Practically Useful UNIX Security Administration

±èÈÖ° (Sakai Kim) sakai@major.kaist.ac.kr

¡¡

Contents

General Security Administration I ºÎ (Áö³ È£)

°³¿ä

password ¿¡ °ü·ÃµÈ Secure Administration

General Security Administration II ºÎ (ÀÌ¹ø È£)

Process °ü¸®, °¨½Ã¹ý

ÀÌ¹ø È£¿¡¼´Â Áö³ È£¿¡ ÀÌ¾î General Security Administration Áß System Security ¿¡ ´ëÇØ ´Ù·ç°Ú´Ù.

ÀÌ¹ø È£¿¡¼ ÁßÁ¡ÀûÀ¸·Î ´Ù·ê ³»¿ëÀº Process ¸¦ °ü¸®ÇÏ°í ÀÌ»óÇÑ ÇÁ·Î¼¼½º¸¦ Ã£¾Æ³»¾î Á¶»çÇÏ´Â ¹æ¹ý, ±×¸®°í security ¿¡ ÀÖ¾î tracing À» ÇÒ ¶§ Àý´ëÀûÀ¸·Î ¿ä±¸µÇ´Â Áß¿äÇÑ ·Î±×ÈÀÏ ¿¡´Â ¾î¶² °ÍÀÌ ÀÖ´ÂÁö¸¦ »ìÆìº¸°í ÀÌ ·Î±× ÆÄÀÏÀ» ¾î¶² ½ÄÀ¸·Î ºÐ¼®ÇØ¾ß ÇÏ´ÂÁö¿¡ ´ëÇØ¼ »ìÆìº¸µµ·Ï ÇÏ°Ú´Ù.

I. General System Administration

1. Process Management & Monitoring

1) Process Management ÀÌ¶õ? Process Monitoring ÀÌ¶õ?

UNIX ½Ã½ºÅÛÀº ¸ÖÆ¼À¯Àú Ã¼°èÀÌ±â ¶§¹®¿¡ System ÀÇ Resource ¸¦ ¼·Î °øÀ¯ÇÏ¸é¼ »ç¿ëÇÏ°í ÀÖ´Ù. ±×·¸±â ¶§¹®¿¡ ½Ã½ºÅÛÀÇ ºÎÇÏ·®À» ¸¹ÀÌ Àâ¾Æ¸Ô´Â ÇÁ·Î¼¼½º°¡ ´Ù¸¥ À¯Àú¿¡ ÀÇÇØ ÀÛµ¿µÇ°í ÀÖÀ» °æ¿ì ´Ù¸¥ À¯ÀúµéÀº ±×¸¸Å ½Ã½ºÅÛÀÇ ¸®¼Ò½º¸¦ »ç¿ëÇÏÁö ¸øÇÏ°Ô µÇ¾î Áß¿äÇÑ ÀÛ¾÷ÀÌ ÀÖ´Â °æ¿ì¿¡ ÇÇÇØ¸¦ º¼ ¼ö µµ ÀÖ´Ù.

ÈçÈ÷ No More Process ³ª all network port in use µûÀ§ÀÇ ¸Þ½ÃÁö¸¦ º¼ ¼ö ÀÖÀ» °ÍÀÌ´Ù. Áß¿äÇÑ ÀÏÀÌ ÀÖÀ» ¶§¿¡ ÀÌ·¯ÇÑ ¸Þ½ÃÁö¸¦ º¸°Ô µÇ¸é Â¥ÁõÀÌ ³ª°Ô µÇ°í, ´Ù¸¥ »ç¿ëÀÚµé Áß¿¡ ¾µµ¥ ¾ø´Â ÇÁ·Î¼¼½º¸¦ ±¸µ¿ ½ÃÅ°°í ÀÖ´Ù¸é ÇÁ·Î¼¼½º¸¦ kill ÇØÁÖ±â¸¦ ¹Ù¶ö °ÍÀÌ´Ù.

