Part 3
Services
Now we move over to how we track down and deal with services and ports.
This is a very important aspect of being able to have a functioning setup where as much friction as possible is removed.
Lets start with ps
(process status), this allows you to list all the process’ that runs under your currently logged in user.
However it has a plethora of other operators that will allow you to dig futher down.
PS example:
ps -fC casaos
root@casaos:/# ps -fC casaos
UID PID PPID C STIME TTY TIME CMD
root 765 1 0 Nov01 ? 00:10:09 /usr/bin/casaos -c /etc/casaos/casaos.conf
ps aux
root@casaos:/# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 168160 12704 ? Ss Nov01 0:10 /sbin/init
root 2 0.0 0.0 0 0 ? S Nov01 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? I< Nov01 0:00 [rcu_gp]
root 4 0.0 0.0 0 0 ? I< Nov01 0:00 [rcu_par_gp]
root 5 0.0 0.0 0 0 ? I< Nov01 0:00 [slub_flushwq]
root 6 0.0 0.0 0 0 ? I< Nov01 0:00 [netns]
root 8 0.0 0.0 0 0 ? I< Nov01 0:00 [kworker/0:0H-events_highpri]
root 10 0.0 0.0 0 0 ? I< Nov01 0:00 [mm_percpu_wq]
root 11 0.0 0.0 0 0 ? I Nov01 0:00 [rcu_tasks_kthread]
root 12 0.0 0.0 0 0 ? I Nov01 0:00 [rcu_tasks_rude_kthread]
root 13 0.0 0.0 0 0 ? I Nov01 0:00 [rcu_tasks_trace_kthread]
root 14 0.0 0.0 0 0 ? S Nov01 0:01 [ksoftirqd/0]
root 15 0.0 0.0 0 0 ? I Nov01 0:27 [rcu_preempt]
root 16 0.0 0.0 0 0 ? S Nov01 0:04 [migration/0]
root 18 0.0 0.0 0 0 ? S Nov01 0:00 [cpuhp/0]
root 19 0.0 0.0 0 0 ? S Nov01 0:00 [cpuhp/1]
root 20 0.0 0.0 0 0 ? S Nov01 0:04 [migration/1]
root 21 0.0 0.0 0 0 ? S Nov01 0:01 [ksoftirqd/1]
root 23 0.0 0.0 0 0 ? I< Nov01 0:00 [kworker/1:0H-events_highpri]
root 24 0.0 0.0 0 0 ? S Nov01 0:00 [cpuhp/2]
root 25 0.0 0.0 0 0 ? S Nov01 0:04 [migration/2]
root 26 0.0 0.0 0 0 ? S Nov01 0:01 [ksoftirqd/2]
root 28 0.0 0.0 0 0 ? I< Nov01 0:00 [kworker/2:0H-events_highpri]
root 29 0.0 0.0 0 0 ? S Nov01 0:00 [cpuhp/3]
root 30 0.0 0.0 0 0 ? S Nov01 0:04 [migration/3]
root 31 0.0 0.0 0 0 ? S Nov01 0:01 [ksoftirqd/3]
root 33 0.0 0.0 0 0 ? I< Nov01 0:00 [kworker/3:0H-events_highpri]
root 38 0.0 0.0 0 0 ? S Nov01 0:00 [kdevtmpfs]
root 39 0.0 0.0 0 0 ? I< Nov01 0:00 [inet_frag_wq]
root 40 0.0 0.0 0 0 ? S Nov01 0:00 [kauditd]
root 41 0.0 0.0 0 0 ? S Nov01 0:00 [khungtaskd]
root 42 0.0 0.0 0 0 ? S Nov01 0:00 [oom_reaper]
root 43 0.0 0.0 0 0 ? I< Nov01 0:00 [writeback]
root 44 0.0 0.0 0 0 ? S Nov01 0:26 [kcompactd0]
root 45 0.0 0.0 0 0 ? SN Nov01 0:00 [ksmd]
root 47 0.0 0.0 0 0 ? SN Nov01 0:03 [khugepaged]
root 48 0.0 0.0 0 0 ? I< Nov01 0:00 [kintegrityd]
root 49 0.0 0.0 0 0 ? I< Nov01 0:00 [kblockd]
root 50 0.0 0.0 0 0 ? I< Nov01 0:00 [blkcg_punt_bio]
root 51 0.0 0.0 0 0 ? I< Nov01 0:00 [tpm_dev_wq]
root 52 0.0 0.0 0 0 ? I< Nov01 0:00 [edac-poller]
root 53 0.0 0.0 0 0 ? I< Nov01 0:00 [devfreq_wq]
root 56 0.0 0.0 0 0 ? I< Nov01 0:00 [kworker/2:1H-kblockd]
root 57 0.0 0.0 0 0 ? S Nov01 0:00 [kswapd0]
root 63 0.0 0.0 0 0 ? I< Nov01 0:00 [kthrotld]
