Checking running Process on the server. [ ps, pstree ]
ps
This command is used to check the process running on the server. " ps " command will list all the running process with there respective process ID.
Example:
root@server [~]$ ps
PID TTY TIME CMD
22438 pts/3 00:00:00 su
22439 pts/3 00:00:00 bash
22517 pts/3 00:00:00 psUse the following option to get more process information from the " ps " commands,
root@server [~]$ ps -aux
root@server [~]$ ps
PID TTY TIME CMD
22438 pts/3 00:00:00 su
22439 pts/3 00:00:00 bash
22517 pts/3 00:00:00 psUse the following option to get more process information from the " ps " commands,
root@server [~]$ ps -aux
Also you can grep any particular process on the server.
root@server [~]$ ps -aux | grep exim
root@server [~]$ ps -aux | grep exim
pstree
This command is also used the check the process on the server. " pstree " command will list all the running process in the form of a tree structure.
Example:
root@server [~]$ pstree
init─┬─agetty
├─antirelayd
├─bdflush
├─chkservd
├─4*[courierlogger───couriertcpd]
├─courierlogger───authdaemond───5*[authdaemond───authProg]
├─cpanellogd
├─cpdavd
├─cphulkd.pl
├─cpsrvd-ssl───cpsrvd-ssl
├─crond
├─entropychat
├─exim───exim─┬─3*[exim]
│ └─spamc
├─2*[exim]
├─exim───20*[exim]
├─eximstats
├─hpt_wt
├─httpd───56*[httpd]
├─interchange
├─keventd
├─7*[kjournald]
├─klogd
├─ksoftirqd_CPU0
├─ksoftirqd_CPU1
├─ksoftirqd_CPU2
├─ksoftirqd_CPU3
├─kswapd
├─kupdated
├─mailmanctl───8*[python2.4]
├─mdrecoveryd
├─6*[mingetty]
├─mysqld_safe───mysqld───mysqld───26*[mysqld]
├─named───named───6*[named]
├─portsentry
├─pure-authd
├─pure-ftpd
├─10*[python2.4]
├─scsi_eh_0
├─spamd───2*[spamd]
├─ssh
├─sshd─┬─sshd───sshd───bash───su───bash
│ └─sshd───sshd───bash───su───bash───pstree
├─syslogd
└─xinetd
root@server [~]$ pstree
init─┬─agetty
├─antirelayd
├─bdflush
├─chkservd
├─4*[courierlogger───couriertcpd]
├─courierlogger───authdaemond───5*[authdaemond───authProg]
├─cpanellogd
├─cpdavd
├─cphulkd.pl
├─cpsrvd-ssl───cpsrvd-ssl
├─crond
├─entropychat
├─exim───exim─┬─3*[exim]
│ └─spamc
├─2*[exim]
├─exim───20*[exim]
├─eximstats
├─hpt_wt
├─httpd───56*[httpd]
├─interchange
├─keventd
├─7*[kjournald]
├─klogd
├─ksoftirqd_CPU0
├─ksoftirqd_CPU1
├─ksoftirqd_CPU2
├─ksoftirqd_CPU3
├─kswapd
├─kupdated
├─mailmanctl───8*[python2.4]
├─mdrecoveryd
├─6*[mingetty]
├─mysqld_safe───mysqld───mysqld───26*[mysqld]
├─named───named───6*[named]
├─portsentry
├─pure-authd
├─pure-ftpd
├─10*[python2.4]
├─scsi_eh_0
├─spamd───2*[spamd]
├─ssh
├─sshd─┬─sshd───sshd───bash───su───bash
│ └─sshd───sshd───bash───su───bash───pstree
├─syslogd
└─xinetd
root@server [~]$ pstree -p
init(1)─┬─agetty(7480)
├─antirelayd(8658)
├─bdflush(8)
├─chkservd(6224)
├─courierlogger(6833)───couriertcpd(6834)
├─courierlogger(6840)───couriertcpd(6841)
├─courierlogger(6846)───couriertcpd(6847)
├─courierlogger(6852)───couriertcpd(6853)
├─courierlogger(6858)───authdaemond(6859)─┬─authdaemond(6873)
│ ├─authdaemond(6874)───authProg(26164)
│ ├─authdaemond(6875)───authProg(17488)
│ ├─authdaemond(6876)───authProg(8194)
│ └─authdaemond(6877)───authProg(29956)
init(1)─┬─agetty(7480)
├─antirelayd(8658)
├─bdflush(8)
├─chkservd(6224)
├─courierlogger(6833)───couriertcpd(6834)
├─courierlogger(6840)───couriertcpd(6841)
├─courierlogger(6846)───couriertcpd(6847)
├─courierlogger(6852)───couriertcpd(6853)
├─courierlogger(6858)───authdaemond(6859)─┬─authdaemond(6873)
│ ├─authdaemond(6874)───authProg(26164)
│ ├─authdaemond(6875)───authProg(17488)
│ ├─authdaemond(6876)───authProg(8194)
│ └─authdaemond(6877)───authProg(29956)
Load on a server [ top, w , uptime ]
top
This command is used to find the load on the server. " top " command can also be used to find the process and users that causes load on the server. It gives information about the total process, sleeping process, the zombie process etc.