Process Management ¶õ, ÇÁ·Î¼¼½º¿¡ priority ¸¦ ÇÒ´çÇÏ¿© Áß¿äÇÑ ÀÛ¾÷ÀÌ ¸ÕÀú ¼öÇàµÇµµ·Ï ÇÑ´Ùµç°¡, ½Ã½ºÅÛ ºÎÇÏ¸¦ ¸¹ÀÌ Àâ´Â ÇÁ·Î¼¼½º¸¦ ÇÁ·Î¼¼½ºÀÇ ¼ÒÀ¯ÁÖ¿¡°Ô ¾çÇØ¸¦ ±¸ÇØ kill ÇÑ´Ùµç°¡, Zombie °¡ µÈ ÇÁ·Î¼¼½º°¡ ²÷ÀÓ¾øÀÌ CPU Time À» Àâ°í ÀÖÀ» ¶§ Ã³¸®ÇØ ÁÖ´Â °ÍÀÌ³ª »ç¿ëÀÚ°¡ µ¹¹ßÀûÀÎ »çÅÂ·Î process ¸¦ ¸¹ÀÌ ¶ç¿ö ³õÀº »óÅÂ¿¡¼ logout µÇ¾úÀ» ¶§, Idling »óÅÂ·Î ÀÖ´Â ÇÁ·Î¼¼½ºµé Áß CPU Time À» ¸¹ÀÌ Àâ°í ÀÖ´Â ÇÁ·Î¼¼½ºµéÀ» Ã³¸®ÇØ ÁÖ´Â Administration À» ¸»ÇÑ´Ù.

Process Monitoring Àº Process Management ÀÇ ÀÏºÎ¿¡ ¼ÓÇÏ´Â ÀÏÀÎµ¥, ¼º°ÝÀÌ ¾à°£ ´Ù¸£´Ù. ÀÌ»óÇÑ ÇÁ·Î¼¼½º( ¿¹¸¦ µé¾î OS ¿¡¼ Á¦°øÇÏÁö ¾Ê´Â ¸í·É¾îÀÇ ÀÌ¸§À¸·Î ½Ã½ºÅÛ¿¡ ÇÇÇØ¸¦ ÁÖ´Â ÀÛ¾÷À» ÇÏ´Â °æ¿ì, ½Ã½ºÅÛ ÇØÅ·°ú °ü·ÃµÈ ÇÁ·Î¼¼½º) µéÀ» °¨ÁöÇØ ³»¾î ÀÌ¸¦ Ã³¸®ÇÏ´Â °ÍÀ» ¸»ÇÑ´Ù.

Process Management ÀÇ ¿¹

´ÙÀ½Àº °ü¸®ÀÚ°¡ ½Ã½ºÅÛÀ» »ç¿ëµµÁß °©ÀÚ±â xload ÀÇ ±×·¡ÇÁ°¡ Ä¡¼ÚÀ¸¸ç ½Ã½ºÅÛÀÌ ÇöÀúÇÏ°Ô ´À·ÁÁö´Â °ÍÀ» ¹ß°ßÇÏ°í Ã³¸®¸¦ ÇÏ´Â °úÁ¤À» ´ãÀº ¿¹ÀÌ´Ù.