root 65 0.0 0.0 0 0 ? S Nov01 0:00 [irq/24-aerdrv]
root 66 0.0 0.0 0 0 ? S Nov01 0:00 [irq/25-aerdrv]
root 67 0.0 0.0 0 0 ? S Nov01 0:00 [irq/26-aerdrv]
root 68 0.0 0.0 0 0 ? S Nov01 0:00 [irq/27-aerdrv]
root 69 0.0 0.0 0 0 ? S Nov01 0:00 [irq/28-aerdrv]
root 70 0.0 0.0 0 0 ? S Nov01 0:00 [irq/29-aerdrv]
root 71 0.0 0.0 0 0 ? S Nov01 0:00 [irq/30-aerdrv]
root 72 0.0 0.0 0 0 ? S Nov01 0:00 [irq/31-aerdrv]
root 73 0.0 0.0 0 0 ? S Nov01 0:00 [irq/32-aerdrv]
root 74 0.0 0.0 0 0 ? S Nov01 0:00 [irq/33-aerdrv]
root 75 0.0 0.0 0 0 ? S Nov01 0:00 [irq/34-aerdrv]
root 76 0.0 0.0 0 0 ? S Nov01 0:00 [irq/35-aerdrv]
root 77 0.0 0.0 0 0 ? S Nov01 0:00 [irq/36-aerdrv]
root 78 0.0 0.0 0 0 ? S Nov01 0:00 [irq/37-aerdrv]
root 79 0.0 0.0 0 0 ? I< Nov01 0:00 [acpi_thermal_pm]
root 80 0.0 0.0 0 0 ? I< Nov01 0:00 [mld]
root 81 0.0 0.0 0 0 ? I< Nov01 0:00 [ipv6_addrconf]
root 86 0.0 0.0 0 0 ? I< Nov01 0:00 [kstrp]
root 91 0.0 0.0 0 0 ? I< Nov01 0:00 [zswap-shrink]
root 92 0.0 0.0 0 0 ? I< Nov01 0:00 [kworker/u9:0]
root 136 0.0 0.0 0 0 ? I< Nov01 0:00 [kworker/0:1H-kblockd]
root 144 0.0 0.0 0 0 ? I< Nov01 0:00 [kworker/3:1H-kblockd]
root 154 0.0 0.0 0 0 ? I< Nov01 0:00 [kworker/1:1H-kblockd]
root 170 0.0 0.0 0 0 ? I< Nov01 0:00 [ata_sff]
root 172 0.0 0.0 0 0 ? S Nov01 0:00 [scsi_eh_0]
root 173 0.0 0.0 0 0 ? I< Nov01 0:00 [scsi_tmf_0]
root 174 0.0 0.0 0 0 ? S Nov01 0:00 [scsi_eh_1]
root 175 0.0 0.0 0 0 ? I< Nov01 0:00 [scsi_tmf_1]
root 176 0.0 0.0 0 0 ? S Nov01 0:00 [scsi_eh_2]
root 177 0.0 0.0 0 0 ? I< Nov01 0:00 [scsi_tmf_2]
root 178 0.0 0.0 0 0 ? S Nov01 0:00 [scsi_eh_3]
root 179 0.0 0.0 0 0 ? I< Nov01 0:00 [scsi_tmf_3]
root 180 0.0 0.0 0 0 ? S Nov01 0:00 [scsi_eh_4]
root 181 0.0 0.0 0 0 ? I< Nov01 0:00 [scsi_tmf_4]
root 182 0.0 0.0 0 0 ? S Nov01 0:00 [scsi_eh_5]
root 183 0.0 0.0 0 0 ? I< Nov01 0:00 [scsi_tmf_5]
root 192 0.0 0.0 0 0 ? I< Nov01 0:00 [kdmflush/253:0]
root 193 0.0 0.0 0 0 ? I< Nov01 0:00 [kdmflush/253:1]
root 227 0.0 0.0 0 0 ? S Nov01 0:03 [jbd2/dm-0-8]
root 228 0.0 0.0 0 0 ? I< Nov01 0:00 [ext4-rsv-conver]
root 294 0.0 0.0 26048 6664 ? Ss Nov01 0:01 /lib/systemd/systemd-udevd
root 341 0.0 0.0 0 0 ? S Nov01 0:01 [hwrng]
root 349 0.0 0.0 0 0 ? S Nov01 0:00 [watchdogd]
root 351 0.0 0.0 0 0 ? I< Nov01 0:00 [cryptd]
root 475 0.0 0.0 0 0 ? I< Nov01 0:00 [ext4-rsv-conver]
root 512 0.0 0.1 41328 15288 ? Ss Nov01 5:31 /lib/systemd/systemd-journald
systemd+ 528 0.0 0.0 90048 6648 ? Ssl Nov01 0:02 /lib/systemd/systemd-timesyncd
root 542 0.0 0.0 5872 3608 ? Ss Nov01 0:00 dhclient -4 -v -i -pf /run/dhclient.enp1s0.pid -lf /var/lib/dhcp/dhclient.enp1s0.leases -I -df /var/lib/dhcp/dhclient6.enp1s0.leases enp1s0
root 577 0.0 0.0 6608 2656 ? Ss Nov01 0:00 /usr/sbin/cron -f
message+ 578 0.0 0.0 9332 5156 ? Ss Nov01 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
devmon 579 0.0 0.0 7328 3660 ? Ss Nov01 0:00 /bin/bash /usr/bin/devmon --mount-options nosuid,nodev,noatime --ignore-label EFI