Example:
root@server [~]$ top -cd3
11:32:03 up 15 days, 23:57, 2 users, load average: 4.95, 5.13, 5.94
root@server [~]$ top -c
top - 07:08:05 up 59 min, 3 users, load average: 1.07, 1.03, 0.98
Tasks: 126 total, 2 running, 124 sleeping, 0 stopped, 0 zombie
Cpu(s): 35.1%us, 5.4%sy, 0.0%ni, 41.9%id, 16.9%wa, 0.0%hi, 0.7%si, 0.0%st
Mem: 507680k total, 491248k used, 16432k free, 2336k buffers
Swap: 1477940k total, 192688k used, 1285252k free, 136372k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
3534 root 20 0 386m 121m 13m S 17.6 24.6 10:46.13 /usr/lib/firefox-3.6.10/firefox-bin
2558 root 20 0 212m 30m 8256 R 9.5 6.2 3:20.31 /usr/X11R6/bin/X :0 -br -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7
3399 root 20 0 22332 8672 5612 S 4.1 1.7 0:07.63 /usr/bin/metacity --replace
6346 root 20 0 103m 22m 16m S 2.0 4.5 0:05.58 /opt/google/chrome/chrome --type=plugin --plugin-path=/opt/google/chrome/libgcflashplayer.so --lang=en-US --plugin-d
6381 root 20 0 2452 1184 904 R 0.7 0.2 0:00.05 top -c
1 root 20 0 3088 396 344 S 0.0 0.1 0:01.28 /sbin/init
2 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 [kthreadd]
3 root RT -5 0 0 0 S 0.0 0.0 0:00.00 [migration/0]
4 root 15 -5 0 0 0 S 0.0 0.0 0:00.12 [ksoftirqd/0]
5 root RT -5 0 0 0 S 0.0 0.0 0:00.00 [watchdog/0]
FUSER Command :
This command is used to see how many number of users are using http process at the same time.
root@server [~]$ fuser -v /hsphere/shared/apache2/bin/httpd.prrefork
USER PID ACCESS COMMAND
/hsphere/shared/apache2/bin/httpd.prefork
root 17392 ...e. httpd.prefork
httpd 23461 ...e. httpd.prefork
httpd 24865 ...e. httpd.prefork
httpd 25090 ...e. httpd.prefork
httpd 25131 ...e. httpd.prefork
httpd 25132 ...e. httpd.prefork
httpd 25329 ...e. httpd.prefork
httpd 25330 ...e. httpd.prefork
httpd 25370 ...e. httpd.prefork
httpd 25372 ...e. httpd.prefork
httpd 25376 ...e. httpd.prefork
httpd 25377 ...e. httpd.prefork
httpd 25378 ...e. httpd.prefork
w
This command is also find the load and users on the server. " w " command will provide a brief description about the load, time, number of users and the uptime of the server.
Example:
root@server [~]$ w
11:39:18 up 16 days, 4 min, 2 users, load average: 5.33, 5.37, 5.74
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
user1 pts/0 user - ip1 8:26am 3:13m 0.09s 0.00s sshd: user1 [priv]
user2 pts/3 user - ip2 11:09am 0.00s 0.13s 0.02s sshd: user2 [priv]
uptime
This command gives the basic information about the uptime and load of the server.
Example:
root@server [~]$ uptime
11:42:52 up 16 days, 8 min, 2 users, load average: 4.91, 5.35, 5.67
From the above example you can find the load and the number of days server running with out failure etc..
Killing process on a server [ kill, pkill, killall -9 ]
kill
This command is used to kill a running process on the server. You need to process id to execute the kill command. Consider you run " pstree -p " which will list all the process with its respective process id. To kill a particular process use the command " kill <process-id> ".
Example:
root@server [~]$ kill 27209
or
root@server [~]$ kill -9 27209
The above command will kill the process id 27209.
pkill
This command will kill the child processes of a particular process. Consider you want kill httpd on the server.
Example:
root@server [~]$ pkill httpd
or
root@server [~]$ pkill -9 httpd
or
root@server [~]$ pkill -HUP httpd
The above command will only kill all the child process of " httpd ". Using this command the parent process will be running and all the child process will be killed.
killall
This command is used to kill all the processes ( parent process and child process ).