# uptime 2:17pm up 12 days, 21:25, 5 users, load average: 4.03 , 0.39, 0.21 # w 2:18pm up 12 days, 21:27, 5 user, load average: 4.04 , 0.32, 0.21 User tty login@ idle JCPU PCPU what exit ttyp8 2:14pm -csh sakai ttyp9 1:20pm -csh .... # top System: miso Tue Mar 25 14:20:06 1997 Load averages: 4.04, 0.37, 0.23 84 processes: 83 sleeping, 1 waiting Cpu states: CPU LOAD USER NICE SYS IDLE UNK5 UNK6 INTR SSYS 1 4.04 111.5% 0.0% -0.1% -11.4% -0.0% -0.0% -0.0% -0.0% Memory: 14172K (2144K) real, 18596K (2612K) virtual, 3696K free Screen # 1/6 CCU TTY PID USERNAME PRI NI SIZE RESD STATE TIME %WCPU %CPU COMMAND 0 ? 14490 sakai 154 20 2008K 600K wait 0:00 10.20 9.90 a.out 0 ? 14459 sakai 154 20 1004K 552K sleep 0:41 7.15 7.13 hanterm 0 p3 14488 sakai 156 20 292K 296K sleep 0:23 2.23 2.22 screen 0 p6 14862 sakai 178 20 204K 232K wait 0:00 0.73 0.55 top 0 ? 3 root 128 20 0K 0K sleep 0:00 0.02 0.02 statdaem 0 ? 2 root 128 20 0K 0K sleep 0:00 0.02 0.02 vhand 0 ? 1 root 168 20 44K 36K sleep 0:02 0.02 0.02 init

½Ã½ºÅÛÀÇ ·Îµå ¼öÄ¡°¡ »ó´çÈ÷ ÅÀ» ´À³¢°í, w , top À» ÀÌ¿ëÇÏ¿© ÇöÀç ½Ã½ºÅÛ¿¡ ¾î¶°ÇÑ ÇÁ·Î¼¼½º°¡ µ¹°í ÀÖ´ÂÁö¸¦ »ìÆì º¸¾Ò´õ´Ï sakai ¶õ »ç¿ëÀÚ°¡ ½ÇÇà½ÃÅ°°í ÀÖ´Â a.out ÀÌ¶õ ÇÁ·Î±×·¥¿¡ ¹®Á¦°¡ ÀÖÀ½À» ¹ß°ßÇß´Ù.

±×·¡¼ ¾çÇØ¸¦ ±¸ÇÑ´ÙÀ½ ÀÌ ÇÁ·Î¼¼½º¸¦ kill ÇÏ±â·Î Çß´Ù.

# talk sakai

[Connection established...]

U r running an odd process now, your programming a.out is using most of system'

s resources, It can do harm another users.

so Could I kill your process a.out now?

-What's Up? root?

Oh, I got it ,

Don't mention it. You can kill my process.

Sorry for doing harm to system....