root 582 0.0 0.0 80236 3600 ? Ssl Nov01 0:00 /usr/sbin/qemu-ga
root 587 0.0 0.0 17144 7824 ? Ss Nov01 0:01 /lib/systemd/systemd-logind
root 589 0.0 0.2 394488 16776 ? Ssl Nov01 0:00 /usr/libexec/udisks2/udisksd
root 592 0.0 0.6 1504040 55036 ? Ssl Nov01 3:47 /usr/bin/containerd
root 595 0.0 0.6 762252 52660 ? Ssl Nov01 0:41 /usr/bin/rclone rcd --rc-addr unix:///var/run/rclone/rclone.sock --rc-no-auth --rc-allow-origin *
root 597 0.0 0.0 5872 1020 tty1 Ss+ Nov01 0:00 /sbin/agetty -o -p -- \u --noclear - linux
root 635 0.0 0.0 0 0 ? I< Nov01 0:00 [wg-crypt-wg0]
root 648 0.0 0.1 15408 9424 ? Ss Nov01 0:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
polkitd 701 0.0 0.0 234740 7396 ? Ssl Nov01 0:00 /usr/lib/polkit-1/polkitd --no-debug
root 730 0.0 0.2 70564 16272 ? Ss Nov01 0:13 /usr/sbin/nmbd --foreground --no-process-group
root 739 0.0 0.2 722972 23252 ? Ssl Nov01 0:18 /usr/bin/casaos-gateway
root 758 0.0 0.5 739616 42908 ? Ssl Nov01 3:29 /usr/bin/casaos-message-bus -c /etc/casaos/message-bus.conf
root 765 0.0 0.5 739048 43452 ? Ssl Nov01 10:09 /usr/bin/casaos -c /etc/casaos/casaos.conf
root 771 0.0 0.3 738812 29272 ? Ssl Nov01 0:28 /usr/bin/casaos-user-service -c /etc/casaos/user-service.conf
devmon 788 0.0 0.0 8736 3804 ? S Nov01 0:00 /usr/bin/udevil --monitor
root 850 0.0 0.2 83540 22912 ? Ss Nov01 0:02 /usr/sbin/smbd --foreground --no-process-group
root 851 0.0 0.9 772120 80456 ? Ssl Nov01 6:34 /usr/bin/casaos-local-storage -c /etc/casaos/local-storage.conf
root 853 0.0 0.1 81532 9380 ? S Nov01 0:01 /usr/sbin/smbd --foreground --no-process-group
root 854 0.0 0.0 81524 4504 ? S Nov01 0:01 /usr/sbin/smbd --foreground --no-process-group
root 895 0.0 1.1 1978748 92524 ? Ssl Nov01 1:21 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root 1269 0.1 1.1 778736 96832 ? Ssl Nov01 12:55 /usr/bin/casaos-app-management -c /etc/casaos/app-management.conf
root 1111642 0.0 0.0 0 0 ? I Nov08 0:01 [kworker/0:2-events]
root 1112195 0.0 0.0 0 0 ? I 00:00 0:07 [kworker/3:1-wg-crypt-wg0]
root 1115886 0.0 0.0 0 0 ? I 00:33 0:02 [kworker/1:0-wg-crypt-wg0]
root 1125247 0.0 0.0 0 0 ? I 01:59 0:01 [kworker/1:2-wg-crypt-wg0]
root 1193256 0.0 0.0 0 0 ? I 12:20 0:02 [kworker/3:2-wg-crypt-wg0]
root 1195384 0.0 0.0 0 0 ? I 12:40 0:01 [kworker/2:1-wg-crypt-wg0]
root 1207129 0.0 0.0 0 0 ? I 14:27 0:00 [kworker/2:0-mm_percpu_wq]
root 1225726 0.0 0.0 0 0 ? I 17:17 0:00 [kworker/0:1-wg-crypt-wg0]
root 1242550 0.0 0.0 0 0 ? I 19:51 0:00 [kworker/u8:0-flush-253:0]
root 1244331 0.0 0.0 0 0 ? I 20:08 0:00 [kworker/u8:2-flush-253:0]
root 1244908 0.1 0.1 17796 11120 ? Ss 20:13 0:00 sshd: kris [priv]
kris 1244928 0.1 0.1 18972 10592 ? Ss 20:13 0:00 /lib/systemd/systemd --user
kris 1244929 0.0 0.0 169220 3604 ? S 20:13 0:00 (sd-pam)
kris 1244948 0.0 0.0 18056 6908 ? S 20:13 0:00 sshd: kris@pts/0
kris 1244949 0.0 0.0 8884 5768 pts/0 Ss 20:13 0:00 -bash
