Archive for the tag 'Open'

How to use lsof command to Find Open Files

The lsof utility can help identify which files are being used by any given application, which network ports are open, and much more.

A process would show up in top or ps aux, but the executable may not seem to exist. Using lsof, we could hunt down the scripts or executables used to run the program. If we run just lsof, it will attempt to show all files (which includes network sockets, pipes and special files) that are open.

If we want to see all the open files owned by a process, we can use the -p option (for PID) like so:

lsof -p XXXXX

Just replace XXXXX with the process ID (PID) of the process you want to see. The output will show the command that has the file open, the PID, the user, the file descriptor, type, size of the file and the name of the file.

We can also see what files are open by users. Running lsof -u user will show all open files by processes owned by the user. You can also substitute the user ID (UID) for the username. If you want to eliminate a user from the listing, use ^user instead. The preceding caret will negate the selection, so the user will be ignored.

If we want to see what network sockets are owned by a particular user or process? Try ..

lsof -u user -a -i

That will show only the open TCP and UDP sockets. If we want to see what files are open over the network, use -i. This will show you which files and sockets are open, and their respective protocols, hostnames and so on. We can narrow network parameters down by IP version (-i4 for IPv4, -i6 for IPv6), protocol (UDP or TCP), and even hostname or port.

By default, lsof will look up hostnames, but we can turn this off using the -n option. It will run faster without needing to do name lookups.

lsof 4.81
latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man

How to find open sockets on your Linux server

Here we will look into lsof - list open file, and Nmap (“Network Mapper”)

Nmap is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts.

There are a number of methods that you can use to show open sockets at least:

lsof -U will list open sockets

nmap -sT -sU localhost will scan your local machine for open TCP or UDP ports

$ sudo nmap -sT -sU localhost

Starting Nmap 4.68 ( http://nmap.org ) at 2010-11-15 06:54 IST
Interesting ports on localhost (127.0.0.1):
Not shown: 3201 closed ports
PORT STATE SERVICE
123/udp open|filtered ntp
5353/udp open|filtered zeroconf

Nmap done: 1 IP address (1 host up) scanned in 4.003 seconds

netstat -a | grep LISTEN will show all listening sockets.

Nmap has lots of options, so we are going to focus on only some of them.

sudo nmap -sS -O 127.0.0.1

-sS
TCP SYN scan
-O
Enable Operating System detection

SBDavid

Error: rpmdb open failed

Error: rpmdb open failed

Error: rpmdb open failed

The “rpmdb open failed” error message is mostly received when the rpm databases __db.00* located under /var/lib/rpm directory are corrupted. This results in a “error: cannot open Packages database” message while installation/updatation of a package via yum.

[/var/lib/rpm]# ls -l *db*
-rw-r–r– 1 root root 0 Jul 20 21:45 __db.000
-rw-r–r– 1 root root 24576 Aug 4 09:25 __db.001
-rw-r–r– 1 root root 1318912 Aug 4 09:25 __db.002
-rw-r–r– 1 root root 450560 Aug 4 09:25 __db.003

The common fix is to delete the rpm databases and run rebuilddb, like

yum clean all
rm -f /var/lib/rpm/__db*
rpm –rebuilddb
yum update

However, in case of a VPS, yum may still not work with rebuilding rpm database and you have to try create a /dev/urandom device. Login to your VPS and execute

rm /dev/urandom
mknod -m 644 /dev/urandom c 1 9

[/dev]# ls -ld urandom
cr–r–r– 1 root root 1, 9 Jul 19 10:27 urandom

To fix the problem permanently, login to Hardware Node and execute:

vzctl stop VEID
mknod –mode 644 /vz/private/VEID/fs/root/dev/urandom c 1 9
vzctl start VEID

Unable to open configuration file /etc/psa/psa.conf: Permission denied

unable to open configuration file /etc/psa/psa.conf: Permission denied

Such errors are reported when Panel spam-filter processes incoming mail to mailbox with the Spamassasin feature enabled. Error is reported because spam-filter hook has no permission to access files in the /etc/psa directory. However, Spamassassin still processes messages correctly so this error does not mean Spamassassin is not working.

To workaround the issue it is possible to add the execute permissions for the /etc/psa folder.

chmod +x /etc/psa

Reference: http://parallels.com/

SBDavid

lsof - list open files example

To list all open files, use:

lsof

To list all open Internet, x.25 (HP-UX), and UNIX domain files, use:

lsof -i -U

To list all open IPv4 network files in use by the process whose PID is 1234, use:

lsof -i 4 -a -p 1234

Presuming the UNIX dialect supports IPv6, to list only open IPv6 network files, use:

lsof -i 6

To list all files using any protocol on ports 513, 514, or 515 of host wonderland.cc.pur-due.edu, use:

lsof -i @wonderland.cc.purdue.edu:513-515

To list all open files for login name “abe”, or user ID 1234, or process 456, or pro-cess 123, or process 789, use:

lsof -p 456,123,789 -u 1234,abe

To list all open files on device /dev/hd4, use:

lsof /dev/hd4

To find the process that has /u/abe/foo open, use:

lsof /u/abe/foo

To send a SIGHUP to the processes that have /u/abe/bar open, use:

kill -HUP `lsof -t /u/abe/bar`

To find any open file, including an open UNIX domain socket file, with the name /dev/log,use:

lsof /dev/log

Next »