Linuxコマンド集（障害対応編）

April 01, 2024 00:04

May 03, 2024 22:50

概要

仕事で障害対応をしないといけない際によく使用していたLinuxコマンドを備忘録としてまとめておきます。

汎用

コマンド	動作
`1find ${ディレクトリ名} -type ${f or d} -name ${ファイル名}`	指定したディレクトリから再帰的にファイル名を検索雑に検索範囲を広げすぎると検索に時間がかかってしまうが、ちゃんと指定してあげると結構使える `-type ${f or d}`：「f」なら検索対象をファイルに、「d」なら検索対象をディレクトリに限定する `-exec ${任意のコマンド} "{}" \;`：検索結果1つ1つに対してコマンドを実行する
`1cp -ipv ${コピー元} ${コピー先}.$(date "+%Y%m%d")`	コピーを行うコピー先のファイル名には末尾にyyyymmdd形式で日付が入る
`1journalctl -xe`	最新のログの詳細を表示 `-e`：最新のログを表示 `-x`：ログの詳細を表示
`1stat ${ファイル名}`	ファイルの編集日時やアクセス日時など詳細情報を見る `1$ stat test 2 File: test 3 Size: 56 Blocks: 8 IO Block: 4096 regular file 4Device: 820h/2080d Inode: 13012 Links: 1 5Access: (0644/-rw-r--r--) Uid: ( 1000/ kohno) Gid: ( 1000/ kohno) 6Access: 2023-09-07 08:09:46.791142899 +0900 7Modify: 2023-09-07 08:09:25.071132444 +0900 8Change: 2023-09-07 08:09:25.081132454 +0900 9 Birth: 2023-09-07 08:09:25.071132444 +0900`
`1last -10`	ユーザのログイン状況を10行のみ表示これでサーバ再起動時にはrebootがいるので再起動が発生したかどうかも分かったりする
`1less /home/${ユーザ名}/.bash_history`	指定したユーザの過去のコマンド入力履歴を表示上記のlastで怪しいと思ったらセットで使うこの中で表示されている数字はUNIX時間のこと。下に行くほど新しい
`1history`	過去の（自分の）コマンド入力履歴を表示
`1df -h`	ファイルシステムのディスク容量の使用状況を表示 `-h`：人が読みやすいように単位をつけて表示
`1df -ih`	inode容量確認 `-i`：inodeの容量を表示
`1du -shx ${ディレクトリパス}/* \| sort -hr \| head -n 10`	指定したディレクトリ以下のディスク使用率の高いファイルを高い順に10個表示 `-s`：ディレクトリの合計容量を表示 `-h`：人が読みやすいように単位をつけて表示 `-x`：別のファイルシステムのディレクトリを除外 `sort -hr`：単位を加味して降順に並べ替える `1# du -shx /* \| sort -hr \| head -n 10 2du: cannot access '/proc/149/task/149/fd/3': No such file or directory 3du: cannot access '/proc/149/task/149/fdinfo/3': No such file or directory 4du: cannot access '/proc/149/fd/3': No such file or directory 5du: cannot access '/proc/149/fdinfo/3': No such file or directory 61.1G /usr 7453M /var 8203M /home 95.5M /etc 105.1M /root 11620K /init 1224K /tmp 1316K /lost+found 1412K /run 154.0K /srv`
`1free -mh`	物理メモリとスワップメモリの使用率・空き容量を表示 `-m`：メガバイト単位で表示 `-h`：人が読みやすいように単位をつけて表示
`1ps -e aux \| sort -r -k 3 \| head -n 10`	CPU使用順プロセス表示 `ps -e`：すべてのプロセスを表示 `sort -r`：降順に並べる `sort -k 3`：3列目を指定 `head -n 10`：先頭10行を表示
`1sar -q`	`-q`：過去1分毎のLoadAverageの値を表示 `-b`：ディスクI/Oの使用状況 `-r`：メモリ使用率 `-W`：スワップの使用状況 `-u`：CPU使用状況 ※調べたい範囲を制限 `-s ${hh:mm:ss}`：指定時間以降のデータを表示 `-e ${hh:mm:ss}`：指定時間までのデータを表示
`1lscpu`	CPU情報の表示
`1netstat`	`:80`が多いとApache・Nginxの負荷が高い `:3306`ならMySQLの負荷が高い
`1netstat -antp` `1ss -antp`	`-a`：すべての接続を表示 `-n`：名前解決をスキップして数値で表示(外部アドレスをIPアドレス、プロトコルではなくポート番号で表示) `-t`：TCPプロトコルに関する接続情報のみを表示 `-p`：各接続に使用されているプログラム名とPIDを表示 1[root@www ~ 04:33:06]# netstat -antp 2Active Internet connections (servers and established) 3Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name 4tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2066/named 5tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2299/sshd 6tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 2932/postmaster 7tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3021/master 8tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2066/named 9tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 3120/zabbix_agentd 10tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 2282/snmpd 11tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2871/mysqld 12tcp 0 0 124.24.61.142:22 13.114.115.48:37314 ESTABLISHED 20652/sshd 13tcp 0 0 127.0.0.1:3306 127.0.0.1:48853 TIME_WAIT - 14tcp 0 96 124.24.61.142:22 13.114.115.48:44998 ESTABLISHED 19732/sshd 15tcp 0 0 127.0.0.1:48853 127.0.0.1:3306 TIME_WAIT - 16tcp 0 0 :::21 :::* LISTEN 3034/proftpd 17tcp 0 0 ::1:53 :::* LISTEN 2066/named 18tcp 0 0 :::22 :::* LISTEN 2299/sshd 19tcp 0 0 :::5432 :::* LISTEN 2932/postmaster 20tcp 0 0 ::1:953 :::* LISTEN 2066/named 21tcp 0 0 :::443 :::* LISTEN 900/httpd 22tcp 0 0 :::10050 :::* LISTEN 3120/zabbix_agentd 23tcp 0 0 :::8911 :::* LISTEN 900/httpd 24tcp 0 0 :::80 :::* LISTEN 900/httpd 25tcp 0 0 ::1:5432 ::1:54738 TIME_WAIT - 26tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:47.128.27.73:18844 TIME_WAIT - 27tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:47.128.27.73:18852 TIME_WAIT - 28tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:40.77.167.71:41479 TIME_WAIT - 29tcp 0 0 ::1:5432 ::1:54728 TIME_WAIT - 30tcp 0 0 ::1:5432 ::1:54744 TIME_WAIT - 31tcp 0 0 ::1:5432 ::1:54718 TIME_WAIT - 32tcp 0 0 ::ffff:124.24.61.142:80 ::ffff:121.111.22.82:54162 FIN_WAIT2 - 33tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:52.167.144.16:11225 TIME_WAIT - 34tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:17.241.75.112:57266 TIME_WAIT - 35tcp 0 0 ::1:5432 ::1:54737 TIME_WAIT - 36tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:133.201.68.64:25011 TIME_WAIT - 37tcp 0 0 ::1:5432 ::1:54736 TIME_WAIT - 38tcp 0 0 ::1:5432 ::1:54729 TIME_WAIT - 39tcp 0 0 ::1:5432 ::1:54730 TIME_WAIT - 40tcp 0 0 ::1:5432 ::1:54727 