查看CPU 内存 硬盘 网络 查看进程使用的文件 uptime top ps -aux vmstat iostat iotop nload iptraf nethogs
#安装命令
yum install sysstat #包含 iostat vmstat
yum install iotop
yum install nload
yum install iptraf
yum install nethogs
#使用命令
1:yum install sysstat #包含 iostat vmstat
[root@LAMP log]# iostat -k #以K大小显示。-m 以M大小显示
Linux 2.6.32-642.13.1.el6.x86_64 (LAMP) 02/28/2017 _x86_64_ (1 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle 2.71 0.00 1.44 0.54 0.00 95.30
Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn scd0 0.00 0.01 0.00 44 0 sda 12.67 235.07 279.01 1043529 1238600
[root@LAMP log]# vmstat
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu----- r b swpd free buff cache si so bi bo in cs us sy id wa st 1 0 7096 163132 83924 376336 0 2 235 279 98 114 3 1 95 1 0 [root@LAMP log]#
2:yum install iotop
[root@LAMP log]# iotop #实时显示进程硬盘读写
Total DISK READ: 0.00 B/s | Total DISK WRITE: 0.00 B/s
TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND
1 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % init
2 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kthreadd]
3 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [migration/0]
4 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [ksoftirqd/0]
5 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [stopper/0]
6 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [watchdog/0
3:yum install nload ;yum install iptraf ; yum install nethogs
[root@LAMP ~]# nload 总的网络实时监控
[root@LAMP ~]# iptraf 网络带宽进程的实时监控
[root@LAMP log]# nethogs 网络带宽进程的实时监控
ionice iostat硬盘读写信息 iotop 磁盘进程实时读写
[root@LAMP ~]# vmstat 内存,cpu 信息
ps -aux --sort -pcpu|less 查看CPU按从大到小的排序
ps -aux --sort -rss|less 查看内存按从大到小排序
[root@LAMP ~]# iostat
Linux 2.6.32-642.13.1.el6.x86_64 (LAMP) 02/27/2017 _x86_64_ (1 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle 0.15 0.00 0.42 0.04 0.00 99.39
Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn scd0 0.00 0.04 0.00 88 0 sda 1.17 53.35 4.23 127842 10136
[root@LAMP ~]# vmstat
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu----- r b swpd free buff cache si so bi bo in cs us sy id wa st 0 0 0 707400 22496 40588 0 0 27 2 29 56 0 0 99 0 0
#ton -n 1
Tasks: 72 total, 1 running, 71 sleeping, 0 stopped, 0 zombie Cpu(s): 0.1%us, 0.4%sy, 0.0%ni, 99.4%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 1004132k total, 296748k used, 707384k free, 22496k buffers Swap: 2097148k total, 0k used, 2097148k free, 40588k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 1 root 20 0 19232 1512 1232 S 0.0 0.2 0:01.27 init 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd 3 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
#top
1:M:内存大小排序
2:P:CPU大小排序
3:u:输入用户可以按用户查看
4:1:查看CPU 核数
5:top -p 进程ID 单独查看一个进程作态
#查看木马程序的绝对路径
[root@LAMP ~]# cat /root/back.sh
#!/bin/bash
sleep 2000
[root@LAMP ~]# sh /root/back.sh &
[2] 4585
[root@LAMP ~]#
ps -aux
lsof -p 进程号
[root@LAMP ~]# lsof -p 4072
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sh 4072 root cwd DIR 8,2 4096 917505 /root
sh 4072 root rtd DIR 8,2 4096 2 /
sh 4072 root txt REG 8,2 906312 664508 /bin/bash
sh 4072 root mem REG 8,2 99160384 273218 /usr/lib/locale/locale-archive
sh 4072 root mem REG 8,2 1923352 131087 /lib64/libc-2.12.so
sh 4072 root mem REG 8,2 19536 131093 /lib64/libdl-2.12.so
sh 4072 root mem REG 8,2 132408 131129 /lib64/libtinfo.so.5.7
sh 4072 root mem REG 8,2 154664 131076 /lib64/ld-2.12.so
sh 4072 root mem REG 8,2 26060 263587 /usr/lib64/gconv/gconv-modules.cache
sh 4072 root 0u CHR 136,1 0t0 4 /dev/pts/1
sh 4072 root 1u CHR 136,1 0t0 4 /dev/pts/1
sh 4072 root 2u CHR 136,1 0t0 4 /dev/pts/1
sh 4072 root 255r REG 8,2 23 953082 /root/back.sh
[root@LAMP ~]# iotop --help 查看进程硬盘 实时读写速度
Usage: /usr/sbin/iotop [OPTIONS]
DISK READ and DISK WRITE are the block I/O bandwidth used during the sampling period. SWAPIN and IO are the percentages of time the thread spent respectively while swapping in and waiting on I/O more generally. PRIO is the I/O priority at which the thread is running (set using the ionice command).
Controls: left and right arrows to change the sorting column, r to invert the sorting order, o to toggle the --only option, p to toggle the --processes option, a to toggle the --accumulated option, q to quit, any other key to force a refresh.
Options: --version show program's version number and exit -h, --help show this help message and exit -o, --only only show processes or threads actually doing I/O -b, --batch non-interactive mode -n NUM, --iter=NUM number of iterations before ending [infinite] -d SEC, --delay=SEC delay between iterations [1 second] -p PID, --pid=PID processes/threads to monitor [all] -u USER, --user=USER users to monitor [all] -P, --processes only show processes, not all threads -a, --accumulated show accumulated I/O instead of bandwidth -k, --kilobytes use kilobytes instead of a human friendly unit -t, --time add a timestamp on each line (implies --batch) -q, --quiet suppress some lines of header (implies --batch)