# kill -15 14490 # uptime 2:17pm up 12 days, 21:25, 5 users, load average: 1.03 , 0.39, 0.21 Process Monitoring ÀÇ ¿¹. ¾î¶² °ü¸®ÀÚ°¡ ÀÚ½ÅÀÌ °ü¸®ÇÏ´Â ½Ã½ºÅÛ¿¡¼ ÆÐÅ¶·Î½º°¡ ½ÉÇÏ°Ô ÀÏ¾î³²À» ¹ß°ßÇÏ°í ´©±º°¡ ÀÚ½ÅÀÇ ½Ã½ºÅÛ ³»ºÎ¿¡¼ /dev/le0 µîÀ» ¸ð´ÏÅÍ¸µ ÇÏ°Å³ª ½º´ÏÇÎ ÇÏÁö´Â ¾Ê´ÂÁö ÀÇ½ÉÇÏ°Ô µÇ¾ú´Ù. (Âü°í·Î ½º´ÏÇÎÀ» ÇÏ°í ÀÖ´Â µ¿¾È¿¡ ¸¹Àº ÆÐÅ¶·Î½º°¡ ÀÏ¾î³¯ ¼ö ÀÖ´Ù.) % ping -s localhost PING localhost: 56 data bytes 64 bytes from localhost (127.0.0.1): icmp_seq=0. time=3. ms 64 bytes from localhost (127.0.0.1): icmp_seq=1. time=2. ms 64 bytes from localhost (127.0.0.1): icmp_seq=2. time=1. ms 64 bytes from localhost (127.0.0.1): icmp_seq=3. time=2. ms 64 bytes from localhost (127.0.0.1): icmp_seq=4. time=4. ms 64 bytes from localhost (127.0.0.1): icmp_seq=5. time=2. ms 64 bytes from localhost (127.0.0.1): icmp_seq=6. time=1. ms 64 bytes from localhost (127.0.0.1): icmp_seq=7. time=3. ms ...... 64 bytes from localhost (127.0.0.1): icmp_seq=34. time=1. ms ----arirang.kaist.ac.kr PING Statistics---- 34 packets transmitted, 22 packets received, 35% packet loss round-trip (ms) min/avg/max = 1/2/3 % ifconfig -a lo0: flags=849 mtu 8232 inet 127.0.0.1 netmask ff000000 le0: flags=863 mtu 1500 inet 203.251.173.1 netmask ffffff00 broadcast 143.248.8.255 sniffer´Â Promiscuous mode¿¡¼ µ¿ÀÛ ÇÏ´Â °ÍÀÓÀ» ¿ì¸®´Â Àü¹ø È£¿¡¼ »ìÆìº» ¹Ù ÀÖ´Ù. ÀÌÁ¦ ifconfig ¸¦ ÅëÇØ sniffer °¡ µ¹°í ÀÖÀ½À» ¹ß°ßÇßÀ¸´Ï ÀÌÁ¦´Â ±× ÇÁ·Î¼¼½º¸¦ Ã£¾Æ³»¾î kill À» ÇØ¾ß ÇÑ´Ù. ±×¸®°í root ÀÇ ±ÇÇÑÀ¸·Î µ¹°í ÀÖ´Â ÇÁ·Î¼¼½ºµéÀÌ ÁÖ·Î À§ÇèÇÑ °æ¿ì°¡ ¸¹À¸¹Ç·Î ¿ì¼±ÀûÀ¸·Î ´ÙÀ½°ú °°Àº ¸í·ÉÀ» »ç¿ëÇÏ¿© Á¢±ÙÀ» ÇÏµµ·Ï ÇÑ´Ù. # ps -ef | grep root ¸¦ ÅëÇØ ÀÌ»óÇÑ ÇÁ·Î¼¼½º¸¦ ¹ß°ßÇØ ³»µµ·Ï ÇÑ´Ù. ¹°·Ð ¾î¶°ÇÑ ÇÁ·Î¼¼½º°¡ ÇØÄ¿°¡ ÀÛµ¿½ÃÅ°°í ³ª°£ ÇÁ·Î¼¼½ºÀÎÁö´Â ½ÅÁßÀ» ±âÇØ »ìÆìº¸¾Æ¾ß ÇÒ °ÍÀÌ´Ù. ÇØÄ¿°¡ ¸¸ÀÏ sniff ÇÁ·Î±×·¥À» ¼³Ä¡ÇÏ°í ³ª°¬´Ù¸é sniff ¶õ ÀÌ¸§À¸·Î ¼³Ä¡ÇßÀ» ¸® ¸¸¹«ÇÏ±â ¶§¹®ÀÌ´Ù. ½Ã½ºÅÛ ³»¿¡¼ ÈçÈ÷ µ¹°í ÀÖ´Â in.telnetd ³ª in.uucpd µîÀÇ ÀÌ¸§À¸·Î ¹Ù²Ù¾î ÀÛµ¿½ÃÅ°´Â °æ¿ì°¡ ÈçÈ÷ ÀÖ´Ù. 2) º»°ÝÀûÀÎ Process management & monitoring ¿ì¼± ÇÁ·Î¼¼½º¸¦ »ìÆìº¸´Â ÇÁ·Î±×·¥¿¡´Â ´Ùµé ¾Ë°í ÀÖµíÀÌ /bin/ps °¡ ÀÖ´Ù. ±×·±µ¥ ¿©·¯ Á¾·ùÀÇ ´Ù¸¥ OS ¸¦ »ç¿ëÇØ º» »ç¶÷Àº ´À³¢°ÚÁö¸¸, OS ¸¶´Ù ¿É¼ÇÀÌ Á¶±Ý¾¿ ´Þ¶ó¼ ¿øÇÏ´Â °á°ú¸¦ ¾òÁö ¸øÇÏ´Â °æ¿ì°¡ ÀÖ¾úÀ» °ÍÀÌ´Ù. ÀÚ ÀÌÁ¦ OS ¸¶´ÙÀÇ ps ¿É¼ÇµéÀ» »ìÆìº¸ÀÚ. ps ÀÇ ¿É¼ÇÀº Å©°Ô µÎ °¡Áö Á¾·ù·Î ³ª´ ¼ö°¡ ÀÖ´Ù. BSD °è¿ÀÇ ½Ã½ºÅÛÀÇ ps¿Í System V °è¿ÀÇ ½Ã½ºÅÛ¿¡¼ »ç¿ëÇÏ´Â ps ÀÌ´Ù. ¸ÕÀú BSD °è¿À» »ìÆìº¸ÀÚ. ÇØ´çµÇ´Â OS ¿¡´Â SunOS °¡ ´ëÇ¥ÀûÀÎ ¿¹ÀÌ³ª AIX, SunOS , Linux , Digital UNIX , Solaris ¿¡ ÀÖ´Â /usr/ucb/ps µµ BSD ÀÇ ps ÀÌ´Ù. ÀÌ °è¿ÀÇ ps ¿¡¼ ÁÖ·Î »ç¿ëµÇ´Â ¿É¼Ç¿¡´Â ´ÙÀ½°ú °°Àº °ÍÀÌ ÀÖ´Ù. -ax : ½Ã½ºÅÛÀÇ ¸ðµç ÇÁ·Î¼¼½ºµéÀ» µð½ºÇÃ·¹ÀÌ ½ÃÅ²´Ù. % ps -ax PID TT S TIME COMMAND 0 ? T 0:00 sched 1 ? S 2:04 /etc/init - 2 ? S 0:12 pageout 3 ? S 85:46 fsflush 137 ? S 3:18 /sbin/gated 146 ? S 0:05 /usr/sbin/rpcbind 148 ? S 0:00 /usr/sbin/keyserv 154 ? S 0:00 /usr/sbin/kerbd 164 ? S 0:29 /usr/sbin/inetd -s 167 ? S 0:00 /usr/lib/nfs/statd 169 ? S 0:04 /usr/lib/nfs/lockd 191 ? S 0:01 /usr/lib/autofs/automountd .......... -c : ½ÇÁ¦ÀÇ ¸í·É¾î ÀÌ¸§À» Ç¥½ÃÇÑ´Ù. % ps -c PID TT S TIME COMMAND 25359 pts/40 S 0:00 tcsh 25460 pts/40 O 0:00 ps -e : ¸í·É¾î°¡ ¼öÇàµÉ ¶§ ¾²ÀÎ È¯°æ º¯¼ö¿Í , ¸í·É¾î¸¦ °°ÀÌ Ç¥½ÃÇØ ÁØ´Ù. % ps -e PID TT S TIME COMMAND 25359 pts/40 S 0:00 -tcsh TZ=ROK TERM=vt100 PATH=/usr/bin: HOME=/cosmos/use 25469 pts/40 O 0:00 ps -e TZ=ROK TERM=vt100 PATH=.:/cosmos/user/sakai:/usr/ -w : ´Ù¸¥ ÇÁ·Î¼¼½º ¿É¼Ç µÚ¿¡ ºÙ¿©¼ Wide Æ÷¸ËÀ¸·Î µð½ºÇÃ·¹ÀÌ ½ÃÅ²´Ù. % ps -axw ...... 