TIME_WAIT - 41tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:40.77.167.71:41498 TIME_WAIT - 42tcp 0 0 ::1:5432 ::1:54720 TIME_WAIT - 43tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:133.201.68.64:25010 TIME_WAIT - 44tcp 0 0 ::1:5432 ::1:54748 TIME_WAIT - 45tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:47.128.27.73:18856 TIME_WAIT - 46tcp 0 0 ::1:5432 ::1:54735 TIME_WAIT - 47tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:40.77.167.71:41501 TIME_WAIT - 48tcp 0 0 ::1:5432 ::1:54733 TIME_WAIT - 49tcp 0 0 ::1:54724 ::1:5432 TIME_WAIT - 50tcp 0 0 ::1:5432 ::1:54725 TIME_WAIT - 51tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:47.128.27.73:18842 TIME_WAIT - 52tcp 0 0 ::1:54726 ::1:5432 TIME_WAIT - 53tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:8.29.198.27:26915 TIME_WAIT - 54tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:133.201.68.64:25009 TIME_WAIT - 55tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:133.201.68.64:25012 TIME_WAIT - 56tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:47.128.27.73:12456 TIME_WAIT - 57tcp 0 0 ::1:5432 ::1:54740 TIME_WAIT - 58tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:47.128.27.73:18806 TIME_WAIT - 1[root@www ~ 04:33:07]# ss -antp 2State Recv-Q Send-Q Local Address:Port Peer Address:Port 3LISTEN 0 5 :::21 :::* users:(("proftpd",3034,0)) 4LISTEN 0 3 ::1:53 :::* users:(("named",2066,21)) 5LISTEN 0 3 127.0.0.1:53 : users:(("named",2066,20)) 6LISTEN 0 128 :::22 :::* users:(("sshd",2299,4)) 7LISTEN 0 128 :22 :* users:(("sshd",2299,3)) 8LISTEN 0 128 :::5432 :::* users:(("postmaster",2932,4)) 9LISTEN 0 128 :5432 :* users:(("postmaster",2932,3)) 10LISTEN 0 100 :25 :* users:(("master",3021,12)) 11LISTEN 0 128 ::1:953 :::* users:(("named",2066,23)) 12LISTEN 0 128 127.0.0.1:953 : users:(("named",2066,22)) 13LISTEN 0 128 :::443 :::* users:(("httpd",900,8),("httpd",17401,8),("httpd",17403,8),("httpd",17730,8),("httpd",18513,8),("httpd",18514,8),("httpd",24950,8),("httpd",27342,8),("httpd",32761,8)) 14LISTEN 0 128 :::10050 :::* users:(("zabbix_agentd",3120,5),("zabbix_agentd",3123,5),("zabbix_agentd",3124,5),("zabbix_agentd",3125,5),("zabbix_agentd",3126,5),("zabbix_agentd",3127,5)) 15LISTEN 0 128 :10050 :* users:(("zabbix_agentd",3120,4),("zabbix_agentd",3123,4),("zabbix_agentd",3124,4),("zabbix_agentd",3125,4),("zabbix_agentd",3126,4),("zabbix_agentd",3127,4)) 16LISTEN 0 128 127.0.0.1:199 : users:(("snmpd",2282,8)) 17LISTEN 0 50 :3306 :* users:(("mysqld",2871,25)) 18LISTEN 0 128 :::8911 :::* users:(("httpd",900,6),("httpd",17401,6),("httpd",17403,6),("httpd",17730,6),("httpd",18513,6),("httpd",18514,6),("httpd",24950,6),("httpd",27342,6),("httpd",32761,6)) 19LISTEN 0 128 :::80 :::* users:(("httpd",900,4),("httpd",17401,4),("httpd",17403,4),("httpd",17730,4),("httpd",18513,4),("httpd",18514,4),("httpd",24950,4),("httpd",27342,4),("httpd",32761,4)) 20ESTAB 0 0 124.24.61.142:22 13.114.115.48:37314 users:(("sshd",20652,3),("sshd",20666,3)) 21TIME-WAIT 0 0 127.0.0.1:3306 127.0.0.1:48853 22TIME-WAIT 0 0 ::1:5432 ::1:54738 23TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:47.128.27.73:18844 24TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:47.128.27.73:18852 25TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:40.77.167.71:41479 26TIME-WAIT 0 0 ::1:5432 ::1:54744 27TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:52.167.144.16:11225 28FIN-WAIT-2 0 0 ::ffff:124.24.61.142:443 ::ffff:116.94.212.74:36744 29TIME-WAIT 0 0 ::1:5432 ::1:54753 30TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:17.241.75.112:57266 31TIME-WAIT 0 0 ::1:5432 ::1:54737 32TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:124.24.61.142:53240 33ESTAB 0 0 ::ffff:124.24.61.142:80 ::ffff:116.94.212.74:46386 users:(("httpd",17403,20)) 34TIME-WAIT 0 0 ::1:5432 ::1:54736 35TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:133.201.68.64:25023 36ESTAB 0 96 124.24.61.142:22 13.114.115.48:44998 users:(("sshd",19732,3),("sshd",19751,3)) 37TIME-WAIT 0 0 ::1:5432 ::1:54748 38ESTAB 0 0 ::ffff:124.24.61.142:80 ::ffff:116.94.212.74:46392 users:(("httpd",17401,20)) 39TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:47.128.27.73:18856 40TIME-WAIT 0 0 ::1:5432 ::1:54735 41TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:40.77.167.71:41501 42TIME-WAIT 0 0 ::1:5432 ::1:54750 43TIME-WAIT 0 0 ::1:5432 ::1:54733 44TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:47.128.27.73:18842 45TIME-WAIT 0 0 ::1:54754 ::1:5432 46TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:8.29.198.27:26915 47TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:124.24.61.142:53241 48TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:47.128.27.73:12456 49TIME-WAIT 0 0 