzLw觋ӳBzwʥ媺ơCڭ̪Dtιw]ؿS SELinux wʥA
|ҨӻA /var/www/html 쥻NO httpd iHŪؿIJMpASiHϥιw]wʥ٭쪺觋H
ANO restorecon oNG
[root@www ~]# restorecon [-Rv] ɮשΥؿ
ﶵPѼơG
-R GsPؿ@_קF
-v GNL{ܨùW
dҤ@GN~ index.html Hw]wʥ勵L
[root@www ~]# restorecon -Rv /var/www/html/index.html
restorecon reset /var/www/html/index.html context system_u:object_r:etc_t:s0->
system_u:object_r:httpd_sys_content_t:s0
# WoOP@IܱN index.html etc_t אּ httpd_sys_content_t
|
M^ 5.4.2 LŪ@UAKKISiHݨ쥿TeաIoӹL{Sʨ rwx vA
]vӴNO諸IӿOb SELinux wʥ (type) ]w~I
ӳ]w~]ܥiO]ɮץѨLmƻsβʹLөҾɭPI]A
Aon restorecon H chcon ӳBzo譱DI
SELinux һݪA
ѩ SELinux OX֤ߪ@Ӯ֤ߥ\A]AXGݭnҰʤB~AȨӶ} SELinux C
}A SELinux NҰʤFCLAA]o{ڭ̽ƻsβʬYǸƨSwؿɡA
iѩS`Nק SELinux wʥ夺eAGɭPAȵLkQB檺DI
SkiHOo SELinux ~ɡANǦΪTOUӡAåBѸѨMשOH
ɴNonUXӪAȪUoI
- setroubleshoot --> ~TgJ /var/log/messages
XGҦ SELinux {|H se }YAoӪAȤ]OH se }YI troubleshoot jaDO~JAA
]o setroubleshoot ۵MNonҰʥLաIoӪAȷ|N SELinux ~TPJAkO /var/log/messages
YAҥHA@wonҰʳoӪAȤ~nCpb}ɭԴNҰ setroubleshoot OHo˳BzG
[root@www ~]# chkconfig --list setroubleshoot
setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off
# ڭ̪ Linux B@ҦOb 3 5 A]oӭn on YiC
[root@www ~]# chkconfig setroubleshoot on
# chkconfig ڭ̷|b᭱`СA --list OCXثe浥ŬO_ҰʡA
# pG[W on AhOb}ɱҰʡAY off h}ɤҰʡC
|
oAȹw]XG|ҰʰաIDAݨ 3:off 5:off ɡA~ݭnHy chkconfig setroubleshoot on z
h]w@UCpGoͿ~ɡATOHڭ̭褣OHss index.html þɭP~ܡH
NNӿ~@@I
[root@www ~]# cat /var/log/messages | grep setroubleshoot
Mar 23 17:18:44 www setroubleshoot: SELinux is preventing the httpd from using
potentially mislabeled files (/var/www/html/index.html). For complete SELinux
messages. run sealert -l 6c028f77-ddb6-4515-91f4-4e3e719994d4
|
W~TiOP@IjOySElinux QΨקK httpd Ū~wʥA
Qnd\㪺ơAа sealert -l 6c02...zSIA`NFIINO sealert -l աI
WѪTäAQn㪺ona sealert tX쪺~NXӳBzC
ڳBz|oˡG
[root@www ~]# sealert -l 6c028f77-ddb6-4515-91f4-4e3e719994d4
Summary:
SELinux is preventing the httpd from using potentially mislabeled files
(/var/www/html/index.html). <==NO /var/log/messages T
Detailed Description: <==UO㪺yzInݡI
SELinux has denied httpd access to potentially mislabeled file(s)
(/var/www/html/index.html). This means that SELinux will not allow httpd to use
these files. It is common for users to edit files in their home directory or tmp
directories and then move (mv) them to system directories. The problem is that
the files end up with the wrong file context which confined applications are not
allowed to access.
