"I'm an egotistical bastard, and I name all my projects after myself.
First Linux, now git." ~ Linus Torvalds
1: 系统工具- netstat -w 5 -d (displays how many packets and bytes your system is processing)
-
netstat -na -f inet (view open network connections)
-
netstat -nb -f inet (display only connections with foreign systems)
-
-
netstat -m (An mbuf is a chunk of kernel memory used for networking)
-
netstat -s -f inet -p tcp (display system-wide statistics for each network protocol)
-
-
sockstat -4 (lists ports listening to the network)
vmstat -w 5 -n 1 (shows the current virtual memory statistics -n:显示磁盘数)- r:等待CPU b:等待Disk w:swap out( your memory is inadequate for the work )
- avm:虚拟内存用量 fre:空闲内存
- flt:page falts re:pages reused from cache pi:page in po:page out
- fr:how many pages are freed per second
- sr:how many pages are scanned per second
- da0:磁盘名称
- in:IRQ sy:system calls cs:context switches
- us:user task sy:system task id:idle
- (Having high fr and flt values can indicate lots of short-lived processes)
-
top (provides a good overview of system status, displaying information
- about CPU, memory, and disk usage)
- " m "键 Display either 'cpu' or 'io' statistics. Default is 'cpu'
- last pid: 被分配的pid数 load averages:1 5 15 平均负载 up:运行时间 当前时间
- 进程数目 和 进程状态 (被分配51039个pid? 程序重启会被重新分配pid!或者 有进程在不停的fork)
- CPU开销:user calls 优先级是否调整过 system calls IRQ 空闲时间
- wired memory: used for in-kernel data structures
- Disk I/O:
- # gstat (check disk activity, print statistics about GEOM disks; man 8 gstat)
- # man gstat
- SEE ALSO
- systat(1), geom(4), iostat(8), vmstat(8)
- HISTORY
- A gstat utility appeared in FreeBSD 5.0.
- FreeBSD 9.0 March 12, 2009 FreeBSD 9.0
- diskinfo — get information about disk device
- > diskinfo -ctv ada0
- ada0
- 512 # sectorsize
- 500107862016 # mediasize in bytes (465G)
- 976773168 # mediasize in sectors
- 0 # stripesize
- 0 # stripeoffset
- 969021 # Cylinders according to firmware.
- 16 # Heads according to firmware.
- 63 # Sectors according to firmware.
- 5VJ9ML6Q # Disk ident.
- I/O command overhead:
- time to read 10MB block 0.128603 sec = 0.006 msec/sector
- # stat (display file status)
- ps -axx (following processes)
- ps -ajx (following processes)
- ps -aux (following processes)
- A buffer is something that has yet to be "written" to disk. A cache is something that has been "read" from the disk and stored for later use.
-
2:lsof
- Show Your Network Connections
- # lsof -i (Show all connections with -i)
-
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
-
dhcpcd 6061 root 4u IPv4 4510 UDP *:bootpc
-
sshd 7703 root 3u IPv6 6499 TCP *:ssh (LISTEN)
-
sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)
-
- # lsof -iTCP (Show only TCP ,works the same for UDP)
-
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
-
sshd 7703 root 3u IPv6 6499 TCP *:ssh (LISTEN)
-
sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)
-
- # lsof -i :22 (-i :port shows all networking related to a given port)
-
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
-
sshd 7703 root 3u IPv6 6499 TCP *:ssh (LISTEN)
-
sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)
- # lsof -i@192.168.1.5 (To show connections to a specific host, use @host)
-
sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)
- # lsof -i@192.168.1.5:22 (Show connections based on the host and the port using @host:port
-
sshd 7892 root 3u IPv6 6757 TCP 10.10.1.5:ssh->192.168.1.5:49901 (ESTABLISHED)
-
- # lsof -i| grep LISTEN (Grepping for "LISTEN" shows what ports your system is
- waiting for connections on)
-
iTunes 400 daniel 16u IPv4 0x4575228 0t0 TCP *:daap (LISTEN)
-
- # lsof -i| grep ESTABLISHED (Grepping for "ESTABLISHED" shows current active connections)
-
firefox-b 169 daniel 49u IPv4 0t0 TCP 1.2.3.3:1863->1.2.3.4:http (ESTABLISHED)
-
Working with Users, Processes, and Files
-
You can also get information on various users, processes, and files on your system using lsof:
-
- # lsof -u daniel (Show what a given user has open using -u)
-
-
-- snipped --
-
Dock 155 daniel txt REG 14,2 2798436 823208 /usr/lib/libicucore.A.dylib
-
Dock 155 daniel txt REG 14,2 1580212 823126 /usr/lib/libobjc.A.dylib
-
Dock 155 daniel txt REG 14,2 2934184 823498 /usr/lib/libstdc++.6.0.4.dylib
-
Dock 155 daniel txt REG 14,2 132008 823505 /usr/lib/libgcc_s.1.dylib
-
Dock 155 daniel txt REG 14,2 212160 823214 /usr/lib/libauto.dylib
-
-- snipped --
-
- # lsof -c syslog-ng (See what files and network connections a command is using with -c)
-
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
-
syslog-ng 7547 root cwd DIR 3,3 4096 2 /
-
syslog-ng 7547 root rtd DIR 3,3 4096 2 /
-
syslog-ng 7547 root txt REG 3,3 113524 1064970 /usr/sbin/syslog-ng
-
syslog-ng 7547 root mem REG 0,0 0 [heap]
-
syslog-ng 7547 root mem REG 3,3 105435 850412 /lib/libpthread-2.4.so
-