127.0.0.1:48853 127.0.0.1:3306 50TIME-WAIT 0 0 ::1:5432 ::1:54740 51TIME-WAIT 0 0 ::ffff:124.24.61.142:443 ::ffff:47.128.27.73:18806 -antpではないが、定型コマンドの下記から`185.216.178.23`が`CLOSE_WAIT`を大量に送信していることが分かる ⇒ Slowloris攻撃だと判断できる CLOSE_WAIT や TIME_WAIT で長時間放置は普通はおかしい 1[root@www ~ 03:52:18]# netstat -aepno 2Active Internet connections (servers and established) 3Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name Timer 4tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 10817 2066/named off (0.00/0/0) 5tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 11488 2299/sshd off (0.00/0/0) 6tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 26 12069 2932/postmaster off (0.00/0/0) 7tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 12271 3021/master off (0.00/0/0) 8tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 10822 2066/named off (0.00/0/0) 9tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 498 12700 3120/zabbix_agentd off (0.00/0/0) 10tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 0 11446 2282/snmpd off (0.00/0/0) 11tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 27 12009 2871/mysqld off (0.00/0/0) 12tcp 0 0 124.24.61.142:22 13.114.115.48:44998 ESTABLISHED 0 555337118 19732/sshd keepalive (7142.22/0/0) 13tcp 0 0 :::21 :::* LISTEN 99 12426 3034/proftpd off (0.00/0/0) 14tcp 0 0 ::1:53 :::* LISTEN 25 10819 2066/named off (0.00/0/0) 15tcp 0 0 :::22 :::* LISTEN 0 11490 2299/sshd off (0.00/0/0) 16tcp 0 0 :::5432 :::* LISTEN 26 12070 2932/postmaster off (0.00/0/0) 17tcp 0 0 ::1:953 :::* LISTEN 25 10823 2066/named off (0.00/0/0) 18tcp 0 0 :::443 :::* LISTEN 0 314028896 18649/httpd off (0.00/0/0) 19tcp 0 0 :::10050 :::* LISTEN 498 12701 3120/zabbix_agentd off (0.00/0/0) 20tcp 0 0 :::8911 :::* LISTEN 0 314028891 18649/httpd off (0.00/0/0) 21tcp 0 0 :::80 :::* LISTEN 0 314028886 18649/httpd off (0.00/0/0) 22tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53672 CLOSE_WAIT 48 555329395 19237/httpd keepalive (6411.92/0/0) 23tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49314 CLOSE_WAIT 48 555329204 19137/httpd keepalive (6408.33/0/0) 24tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33956 CLOSE_WAIT 48 555329730 19128/httpd keepalive (6427.63/0/0) 25tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53790 CLOSE_WAIT 48 555329500 19167/httpd keepalive (6417.68/0/0) 26tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:44558 CLOSE_WAIT 48 555327579 19107/httpd keepalive (6369.73/0/0) 27tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36804 CLOSE_WAIT 48 555329921 19087/httpd keepalive (6437.83/0/0) 28tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49226 CLOSE_WAIT 48 555328896 19123/httpd keepalive (6399.03/0/0) 29tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33966 CLOSE_WAIT 48 555329734 19110/httpd keepalive (6427.69/0/0) 30tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33936 CLOSE_WAIT 48 555329715 19052/httpd keepalive (6426.24/0/0) 31tcp 32 17376 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:42882 CLOSE_WAIT 48 555327862 19146/httpd on (15.34/6/0) 32tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53674 CLOSE_WAIT 48 555329396 19176/httpd keepalive (6413.70/0/0) 33tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36434 CLOSE_WAIT 48 555329756 19046/httpd keepalive (6429.09/0/0) 34tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36758 CLOSE_WAIT 48 555329885 19108/httpd keepalive (6436.19/0/0) 35tcp 518 0 ::ffff:124.24.61.142:443 ::ffff:49.104.0.217:50118 CLOSE_WAIT 0 0 - keepalive (7142.17/0/0) 36tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33106 CLOSE_WAIT 48 555328850 19149/httpd keepalive (6397.64/0/0) 37tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:48590 CLOSE_WAIT 48 555329951 19109/httpd keepalive (6439.14/0/0) 38tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33970 CLOSE_WAIT 48 555329735 19114/httpd keepalive (6427.76/0/0) 39tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33974 CLOSE_WAIT 48 555329742 19187/httpd keepalive (6427.83/0/0) 40tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53764 CLOSE_WAIT 48 555329522 19205/httpd keepalive (6417.85/0/0) 41tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:32976 CLOSE_WAIT 48 555328612 19120/httpd keepalive (6389.82/0/0) 42tcp 518 0 ::ffff:124.24.61.142:443 ::ffff:49.104.0.217:50106 CLOSE_WAIT 48 555337207 19105/httpd keepalive (7120.34/0/0) 43tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53682 CLOSE_WAIT 48 555329404 19163/httpd keepalive (6413.78/0/0) 44tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36776 CLOSE_WAIT 48 555329919 19147/httpd keepalive (6437.77/0/0) 45tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53642 CLOSE_WAIT 48 555329359 