Allowing Access: <==Yn\sAAݭni檺ʧ@I
If you want httpd to access this files, you need to relabel them using
restorecon -v '/var/www/html/index.html'. You might want to relabel the entire
directory using restorecon -R -v '/var/www/html'.
....(Uٲ)....
|
INOWSrܪaIAunӵۡyAllowing Accessz̭ܥhiBzA
NA SELinux ]wFIڭ̤WӤp`쪺 restorecon
P chcon ANDA setroubleshoot ѪThĤFaI
- auditd --> ԲӸƼgJ /var/log/audit/audit.log
audit O]֪NAo auditd |N SELinux oͪ~TgJ /var/log/audit/audit.log I
PWӪAȬۦPAA̦nb}ɴN]woAȬҰʪҦA]iHӼ˳yyG
[root@www ~]# chkconfig --list auditd
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@www ~]# chkconfig auditd on
# Y 3:off 5:off ɡA~ݭniI
|
P setroubleshoot POA auditd |N\h SELinux TOUӡAuO~TӤwA
]n /var/log/audit/audit.log D`ejInoɮ̭hjMƬO֤H
٦nASELinux Ѥ@ audit2why Oڭ̬d߿~T^OIoӫOpϥΩOH
iHo˥ΪG
[root@www ~]# audit2why < /var/log/audit/audit.log
# NOANnɪeŪiӤRAÿXRGIGIoˡG
type=AVC msg=audit(1237799959.349:355): avc: denied { getattr } for pid=24094
comm="httpd" path="/var/www/html/index.html" dev=hda2 ino=654685 scontext=root:s
ystem_r:httpd_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
Was caused by:
Missing or disabled TE allow rule.
Allow rules may exist but be disabled by boolean settings; check boolean
settings.
You can see the necessary allow rules by running audit2allow with this
audit message as input.
|
audit2why ΪkPXGpWA쪺O AVC AAVC O access vector cache YgA
تOOҦP SELinux sέpơCXTA|ͨ첣Ϳ~DApWSr鳡A
A|o{~TDni type šAҥHɭP~oͰڡILANӬݡAڭӤHıo setroubleshoot nΩOI
oӦnF卖iHUAѨM SELinux ~A]Aаȥܤ֭nǷ|𫟺@~RkI
SELinux FPWhz
{bAӪDA@ӥD{_Ūؼɮ귽Ib SELinux FHάFUWhA
MAzLӳWhwqhBzUؼɮתwʥAרOyzC{bڭ̤]DiHzL
sestatus P getenforce hoثe SELinux AC
OAणાDԲӪFPWhةOHUڭ̴NAAѡI
CentOS 5.x w]Ϩϥ targeted FAoӬFѦh֬WhOHɥiHzL seinfo Ӭd߳I
[root@www ~]# seinfo [-Atrub]
ﶵPѼơG
-A GCX SELinux ABWhLȡBѧOBBOҦT
-t GCX SELinux ҦO (type)
-r GCX SELinux Ҧ (role)
-u GCX SELinux ҦѧO (user)
-b GCXҦWh (L)
dҤ@GCX SELinux bFUέpA
[root@www ~]# seinfo
Statistics for policy file: /etc/selinux/targeted/policy/policy.21
Policy Version & Type: v.21 (binary, MLS) <==CXFҦbɻP
Classes: 61 Permissions: 220
Types: 1521 Attributes: 155
Users: 3 Roles: 6
Booleans: 213 Cond. Expr.: 190
Sensitivities: 1 Categories: 1024
Allow: 86561 Neverallow: 0
Auditallow: 34 Dontaudit: 5460
Role allow: 5 Role trans: 0
....(Uٲ)....
# qWڭ̥iHݨoӬFO targeted AFwʥO 1521 ӡF
# ӰwAȪWh (Booleans) @qF 213 WhI
dҤGGCXP httpd Wh (booleans) ǡH
[root@www ~]# seinfo -b | grep httpd
Rule loading disabled
allow_httpd_mod_auth_pam
allow_httpd_bugzilla_script_anon_write
httpd_enable_ftp_server
....(Uٲ)....