syslog-ng 7547 root mem REG 3,3 1197180 850396 /lib/libc-2.4.so
-
syslog-ng 7547 root mem REG 3,3 59868 850413 /lib/libresolv-2.4.so
-
syslog-ng 7547 root mem REG 3,3 72784 850404 /lib/libnsl-2.4.so
-
syslog-ng 7547 root mem REG 3,3 32040 850414 /lib/librt-2.4.so
-
syslog-ng 7547 root mem REG 3,3 126163 850385 /lib/ld-2.4.so
-
-- snipped --
-
- # lsof /var/log/messages (Pointing to a file shows what's interacting with that file)
-
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
-
syslog-ng 7547 root 4w REG 3,3 217309 834024 /var/log/messages
-
- #lsof -p 10075 (The -p switch lets you see what a given process ID has open, which is good
- for learning more about unknown processes)
-
-- snipped --
-
sshd 10068 root mem REG 3,3 34808 850407 /lib/libnss_files-2.4.so
-
sshd 10068 root mem REG 3,3 34924 850409 /lib/libnss_nis-2.4.so
-
sshd 10068 root mem REG 3,3 26596 850405 /lib/libnss_compat-2.4.so
-
sshd 10068 root mem REG 3,3 200152 509940 /usr/lib/libssl.so.0.9.7
-
sshd 10068 root mem REG 3,3 46216 510014 /usr/lib/liblber-2.3
-
sshd 10068 root mem REG 3,3 59868 850413 /lib/libresolv-2.4.so
-
sshd 10068 root mem REG 3,3 1197180 850396 /lib/libc-2.4.so
-
sshd 10068 root mem REG 3,3 22168 850398 /lib/libcrypt-2.4.so
-
sshd 10068 root mem REG 3,3 72784 850404 /lib/libnsl-2.4.so
-
sshd 10068 root mem REG 3,3 70632 850417 /lib/libz.so.1.2.3
-
sshd 10068 root mem REG 3,3 9992 850416 /lib/libutil-2.4.so
-
-- snipped --
-
- # lsof -t -c Mail (The -t option returns just a PID)
-
350
- # ps aux | grep Mail
-
daniel 350 0.0 1.5 405980 31452 ?? S Mon07PM 2:50.28 /Applications/Mail.app
-
Advanced Usage
- # lsof -a -u daniel -i @1.1.1.1 (Using-a allows you to combine search terms, so the query
- below says, "show me everything running as daniel connected to 1.1.1.1")
-
bkdr 1893 daniel 3u IPv6 3456 TCP 10.10.1.10:1234->1.1.1.1:31337 (ESTABLISHED)
-
- # kill -HUP `lsof -t -c sshd` (Using the -t and -c options together you can HUP processes)
- # kill -9 `lsof -t -u daniel` (You can also use the -t with -u to kill everything a user has open)
-
- # lsof +L1 (lsof +L1 shows you all open files that have a link count less than 1,
- often indicative of a cracker trying to hide something)
-
(hopefully nothing)
3: find
- Basics
- # find . -name "*.jpg" (find by name)
-
# find . -user daniel (find by user)
-
# find . -type d (find by type)
-
# find ~/Movies/ -size +1024M (find by size)
-
# find /etc/ -user root -mtime 1 (find by Modification Time)
-
The checks you can use here are:
-
- -atime: when the file was last accessed
- -ctime: when the file's permissions were last changed
- -mtime: when the file's data was last modified
- -amin: when (in minutes) the file was last accessed
- -cmin: when (in minutes) the file's permissions were last changed
- -mmin: when (in minutes) the file's data was last modified
-
# find ~ -perm 777 (find by permissions)
- -nouser: shows output that's not associated with an existing userid
- -nogroup: shows output not associated with an existing groupid
- -links n: file has n links
- -newer file: file was modified more recently than file.
- -perm mode: file has mode permissions.
- Combinations
- # find . -user daniel -type f -name *.jpg (find .jpg images files owned by daniel)
- # find . -user daniel -type f -name *.jpg ! -name autumn* (!: exclude)
- # find /apps/ -user root -type f -amin -2 -name *.rb ( show me all ruby programs in /apps
- owned by root that have been accessed in the last two minutes)
- Combining find with exec and xargs
# find /bin/sbin -perm +7000 -exec ls -l {} \; (含有 SGID 或 SUID 或 SBIT 的 列出来!)
# find /bin/sbin -perm +6000 (具有 SUID 或 SGID 就列出 !)
# find / -perm -0002 (find all files on your system that are world writable)
# find / -nouser -print0 | xargs -0 rm (Collect files that are not owned by valid users and delete them)
Cookbook Examples Of find in action
# find ~/Desktop -name "*.jpg" -o -name "*.gif" -o -name "*.png" -print0 | \
xargs -0 mv --target-directory ~/Pictures (Clean the images off of your *nix desktop)
# find /your/webdir/ -type d -print0 | xargs -0 chmod 755
# find /your/webdir -type f | xargs chmod 644 (Correct the permissions on your web dir)
# find /etc -mtime -30 (list of files in /etc that have been modified since last month)
4: tr
- Basics
-
# tr a b < originalfile > newfile (all instances of the letter a into the letter b)
-
# tr 'a-z' 'A-Z' < originalfile > newfile (changing all lowercase to uppercase)
- # tr "[:lower:]" "[:upper:]" < originalfile > newfile
-
# echo "0123456789" | tr '0-9' 'a-z'
-
Deleting
-
# tr -d '\r' < windowsfile > nixfile (delete the carriage returns)
-
Squeezing
-
# tr -s '\n' < goodfile > betterfile
-
Cleaning Input
-
# tr -dc 'a-z A-Z \t \n '\32'' < input > output
-
Implementing ROT13
-
# echo "all your base are tired of this meme" | tr 'a-z' 'n-za-m'
阅读(1034) | 评论(0) | 转发(1) |