19088/httpd keepalive (6409.66/0/0) 46tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49228 CLOSE_WAIT 48 555329095 19084/httpd keepalive (6401.86/0/0) 47tcp 294 0 ::ffff:124.24.61.142:443 ::ffff:106.185.190.10:51858 ESTABLISHED 0 0 - keepalive (7185.00/0/0) 48tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49002 CLOSE_WAIT 48 555329000 19102/httpd keepalive (6399.92/0/0) 49tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53720 CLOSE_WAIT 48 555329421 19129/httpd keepalive (6415.36/0/0) 50tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49060 CLOSE_WAIT 48 555329043 19125/httpd keepalive (6399.94/0/0) 51tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:43104 CLOSE_WAIT 48 555328364 19183/httpd keepalive (6379.99/0/0) 52tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33108 CLOSE_WAIT 48 555328872 19135/httpd keepalive (6397.92/0/0) 53tcp 518 0 ::ffff:124.24.61.142:443 ::ffff:106.155.10.169:61901 CLOSE_WAIT 0 0 - keepalive (7162.67/0/0) 54tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53582 CLOSE_WAIT 48 555329217 19132/httpd keepalive (6408.95/0/0) 55tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36762 CLOSE_WAIT 48 555329892 19103/httpd keepalive (6436.96/0/0) 56tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:60992 CLOSE_WAIT 48 555328629 19177/httpd keepalive (6389.84/0/0) 57tcp 209 0 ::ffff:124.24.61.142:443 ::ffff:47.128.113.73:14642 CLOSE_WAIT 0 0 - keepalive (7168.21/0/0) 58tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33904 CLOSE_WAIT 48 555329680 19238/httpd keepalive (6425.38/0/0) 59tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36748 CLOSE_WAIT 48 555329883 19094/httpd keepalive (6435.38/0/0) 60tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33920 CLOSE_WAIT 48 555329712 19134/httpd keepalive (6425.50/0/0) 61tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33986 CLOSE_WAIT 48 555329749 19188/httpd keepalive (6428.31/0/0) 62tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53602 CLOSE_WAIT 48 555329266 19122/httpd keepalive (6409.17/0/0) 63tcp 518 0 ::ffff:124.24.61.142:443 ::ffff:106.155.10.169:61902 CLOSE_WAIT 0 0 - keepalive (7162.85/0/0) 64tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36732 CLOSE_WAIT 48 555329868 19104/httpd keepalive (6434.45/0/0) 65tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:60970 CLOSE_WAIT 48 555328682 19244/httpd keepalive (6390.05/0/0) 66tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:60978 CLOSE_WAIT 48 555328704 19181/httpd keepalive (6390.25/0/0) 67tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36448 CLOSE_WAIT 48 555329766 19199/httpd keepalive (6429.27/0/0) 68tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49310 CLOSE_WAIT 48 555329190 19121/httpd keepalive (6407.93/0/0) 69tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33874 CLOSE_WAIT 48 555329619 19227/httpd keepalive (6423.82/0/0) 70tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33940 CLOSE_WAIT 48 555329716 19185/httpd keepalive (6426.94/0/0) 71tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33748 CLOSE_WAIT 48 555329545 19196/httpd keepalive (6419.03/0/0) 72tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:32780 CLOSE_WAIT 48 555328683 19246/httpd keepalive (6390.05/0/0) 73tcp 539 0 ::ffff:124.24.61.142:443 ::ffff:13.114.115.48:26282 CLOSE_WAIT 0 0 - keepalive (7166.51/0/0) 74tcp 0 0 ::1:54016 ::1:5432 ESTABLISHED 48 555336091 19146/httpd keepalive (7045.01/0/0) 75tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:43186 CLOSE_WAIT 48 555328459 19200/httpd keepalive (6386.19/0/0) 76tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53694 CLOSE_WAIT 48 555329413 19116/httpd keepalive (6414.83/0/0) 77tcp 517 0 ::ffff:124.24.61.142:443 ::ffff:86.48.13.70:54116 ESTABLISHED 0 0 - keepalive (7143.85/0/0) 78tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:44538 CLOSE_WAIT 48 555327660 19124/httpd keepalive (6369.93/0/0) 79tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36474 CLOSE_WAIT 48 555329781 19131/httpd keepalive (6429.47/0/0) 80tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53692 CLOSE_WAIT 48 555329412 19113/httpd keepalive (6414.47/0/0) 81tcp 603 0 ::ffff:124.24.61.142:443 ::ffff:13.114.115.48:6837 CLOSE_WAIT 0 0 - keepalive (7166.55/0/0) 82tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:48932 CLOSE_WAIT 48 555328938 19239/httpd keepalive (6399.32/0/0) 83tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36718 CLOSE_WAIT 48 555329854 19175/httpd keepalive (6433.64/0/0) 84tcp 0 0 ::1:5432 ::1:54016 ESTABLISHED 26 555336092 19673/postgres: prw keepalive (7045.01/0/0) 85tcp 350 0 ::ffff:124.24.61.142:443 ::ffff:40.77.167.38:53258 ESTABLISHED 0 0 - keepalive (7191.68/0/0) 86tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:32812 CLOSE_WAIT 48 555328687 19092/httpd keepalive (6390.23/0/0) 87tcp 351 0 ::ffff:124.24.61.142:443 ::ffff:40.77.167.79:56868 CLOSE_WAIT 0 0 - keepalive (7160.41/0/0) 88tcp 0 0 ::ffff:124.24.61.142:80 ::ffff:40.77.167.79:56844 TIME_WAIT 0 0 - timewait (15.64/0/0) 89tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36780 CLOSE_WAIT 48 555329906 19133/httpd keepalive (6437.61/0/0) 90tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49182 CLOSE_WAIT 48 555329036 19089/httpd keepalive (6399.94/0/0) 91tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53750 CLOSE_WAIT 48 555329449 19093/httpd keepalive (6416.95/0/0) 92tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:44368 CLOSE_WAIT 48 555327497 19086/httpd keepalive (6369.00/0/0) 93tcp 0 0 ::ffff:124.24.61.142:80 ::ffff:13.114.115.48:18688 TIME_WAIT 0 0 - timewait (51.43/0/0) 94tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:48920 CLOSE_WAIT 48 555328931 19201/httpd keepalive (6399.23/0/0) 95tcp 0 0 ::1:54039 ::1:5432 TIME_WAIT 0 0 - timewait (10.03/0/0) 96tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36438 CLOSE_WAIT 48 555329764 19186/httpd keepalive (6429.21/0/0) 97tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36744 CLOSE_WAIT 48 555329876 19203/httpd keepalive (6434.90/0/0) 98tcp 321 0 ::ffff:124.24.61.142:443 ::ffff:85.208.96.208:48552 ESTABLISHED 0 0 - keepalive (7164.53/0/0) 99tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49246 CLOSE_WAIT 48 555329110 18649/httpd keepalive (6403.83/0/0) 100tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49008 CLOSE_WAIT 48 555329057 19106/httpd keepalive (6399.94/0/0) 101tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49272 CLOSE_WAIT 48 555329145 19050/httpd keepalive (6405.41/0/0) 102tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:125.193.148.96:20445 TIME_WAIT 0 0 - timewait (26.28/0/0) 103tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:44330 CLOSE_WAIT 48 555327474 19083/httpd keepalive (6368.79/0/0) 104tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36790 CLOSE_WAIT 48 555329907 19099/httpd keepalive (6437.67/0/0) 105tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:43032 CLOSE_WAIT 48 555328363 19182/httpd keepalive (6379.98/0/0) 106tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33040 CLOSE_WAIT 48 555328636 19231/httpd keepalive (6389.84/0/0) 107tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33944 CLOSE_WAIT 48 555329724 19112/httpd keepalive (6427.55/0/0) 108tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:43130 CLOSE_WAIT 48 555328434 19195/httpd keepalive (6385.36/0/0) 109tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36458 CLOSE_WAIT 48 555329780 19184/httpd keepalive (6429.40/0/0) 110tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:44672 CLOSE_WAIT 48 555327668 19130/httpd keepalive (6370.12/0/0) 111tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:43128 CLOSE_WAIT 48 555328413 19194/httpd keepalive (6385.28/0/0) 112tcp 517 0 ::ffff:124.24.61.142:443 ::ffff:36.240.188.19:4390 ESTABLISHED 0 0 - keepalive (7196.36/0/0) 113tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53796 CLOSE_WAIT 48 555329529 19206/httpd keepalive (6417.91/0/0) 114tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36450 CLOSE_WAIT 48 555329773 19148/httpd keepalive (6429.34/0/0) 115tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49250 CLOSE_WAIT 48 555329123 19111/httpd keepalive (6404.53/0/0) 116tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33066 CLOSE_WAIT 48 555328754 19141/httpd keepalive (6395.36/0/0) 117tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36810 CLOSE_WAIT 48 555329930 19127/httpd keepalive (6438.26/0/0) 118tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49052 CLOSE_WAIT 48 555329001 19192/httpd keepalive (6399.93/0/0) 119tcp 602 0 ::ffff:124.24.61.142:443 ::ffff:13.114.115.48:24045 ESTABLISHED 0 0 - keepalive (7197.57/0/0) 120tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:42768 CLOSE_WAIT 48 555327924 19101/httpd keepalive (6379.78/0/0) 121tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49274 CLOSE_WAIT 48 555329158 19043/httpd keepalive (6405.49/0/0) 122tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33776 CLOSE_WAIT 48 555329559 19085/httpd keepalive (6419.19/0/0) 123tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49200 CLOSE_WAIT 48 555328882 19191/httpd keepalive (6398.88/0/0) 124tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49168 CLOSE_WAIT 48 555329016 19240/httpd keepalive (6399.93/0/0) 125tcp 0 0 ::ffff:124.24.61.142:80 ::ffff:68.183.151.227:43474 TIME_WAIT 0 0 - timewait (58.83/0/0) 126tcp 270 0 ::ffff:124.24.61.142:443 ::ffff:68.183.151.227:57204 ESTABLISHED 0 0 - keepalive (7197.93/0/0) 127tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36736 CLOSE_WAIT 48 555329875 19139/httpd keepalive (6434.83/0/0) 128tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:44658 CLOSE_WAIT 48 555327657 19119/httpd keepalive (6369.92/0/0) 129tcp 204 0 ::ffff:124.24.61.142:443 ::ffff:162.43.116.12:50686 ESTABLISHED 0 0 - keepalive (7195.12/0/0) 130tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:42744 CLOSE_WAIT 48 555328361 19174/httpd keepalive (6379.98/0/0) 131tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:44444 CLOSE_WAIT 48 555327544 19095/httpd keepalive (6369.61/0/0) 132tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49128 CLOSE_WAIT 48 555329070 19138/httpd keepalive (6399.94/0/0) 133tcp 570 0 ::ffff:124.24.61.142:443 ::ffff:13.114.115.48:19163 ESTABLISHED 0 0 - keepalive (7197.57/0/0) 134tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49294 CLOSE_WAIT 48 555329175 19245/httpd keepalive (6407.75/0/0) 135tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33764 CLOSE_WAIT 48 555329552 19143/httpd keepalive (6419.14/0/0) 136tcp 517 0 ::ffff:124.24.61.142:443 ::ffff:49.104.0.217:50119 ESTABLISHED 0 0 - keepalive (7142.16/0/0) 137tcp 0 0 ::ffff:124.24.61.142:443 ::ffff:49.104.0.217:50117 ESTABLISHED 48 555337656 19142/httpd keepalive (7142.16/0/0) 138tcp 0 0 ::ffff:124.24.61.142:80 ::ffff:13.114.115.48:22357 TIME_WAIT 0 0 - timewait (58.64/0/0) 139tcp 602 0 ::ffff:124.24.61.142:443 ::ffff:36.240.188.19:4391 ESTABLISHED 0 0 - keepalive (7196.35/0/0) 140tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:33860 CLOSE_WAIT 48 555329618 19098/httpd keepalive (6423.71/0/0) 141tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53630 CLOSE_WAIT 48 555329345 19097/httpd keepalive (6409.52/0/0) 142tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:36720 CLOSE_WAIT 48 555329855 19197/httpd keepalive (6433.74/0/0) 143tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53808 CLOSE_WAIT 48 555329537 19166/httpd keepalive (6418.23/0/0) 144tcp 0 0 ::1:54046 ::1:5432 TIME_WAIT 0 0 - timewait (5.57/0/0) 145tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:48984 CLOSE_WAIT 48 555328986 19232/httpd keepalive (6399.75/0/0) 146tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:32912 CLOSE_WAIT 48 555328594 19126/httpd keepalive (6389.36/0/0) 147tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:53636 CLOSE_WAIT 48 555329352 19096/httpd keepalive (6409.59/0/0) 148tcp 32 0 ::ffff:124.24.61.142:443 ::ffff:185.216.178.23:49278 CLOSE_WAIT 48 555329167 19115/httpd keepalive (6407.59/0/0) 149udp 0 0 127.0.0.1:53 0.0.0.0:* 25 10816 2066/named off (0.00/0/0) 150udp 0 0 0.0.0.0:68 0.0.0.0:* 0 10487 1892/dhclient off (0.00/0/0) 151udp 0 0 0.0.0.0:68 0.0.0.0:* 0 10327 1798/dhclient off (0.00/0/0) 152udp 0 0 10.102.30.133:123 0.0.0.0:* 0 11534 2310/ntpd off (0.00/0/0) 153udp 0 0 124.24.61.142:123 0.0.0.0:* 0 11533 2310/ntpd off (0.00/0/0) 154udp 0 0 127.0.0.1:123 0.0.0.0:* 0 11532 2310/ntpd off (0.00/0/0) 155udp 0 0 0.0.0.0:123 0.0.0.0:* 0 11521 2310/ntpd off (0.00/0/0) 156udp 0 0 0.0.0.0:161 0.0.0.0:* 0 11444 2282/snmpd off (0.00/0/0) 157udp 0 0 ::1:53 :::* 25 10818 2066/named off (0.00/0/0) 158udp 0 0 fe80::250:56ff:fe82:67db:123 :::* 0 11537 2310/ntpd off (0.00/0/0) 159udp 0 0 fe80::250:56ff:fe82:6c1c:123 :::* 0 11536 2310/ntpd off (0.00/0/0) 160udp 0 0 ::1:123 :::* 0 11535 2310/ntpd off (0.00/0/0) 161udp 0 0 :::123 :::* 0 11523 2310/ntpd off (0.00/0/0) 162udp 0 0 ::1:56965 ::1:56965 ESTABLISHED 26 12087 2932/postmaster off (0.00/0/0)
`1less /var/log/messages` `1less /var/log/secure`	システムに関する一般的なメッセージを表示 /var/log/secure には誰がsudoを使ったのか、誰がrootに昇格したのかなどの情報が記載されている。
`1less /var/log/messages \| grep -i "kill"` `1less /var/log/messages \| grep -i "oom"`	OOM Killerによるプロセス停止の確認 `-i`：大文字と小文字を区別しない
`1cat /etc/system-release`	OSのバージョン確認
`1ps alx \| awk '{printf ("%d\t%s\n", $8,$13)}' \| sort -nr \| head -10`	メモリ使用率の高い順にプロセスを表示する `1$ ps alx \| awk '{printf ("%d\t%s\n", $8,$13)}' \| sort -nr \| head -10 248580 docker 331980 /mnt/wsl/docker-desktop/docker-desktop-user-distro 45060 -bash 53112 awk 63004 ps 7812 sort 8580 head 9536 /init 1092 /init 1192 /init` `ps l`：プロセスの状態なども表示する `1$ ps l 2F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 34 1000 145 144 20 0 759208 48580 futex_ Ssl+ pts/1 0:05 docker serve --address unix:///home/ 44 1000 161 160 20 0 10036 5060 do_wai Ss pts/2 0:00 -bash 50 1000 226 161 20 0 10536 3100 - R+ pts/2 0:00 ps l` `{printf ("%d\t%s\n", $8,$13)}`：8行目の数値を`%d`に、13行目の文字列を`%s`に代入して表示（`%d`は数値(digit)代入箇所、`%s`は文字(string)代入箇所、`\t`はタブ挿入、`\n`は改行）
`1kill -9 ${プロセスID}`	指定したプロセスIDのプロセスを強制終了する不用意にkillallやpkillは使わない（予期していないものも止めてしまう可能性があるため）