260 ? S 6:56 nmbd 269 ? S 0:57 /usr/local/etc/arns -i le0 -2 -z kaistCompSci -l /usr/lo 272 ? S 0:00 /bin/sh /usr/local/squid/bin/RunCache 276 ? S 82:25 squid -s ...... -ww : ¸í·É¾î°¡ ÇÑ line À» ³Ñ¾î°¡°Ô µÇ¸é ps ÀÇ -w ¿É¼ÇÀ¸·Î »ìÆìº¸¾Æµµ Ç¥½ÃÇÒ ¼ö ¾ø´Â °æ¿ì°¡ ÀÖ´Ù. (½Ã½ºÅÛ¿¡ µû¶ó ´Ù¸£´Ù. ¾î¶°ÇÑ ½Ã½ºÅÛÀº w ¸¸ »ç¿ëÇÏ¿©µµ ww ¿Í °°Àº È¿°ú¸¦ ³ªÅ¸³½´Ù.) ÀÌ ¶§ ww ¸¦ ÁßÃ¸½ÃÄÑ¼ »ç¿ëÇÏ¸é Ä¿¸Çµå ÀüºÎ¸¦ »ìÆìº¼ ¼ö ÀÖ´Ù. % ps -axww ...... 260 ? S 6:56 nmbd 269 ? S 0:57 /usr/local/etc/arns -i le0 -2 -z kaistCompSci -l /usr/local/lib/cap/arns.log -f /usr/local/lib/cap/arns.fi 272 ? S 0:00 /bin/sh /usr/local/squid/bin/RunCache 276 ? S 82:25 squid -s ...... Æ¯È÷ e ¿É¼Ç°ú , ww ¿É¼Ç Àº ÇÁ·Î¼¼½º¸¦ °¨½ÃÇÏ°í °ü¸®ÇÏ´Âµ¥ ¾ÆÁÖ À¯¿ëÇÑ ¿É¼ÇµéÀÌ´Ï ±â¾ïÇÏ±â ¹Ù¶õ´Ù. ´ÙÀ½À¸·Î System V °è¿À» »ìÆìº¸ÀÚ. System V °è¿ÀÇ OS ¿¡´Â AIX, Digital UNIX, Solaris, HP-UX, IRIX, SCO UNIX µîÀÌ ÀÖ´Ù. Àü¹ÝÀûÀ¸·Î BSD °è¿ÀÇ ps ¿Í ¿É¼ÇÀÌ °°´Ù. ÀÌÁ¦ Â÷ÀÌ°¡ ÀÖ´Â ¿É¼ÇÀ» »ìÆìº¸¸é ´ÙÀ½°ú °°´Ù. e : e ¿É¼ÇÀº BSD ÀÇ È¯°æº¯¼ö¸¦ º¸¿©ÁÖ´Â ¿É¼ÇÀÌ ¾Æ´Ñ ½Ã½ºÅÛ ³»ÀÇ ¸ðµç ÇÁ·Î¼¼½º¸¦ µð½ºÇÃ·¹ÀÌ ½ÃÅ°´Â ¿É¼ÇÀÌ´Ù. f : process ÀÇ ½ÃÀÛ ½Ã°£ºÎÅÍ Ç¥½ÃÇÏ¿© full listing À» ½ÃÄÑÁÖ´Â ¿É¼ÇÀÌ´Ù. % ps -e PID TTY TIME COMMAND 0 ? 0:13 swapper 1 ? 0:02 init 2 ? 0:00 vhand 3 ? 0:00 statdaemon 7 ? 0:00 unhashdaemon 10 ? 0:00 lvmkd 11 ? 0:00 lvmkd 12 ? 0:00 lvmkd 13 ? 0:00 lvmkd 6 ? 0:00 sockregd 1399 console 0:00 getty 185 ? 0:00 DIAGMON 75 ? 1:09 syncer 137 ? 0:00 cron 102 ? 0:00 rlbdaemon 83 ? 0:00 nktl_daemon ........ % ps -ef UID PID PPID C STIME TTY TIME COMMAND root 0 0 0 Jan 1 ? 0:13 swapper root 1 0 0 Mar 12 ? 0:02 init root 2 0 0 Mar 12 ? 0:00 vhand root 3 0 0 Mar 12 ? 