# AiHݨAD`hP httpd WhqwOI
|
qWڭ̥iHݨP httpd LȡAP˪ApGAQn즳 httpd r˪wʥOɡA
NiHϥΡy seinfo -t | grep httpd zӬdߤFIpGdߨOΪ̬OLȫAQnDԲӪWhɡA
Nonϥ sesearch oӫOFI
[root@www ~]# sesearch [-a] [-s DO] [-t ؼO] [-b L]
ﶵPѼơG
-a GCXOΥLȪҦT
-t G᭱٭nOAҦp -t httpd_t
-b G᭱٭nLȪWhAҦp -b httpd_enable_ftp_server
dҤ@GXؼɮ귽O httpd_sys_content_t T
[root@www ~]# sesearch -a -t httpd_sys_content_t
Found 74 av rules:
allow readahead_t httpd_sys_content_t : file { ioctl read getattr lock };
allow readahead_t httpd_sys_content_t : dir { ioctl read getattr lock search };
....(Uٲ)....
# y allow D{ǦwʥO ؼɮצwʥO z
# pWAoOiHQӥDD{ǪOŪAHΥؼɮ귽榡C
dҤGGXD{Ǭ httpd_t BؼɮO httpd ҦT
[root@www ~]# sesearch -s httpd_t -t httpd_* -a
Found 163 av rules:
....(ٲ)....
allow httpd_t httpd_sys_content_t : file { ioctl read getattr lock };
allow httpd_t httpd_sys_content_t : dir { ioctl read getattr lock search };
allow httpd_t httpd_sys_content_t : lnk_file { ioctl read getattr lock };
....(᭱ٲ)....
# qWƴNiHݥX{Ǭ httpd_t oOAOiHŪ
# httpd_sys_content_t I
|
AiHܻdߨYӥD{ (subject) iHŪؼɮ귽 (Object) A
qڭ̤WmߡAڭ̤]iHܻPNDA httpd_t iHŪ httpd_sys_content_t oI
pGOLȩOH̭SWdFHڭ̨ӬݬݥG
dҤTGڪDӥLȬ httpd_enable_homedirs AаݸӥLȳWdhֳWhH
[root@www ~]# sesearch -b httpd_enable_homedirs -a
Found 21 av rules:
allow httpd_t user_home_dir_t : dir { getattr search };
allow httpd_t cifs_t : file { ioctl read getattr lock };
allow httpd_t cifs_t : dir { ioctl read getattr lock search };
....(᭱ٲ)....
|
qoӥLȪ]wڭ̥iHݨ̭WdFD`hD{ǻPؼɮ귽P_I
ҥHADFAڳWdodzWhANOLȪذաI]NOڭ̤eһ@WhO]I
AD{ǯ_YǥؼɮisAPoӥLȫD`YI]LȥiHNWh]wҰ (1)
Ϊ̬O (0) աI
seinfo P sesearch XTAڭ̤]|oڪFƳOm /etc/selinux/targeted/policy/ UA
ƹWAҦP targetd TOm /etc/selinux/targeted ̭OI]AwʥTC
o@Uͨwʥ媺w]ȭקɡAڭ̦AӰQסC
Wڭ̳zL sesearch DFA Subject P Object _svAOPLȦA
tΦh֥LȥiHzL seinfo -b ӬdߡAACӥLȬOҰʪ٬OOHoNӬd߬ݬݧaG
[root@www ~]# getsebool [-a] [Lȱ]
ﶵPѼơG
-a GCXثetΤWҦLȱڳ]w}ҩ
dҤ@GdߥtΤҦLȳ]wp
[root@www ~]# getsebool -a
NetworkManager_disable_trans --> off
allow_console_login --> off
allow_cvs_read_shadow --> off
allow_daemons_dump_core --> on
....(Uٲ)....