Apache

コマンド	動作
`1httpd -tSDSSL`	対象ホストのconfファイル確認このあと、confファイルをless ⇒ アクセスログを見るそれでもたまに分からないことがあるのでその時には `1ps auxfwww \| grep [h]ttpd` で対象ホスト名の入っているプロセスを確認することで特定することもできる以下、例 `1webadmin 4642 0.0 0.0 537224 7840 ? S 11:09 0:00 \_ /usr/sbin/httpd -f /etc/httpd/conf-example/httpd.conf 2webadmin 4978 0.0 0.0 537220 6628 ? S 11:11 0:00 \_ /usr/sbin/httpd -f /etc/httpd/conf-example/httpd.conf 3webadmin 4980 0.0 0.0 537476 7820 ? S 11:11 0:00 \_ /usr/sbin/httpd -f /etc/httpd/conf-example/httpd.conf 4webadmin 5330 0.0 0.0 536956 4832 ? S 11:13 0:00 \_ /usr/sbin/httpd -f /etc/httpd/conf-example/httpd.conf` 上記であれば`/usr/sbin/httpd`（`httpd`コマンド）は`/etc/httpd/conf-example/httpd.conf`を読み込んで（-fオプション）動作しているということが読み取れる
`1/usr/sbin/httpd -V` `1httpd -V` `1apachectl -V` など	Apacheがpreforkかworkerで動いているのかを調べる 1[root@www ~ 04:05:18]# /usr/sbin/apachectl -V 2Server version: Apache/2.2.15 (Unix) 3Server built: Aug 24 2015 17:52:49 4Server's Module Magic Number: 20051115:25 5Server loaded: APR 1.3.9, APR-Util 1.3.9 6Compiled using: APR 1.3.9, APR-Util 1.3.9 7Architecture: 64-bit 8Server MPM: Prefork 9 threaded: no 10 forked: yes (variable process count) 11Server compiled with.... 12 -D APACHE_MPM_DIR="server/mpm/prefork" 13 -D APR_HAS_SENDFILE 14 -D APR_HAS_MMAP 15 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) 16 -D APR_USE_SYSVSEM_SERIALIZE 17 -D APR_USE_PTHREAD_SERIALIZE 18 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT 19 -D APR_HAS_OTHER_CHILD 20 -D AP_HAVE_RELIABLE_PIPED_LOGS 21 -D DYNAMIC_MODULE_LIMIT=128 22 -D HTTPD_ROOT="/etc/httpd" 23 -D SUEXEC_BIN="/usr/sbin/suexec" 24 -D DEFAULT_PIDLOG="run/httpd.pid" 25 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" 26 -D DEFAULT_LOCKFILE="logs/accept.lock" 27 -D DEFAULT_ERRORLOG="logs/error_log" 28 -D AP_TYPES_CONFIG_FILE="conf/mime.types" 29 -D SERVER_CONFIG_FILE="conf/httpd.conf"
`1less /etc/httpd/conf/httpd.conf`	Apacheの親のconfファイル確認
`1ps auxfwww \| grep [h]ttpd`	Apacheプロセス確認 `grep -c`：プロセス数確認
`1grep -ir "MaxClients" /etc/httpd/conf/`	MaxClientsの設定値確認 `-r`：ディレクトリ内も検索
`1grep "04/Nov/2023:06" /var/log/httpd/access_log \| awk '{print $1}' \| sort \| uniq -c \| sort -nr \| head -10` `1less /var/log/httpd/access_log.20231230.gz \| zgrep "/Dec/2023:06" \|awk '{print $1}' \| sort \| uniq -c \| sort -nr \| head -10` 時間自動入力分刻みver. `1grep $(date +'%d/%b/%Y:%H:') /var/log/httpd/access_log \| awk '{print $1}' \| sort \| uniq -c \| sort -nr \| head -10` (1時間調整版) `1grep $(date +'%d/%b/%Y:%H' -d '-1 hour') /var/log/httpd/access_log \| awk '{print $1}' \| sort \| uniq -c \| sort -nr \| head -10` 時間刻みver. `1grep $(date +'%d/%b/%Y:') /var/log/httpd/access_log \| awk '{print $1}' \| sort \| uniq -c \| sort -nr \| head -10`	アクセス数が多いIP順に表示攻撃アクセスか判断する際に使用する lessコマンドはgzで圧縮されていても見れる
`1grep "${IPアドレス}" /var/log/httpd/access_log \| less`	指定したIPの行動履歴を確認
`1grep -c $(date +'%d/%b/%Y:%H:') /var/log/httpd/*access_log \| sort -k 2 -t ":" -nr`	アクセスログファイルをアクセス数が多い順番で表示 `grep -c`：一致するものの回数のみを表示 `sort -t ":"`：「:」を区切り文字として指定 `sort -nr`：数値として降順に並び替える
`1less /var/log/httpd/access_log \| awk '{print $5}' \| cut -b 2-17 \| sort \| uniq -c`	一定時間ごとのアクセス数を表示場合によって$5の部分が変化するので、いったんアクセスログを見て、日付部分の番号を指定する `1 8966 18/May/2023:14:4 2 8162 18/May/2023:14:5 3 8489 18/May/2023:15:0 4 7112 18/May/2023:15:1 5 8939 18/May/2023:15:2 6 10714 18/May/2023:15:3 7 11180 18/May/2023:15:4 8 9328 18/May/2023:15:5 9 6631 18/May/2023:16:0 10 8235 18/May/2023:16:1 11 9933 18/May/2023:16:2 12 10193 18/May/2023:16:3 13 9603 18/May/2023:16:4 14 7903 18/May/2023:16:5 15 609 18/May/2023:17:0`

Apache再起動

CentOS6以前 / AmazonLinux系	CentOS7以降 / AmazonLinux2系
`1httpd -t 2cat /etc/system-release 3/etc/init.d/httpd status 4ps auxfwww \| grep [h]ttpd` `1/etc/init.d/httpd restart 2(/etc/init.d/httpd stop) 3(/etc/init.d/httpd start)` `1/etc/init.d/httpd status 2ps auxfwww \| grep [h]ttpd`	`1httpd -t 2cat /etc/system-release 3systemctl status httpd 4ps auxfwww \| grep [h]ttpd` `1systemctl restart httpd 2(systemctl stop httpd) 3(systemctl start httpd)` `1systemctl status httpd 2ps auxfwww \| grep [h]ttpd`

CentOS6以前 / AmazonLinux系

CentOS7以降 / AmazonLinux2系


1httpd -t
2cat /etc/system-release
3/etc/init.d/httpd status
4ps auxfwww | grep [h]ttpd


1/etc/init.d/httpd restart
2(/etc/init.d/httpd stop)
3(/etc/init.d/httpd start)


1/etc/init.d/httpd status
2ps auxfwww | grep [h]ttpd


1httpd -t
2cat /etc/system-release
3systemctl status httpd
4ps auxfwww | grep [h]ttpd


1systemctl restart httpd
2(systemctl stop httpd)
3(systemctl start httpd)


1systemctl status httpd
2ps auxfwww | grep [h]ttpd

Tomcat

コマンド	動作
`1ps auxfwww \| grep [t]omcat`	Tomcatプロセス確認
`1find / -type f -name "catalina.out" -exec less {} \;`	Tomcatのログ確認
`1find / -type f -name "catalina.out" -exec grep -H "Apache Tomcat" "{}" \;`	Tomcatバージョン確認

コマンド

動作


1ps auxfwww | grep [t]omcat

Tomcatプロセス確認


1find / -type f -name "catalina.out" -exec less {} \;

Tomcatのログ確認


1find / -type f -name "catalina.out" -exec grep -H "Apache Tomcat" "{}" \;

Tomcatバージョン確認

Tomcat再起動

再起動の順番：Apache停止→Tomcat停止→Tomcat開始→Apache開始

CentOS6以前 / AmazonLinux系	CentOS7以降 / AmazonLinux2系
`1/etc/init.d/tomcat6 restart`	`1systemctl restart tomcat6`

MySQL

コマンド	動作
`1mysql -h ${エンドポイント} -P ${ポート} -u ${ユーザ名} -p`	MySQLログイン腹持ちの場合にはエンドポイント省略可 (`localhost` or `127.0.0.1`でもよさそう) デフォルトのポートは3306
`1SHOW status like 'Threads_connected';`	現在接続しているスレッド数を表示
`1SHOW full processlist \G;`	実行中クエリ確認基本DBのプロセス上限設定数はMaxClients+2の値実行中プロセス数が近い場合は問題アリ `\G`：表記を垂直表示にする
`1status;`	ステータス確認 (再起動が実行されていないか、Uptimeを確認)