Example:
root@server [~]$ killall -9 httpd
root@server [~]$ fuser -k /hsphere/shared/apache2/bin/httpd.prrefork
To Kill ZOMBIE process
root@server [~]$ ps -el | grep 'Z'
The output of the above command will be something like this F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD 4 Z 0 668 4243 0 78 0 - 0 exit ? 00:09:39 VV <defun> 4 Z 0 1403 4243 0 78 0 - 0 exit ? 00:08:11 VV <defun> 4 Z 0 1613 4243 0 78 0 - 0 exit ? 00:09:43 VV <defun> 4 Z 0 2202 4243 0 78 0 - 0 exit ? 00:09:25 VV <defun> 4 Z 0 2382 4243 0 82 0 - 0 exit ? 00:08:07 VV <defun> 4 Z 0 2618 4243 0 78 0 - 0 exit ? 00:09:52 VV <defun> 4 Z 0 2714 4243 0 77 0 - 0 exit ? 00:09:51 VV <defun> 4 Z 0 2741 4243 0 78 0 - 0 exit ? 00:09:18 VV <defun> 4 Z 0 2956 4243 0 76 0 - 0 exit ? 00:07:41 VV <defun> 4 Z 0 3030 4243 0 75 0 - 0 exit ? 00:00:06 VV <defun> 4 Z 0 3125 4243 0 83 0 - 0 exit ? 00:08:09 VV <defun> 4 Z 0 3260 4243 0 83 0 - 0 exit ? 00:09:02 VV <defun> 4 Z 0 3480 4243 0 77 0 - 0 exit ? 00:09:37 VV <defun>
Checking the number of connection's to the server [ netstat, mysqladmin processlist ]
netstat
This command is used to find the number of connections to the server. " netstat " command will list all the connections using httpd, exim, ftp etc. You can grep the needed port and find the number of connections to a particular port. You can find the Local Address, Foreign Address, State, port etc of all the connections.
Example:
root@server [~]$ netstat -plan
or
root@server [~]$ netstat -plan | grep ":80"
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 15496/httpd
tcp 0 0 65.254.34.21:80 165.21.14.92:42469 SYN_RECV -
tcp 0 0 65.254.34.21:80 71.7.8.253:3922 SYN_RECV -
tcp 0 0 65.254.34.21:80 165.21.154.10:28343 SYN_RECV -
tcp 0 0 65.254.34.21:80 85.100.25.208:2157 TIME_WAIT -
mysqladmin processlist
This command is used to find the connections to the mysql database. It gives information about Id, User, Host, db, Command, Time, State and Info of a mysql request to the server.
Example:
root@server [~]$ mysqladmin processlist
+--------+-----------------+-----------+-----------------------------+---------+-------+-------+
| Id | User | Host | db | Command | Time | State | Info |
+--------+-----------------+-----------+-----------------------------+---------+-------+-------+
| 186678 | mfjengin_shops | localhost | mfjengin_rapid | Sleep | 28337 | | |
| 188706 | mfjengin_shops | localhost | mfjengin_rapid | Sleep | 27051 | | |
| 195090 | kronosho_usifu | localhost | kroho_sifu | Sleep | 23069 | | |
| 201227 | mfjengin_shops | localhost | mfjengin_rapid | Sleep | 19655 | |
Blocking IP [ apf, csf ]
APF and CSF are firewall software’s.
You can use these commands to block a particular IP from connecting to the server. This command is mainly used when you find too many connections from a particular IP. Normally too many connection might be a attack to the server. So it is important to block such IP before it interrupts the balance of the server.
Check which firewall is installed on your server and use it accordingly.
Example:
root@server [~]$ apf -d <IP>
or
root@server [~]$ csf -d <IP>
Checking the port if open or not [ telnet, nmap ]
telnet
TELNET (TELecommunication NETwork) is a network protocol used on the Internet. TELNET is a client-server protocol, based on a reliable connection-oriented transport. This command will help us to find if a particular port on the server is open or not.
Example:
root@server [~]$ telnet google.com 80
Trying 64.233.187.99...
Connected to google.com (64.233.187.99)
From the above example you could find that port 80 is open on google server. If we receive a " connection refused " signal, that mean's the particular port is not open on the server.
nmap
This command nmap is a Network exploration tool and a security scanner.
root@server [~]$ nmap localhost
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2003-06-09 21:55 IST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1674 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
734/tcp open unknown
Nmap finished: 1 IP address (1 host up) scanned in 0.117 seconds
Installing software’s [ yum ]
yum
This command is used to install software’s to the server without any dependences.
Example:
Yum install <software>
If you find any software’s missing on the server, you can directly install it using this yum command. It will install the particular software on the server without dependencies.
fuser -v /hsphere/shared/apache2/bin/httpd.prrefork
No comments:
Post a Comment