# z@IoNiDAثeLȪAoI
|
pGdߨYӥLȡAåBH sesearch DӥLȪγ~AQnαҰʥLASӦpBmH
[root@www ~]# setsebool [-P] L=[0|1]
ﶵPѼơG
-P GN]wȼgJ]wɡAӳ]wƥӷ|ͮĪI
dҤ@Gd httpd_enable_homedirs O_AYALI
[root@www ~]# getsebool httpd_enable_homedirs
httpd_enable_homedirs --> on <==GO on ADNLI
[root@www ~]# setsebool -P httpd_enable_homedirs=0
[root@www ~]# getsebool httpd_enable_homedirs
httpd_enable_homedirs --> off
|
o setsebool ̦nOo@wn[W -P ﶵI]oˤ~N]wgJ]wɡI
oOD`ΪuաIA@wnDpϥ getsebool P setsebool ~I
ٰOoڭ̦bϥ restorecon ɽͨCӥؿɮ׳|w]wʥܡH
|qؿwʥAO]tΪ@ǪAȩҩmɮתؿwgOTwAMw]wʥzWKC
Apd߳oǥؿw]wʥOHNonϥ semanage oI
[root@www ~]# semanage {login|user|port|interface|fcontext|translation} -l
[root@www ~]# semanage fcontext -{a|d|m} [-frst] file_spec
ﶵPѼơG
fcontext GDnΦbwʥ譱γ~A -l dߪNF
-a GW[NAAiHW[@ǥؿw]wʥ]wF
-m Gק諸NF
-d GRNC
dҤ@Gdߤ@U /var/www/html w]wʥ]wI
[root@www ~]# semanage fcontext -l
SELinux fcontext type Context
....(eٲ)....
/var/www(/.*)? all files system_u:object_r:httpd_sys_content_t:s0
....(᭱ٲ)....
|
qWAڭ̪D semanage iHBzD`hȡALAboӤp`ڭ̥DnQAѪOCӥؿw]wʥC
pWdҤ@ҥܡAڭ̥iHdߪCӥؿwʥաIӥؿ]wiHϥWܪkhw@ӽdCpGڭ̷QnW[YǦۭqؿwʥOH
|ҨӻAڷQnq /srv/samba public_content_t ɡAӦpwOH
dҤGGQ semanage ]w /srv/samba ؿw]wʥ婴 public_content_t
[root@www ~]# mkdir /srv/samba
[root@www ~]# ll -Zd /srv/samba
drwxr-xr-x root root root:object_r:var_t /srv/samba
# pWҥܡAw]pӬO var_t oөNNI
[root@www ~]# semanage fcontext -l | grep '/srv'
/srv/.* all files system_u:object_r:var_t:s0
/srv/([^/]*/)?ftp(/.*)? all files system_u:object_r:public_content_t:s0
/srv/([^/]*/)?www(/.*)? all files system_u:object_r:httpd_sys_content_t:s0
/srv/([^/]*/)?rsync(/.*)? all files system_u:object_r:public_content_t:s0
/srv/gallery2(/.*)? all files system_u:object_r:httpd_sys_content_t:s0
/srv directory system_u:object_r:var_t:s0 <==ݳo̡I
# WhOw] /srv UwʥơALAèSw /srv/samba
[root@www ~]# semanage fcontext -a -t public_content_t "/srv/samba(/.*)?"
[root@www ~]# semanage fcontext -l | grep '/srv/samba'
/srv/samba(/.*)? all files system_u:object_r:public_content_t:s0
[root@www ~]# cat /etc/selinux/targeted/contexts/files/file_contexts.local
# This file is auto-generated by libsemanage
# Please use the semanage command to make changes
/srv/samba(/.*)? system_u:object_r:public_content_t:s0
# NOgJoɮתoI ^_^
[root@www ~]# restorecon -Rv /srv/samba* <==ի_w]
[root@www ~]# ll -Zd /srv/samba
drwxr-xr-x root root system_u:object_r:public_content_t /srv/samba/
# w]ȡAH restorecon ӭק²I
|
semanage \ܦhALDnΨ쪺Ȧ fcontext oӶتʧ@ӤwCpWҥܡA
AiHϥ semanage ӬdߩҦؿw]ȡA]ϥΥLӼW[w]Ȫ]wIpGzǷ|oǰ¦uA
SELinux AӻA]ONNoI