スロークエリの調べ方（RDSの場合にはパラメータストア確認）

コマンド	動作
`1find -type f -name "my.cnf" -exec less "{}" \;`	スロークエリログがオンになっているかをチェック `1[mysqld] 2datadir=/var/lib/mysql 3socket=/var/lib/mysql/mysql.sock 4symbolic-links=0 5character-set-server = utf8 6slow_query_log = ON 7slow_query_log_file = /var/lib/mysql/mysql-slow.log 8performance_schema = OFF`
`1SHOW variables like 'slow%';`	1.の別の調べ方 `1+---------------------+----------------+ 2\| Variable_name \| Value \| 3+---------------------+----------------+ 4\| slow_launch_time \| 2 \| 5\| slow_query_log \| OFF \| 6\| slow_query_log_file \| mysql-slow.log \| 7+---------------------+----------------+`
`1SHOW variables like 'long%';`	何秒からをスロークエリとするかの定義 `1+-----------------+-----------+ 2\| Variable_name \| Value \| 3+-----------------+------------+ 4\| long_query_time \| 10.000000 \| 5+-----------------+-----------+`
`1less /var/lib/mysql/mysql-slow.log`	Query_time を見るとよい `1# Query_time: 15.935626 Lock_time: 0.000037 Rows_sent: 0 Rows_examined: 138290 2SET timestamp=1671654656; 3CALL BC_Recommend( 4 '20221222' , 5 '0' , 6 '100000000' , 7 '30' , 8 '30' , 9 '900' , 10 '900' , 11 '0100' , 12 '0100' 13 );`

PostgreSQL

コマンド	動作
`1psql -h ${エンドポイント} -U ${ユーザ名} -d postgres`	PostgreSQLログイン腹持ちの場合にはエンドポイント省略可 (`localhost` or `127.0.0.1`でもよさそう) `-p`でポート番号を指定してもよい (デフォルトは5432)
`1SELECT * FROM pg_stat_activity;`	クエリ確認 1postgres=# SELECT * FROM pg_stat_activity; 2 datid \| datname \| procpid \| usesysid \| usename \| application_name \| client_addr \| client_hostname \| client_port \| backend_start \| xact_st 3art \| query_start \| waiting \| current_query 4--------+----------+---------+----------+----------+------------------+-------------+-----------------+-------------+-------------------------------+----------------- 5--------------+-------------------------------+---------+--------------------------------- 6 12780 \| postgres \| 16728 \| 10 \| postgres \| psql \| \| \| -1 \| 2023-06-11 17:25:34.894126+09 \| 2023-06-11 17:25 7:41.402096+09 \| 2023-06-11 17:25:41.402096+09 \| f \| SELECT * FROM pg_stat_activity; 8 551057 \| onsuku \| 26393 \| 16388 \| publis \| \| 10.0.2.150 \| \| 47596 \| 2023-06-11 04:03:16.807043+09 \| 9 \| 2023-06-11 17:23:12.512805+09 \| f \| <IDLE> 10 356984 \| publis_1 \| 16778 \| 16388 \| publis \| \| 10.0.2.101 \| \| 56687 \| 2023-06-11 17:25:40.993099+09 \| 11 \| 2023-06-11 17:25:41.405286+09 \| f \| <IDLE> 12 356984 \| publis_1 \| 16768 \| 16388 \| publis \| \| 10.0.3.102 \| \| 41583 \| 2023-06-11 17:25:40.334641+09 \| 13 \| 2023-06-11 17:25:41.406671+09 \| f \| <IDLE> 14 356984 \| publis_1 \| 14200 \| 16388 \| publis \| \| 10.0.2.150 \| \| 50133 \| 2023-06-11 16:10:04.801129+09 \| 2023-06-11 16:10 15:04.849551+09 \| 2023-06-11 16:16:00.700329+09 \| f \| <IDLE> in transaction 16 356984 \| publis_1 \| 16774 \| 16388 \| publis \| \| 10.0.2.101 \| \| 56682 \| 2023-06-11 17:25:40.777633+09 \| 17 \| 2023-06-11 17:25:41.405158+09 \| f \| <IDLE> 18 356984 \| publis_1 \| 26346 \| 16388 \| publis \| \| 10.0.2.150 \| \| 47595 \| 2023-06-11 04:03:10.785377+09 \| 19 \| 2023-06-11 17:25:39.880039+09 \| f \| <IDLE> 20 356984 \| publis_1 \| 25681 \| 16388 \| publis \| \| 10.0.2.150 \| \| 47388 \| 2023-06-11 04:00:02.687572+09 \| 21 \| 2023-06-11 17:25:37.915223+09 \| f \| <IDLE> 22(8 rows)
`1SELECT date_trunc('second', current_timestamp - pg_postmaster_start_time()) as uptime;`	PostgreSQLのuptimeを確認 ⇒ 再起動がかかっていないか調査 `1postgres=# SELECT date_trunc('second', current_timestamp - pg_postmaster_start_time()) as uptime; 2 uptime 3------------------ 4 13 days 00:59:52 5(1 row)`

Postfix

コマンド	動作
`1mailq` or `1postqueue -p`	メールが滞留していないか確認
`1less /var/log/maillog \| grep "${キューID}"`	メールが滞留している場合、キューIDでログを確認「status=」を確認 `status=sent`：送信成功 `status=bounced`：送信拒否 `status=deferred`：送信できず延期されている `status=bounced`か`deferred`の場合、`status=`の後ろにある()内でエラー内容をを確認する。また、`dsn=` の値でもエラー内容が確認できる
`1mail -s ${件名} ${メールアドレス}`	メール送信可能か確認

コマンド

動作


1mailq


1postqueue -p

メールが滞留していないか確認


1less /var/log/maillog | grep "${キューID}"

メールが滞留している場合、キューIDでログを確認

「status=」を確認

status=sent：送信成功
status=bounced：送信拒否
status=deferred：送信できず延期されている

status=bouncedかdeferredの場合、status=の後ろにある()内でエラー内容をを確認する。

また、dsn= の値でもエラー内容が確認できる


1mail -s ${件名} ${メールアドレス}

メール送信可能か確認