root 1244964 0.0 0.0 0 0 ? I 20:13 0:00 [kworker/u8:1-events_unbound]
root 1245012 0.0 0.0 10136 4852 pts/0 S+ 20:13 0:00 sudo su
root 1245022 0.0 0.0 10136 512 pts/1 Ss 20:13 0:00 sudo su
root 1245023 0.0 0.0 8976 4228 pts/1 S 20:13 0:00 su
root 1245024 0.0 0.0 7196 3876 pts/1 S 20:13 0:00 bash
root 1245025 0.0 0.0 0 0 ? I 20:13 0:00 [kworker/u8:3-events_unbound]
root 1245081 100 0.0 11084 4372 pts/1 R+ 20:14 0:00 ps aux
There might also be a time where you have files that are locked by certain processes and need to end the process before you can proceed to deal with the file.
For this, a very handy tool is called lsof
(list open files), which in a good few cases will not be installed with the Linux distro of your choice, but can easily be installed on e.g Ubuntu and Debian with apt install -y lsof
.
LSOF example:
lsof /var/log/
lsof /var/log/
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bash 1194 root cwd DIR 254,2 4096 1835179 /var/log
lsof 2172 root cwd DIR 254,2 4096 1835179 /var/log
lsof 2173 root cwd DIR 254,2 4096 1835179 /var/log
Ports
With a legacy tool called netstat
(show network status) you can view the Listening Address, Port, Port Type and PID associated with a service.
This tool has since been replaced with ss
and acts and feels the same way.
netstat
no longer comes installed by default as it has been replaced with ss
but you can install it on Debian/Ubuntu with apt install -y net-tools
.
If you want to see what ports are open on your system (listening, not open in firewall) you can view this with the following two examples:
Listening Ports example:
netstat -tupln
netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 545/sshd: /usr/sbin
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2152/cupsd
tcp6 0 0 :::22 :::* LISTEN 545/sshd: /usr/sbin
tcp6 0 0 ::1:631 :::* LISTEN 2152/cupsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 442/avahi-daemon: r
udp 0 0 0.0.0.0:55508 0.0.0.0:* 442/avahi-daemon: r
udp 0 0 0.0.0.0:631 0.0.0.0:* 2163/cups-browsed
udp6 0 0 :::5353 :::* 442/avahi-daemon: r
udp6 0 0 :::37069 :::* 442/avahi-daemon: r
ss -tupln
ss -tupln
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("avahi-daemon",pid=442,fd=12))
udp UNCONN 0 0 0.0.0.0:55508 0.0.0.0:* users:(("avahi-daemon",pid=442,fd=14))
udp UNCONN 0 0 0.0.0.0:631 0.0.0.0:* users:(("cups-browsed",pid=2163,fd=7))
udp UNCONN 0 0 [::]:5353 [::]:* users:(("avahi-daemon",pid=442,fd=13))
udp UNCONN 0 0 [::]:37069 [::]:* users:(("avahi-daemon",pid=442,fd=15))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=545,fd=3))
tcp LISTEN 0 128 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=2152,fd=7))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=545,fd=4))
tcp LISTEN 0 128 [::1]:631 [::]:* users:(("cupsd",pid=2152,fd=6))
And as you can see, the output difference between netstat
and ss
are rather small but the information is displayed differently.