0:00 statdaemon root 7 0 0 Mar 12 ? 0:00 unhashdaemon root 10 0 0 Mar 12 ? 0:00 lvmkd root 11 0 0 Mar 12 ? 0:00 lvmkd root 12 0 0 Mar 12 ? 0:00 lvmkd root 13 0 0 Mar 12 ? 0:00 lvmkd root 6 0 0 Mar 12 ? 0:00 sockregd root 1399 1 0 Mar 12 console 0:00 /etc/getty console console root 185 1 0 Mar 12 ? 0:00 DIAGMON root 75 1 0 Mar 12 ? 1:09 /etc/syncer root 137 1 0 Mar 12 ? 0:00 /etc/cron root 102 1 0 Mar 12 ? 0:00 /etc/rlbdaemon root 83 1 0 Mar 12 ? 0:00 /etc/nktl_daemon 0 0 0 -1 0 1 -2 root 109 85 0 Mar 12 ? 0:00 /etc/netfmt -f /usr/adm/nettl .LOG00 -F -C -c /usr/adm/conslo ................ ÇÁ·Î¼¼½º¸¦ »ìÆìº¼ ¶§ ¸ðµç ÇÁ·Î¼¼½ºÀÇ ¸®½ºÆ®¸¦ »ìÆìº¸±â¶õ ¼ÖÁ÷È÷ Â¥Áõ³ª´Â ÀÏÀÌ´Ù. ±×·¸±â ¶§¹®¿¡ ¿øÇÏ´Â ³»¿ë¸¸À» »ìÆìº¸·Á¸é , grep ÀÌ³ª egrep (environment grep ) À» ÀÌ¿ëÇÏ¿© ÇÊ¿äÇÑ ³»¿ëÀ» »ìÆìº¸´Â °ÍÀÌ ÁÁ´Ù. ´ÙÀ½Àº ±× ¿¹ÀÌ´Ù. $ ps -ax | egrep 'PID|sakai' 241 co R 0:02 rm /home/sakai/newest/95/test.txt /home/urd $ ps -axww | egrep 'PID|sakai' PID TT STAT TIME COMMAND 241 co R 0:02 rm /home/sakai/newest/95/test.txt /home/sakai/newest/95 /skuld.txt /home/sakai/belldandy.txt /home/sakai/newest/95/cenda.txt $ ps -auxc | egrep 'PID|sakai' USER PID %CPU %MEM SZ RSS TT STAT TIME COMMAND sakai 211 6.7 1.1 824 544 p4 S 0:00 xtetris ´ÙÀ½À¸·Î ps ¸¦ ½ÇÇà½ÃÄ×À» ¶§ 1 ¶óÀÎ¿¡ ³ª¿À´Â Å°¿öµåµéÀÌ ÀÇ¹ÌÇÏ´Â ¹Ù¸¦ »ìÆìº¸ÀÚ. USER(BSD) , UID (System V) process ÀÇ ¼ÒÀ¯ÁÖ¸¦ Ç¥½ÃÇÑ´Ù. PID Process ÀÇ ID ¸¦ Ç¥½ÃÇÑ´Ù. %CPU SunOS ¿Í Digital UNIX ¿¡¼´Â »ç¿ëµÈ CPU ÀÇ ÃßÁ¤Ä¡¸¦ Ç¥½ÃÇÑ´Ù. AIX, Solaris, Linux ¿¡¼´Â CPUtime °ú °æ°ú½Ã°£À» Ç¥½ÃÇÑ´Ù. %MEM BSD °è¿¿¡¼¸¸ Ç¥½ÃµÇ´Âµ¥, »ç¿ëµÈ ¸Þ¸ð¸®ÀÇ ÃßÁ¤Ä¡¸¦ Ç¥½ÃÇÑ´Ù. SZ ÇöÀç »ç¿ëÁßÀÎ °¡»ó¸Þ¸ð¸® ¶Ç´Â ÆäÀÌÁö¸¦ Ç¥½ÃÇÑ´Ù. RSS ÇöÀç »ç¿ëÁßÀÎ Real ¸Þ¸ð¸® »óÈ²À» ³ªÅ¸³½´Ù. TT, TTY ÇöÀçÀÇ process ÀÇ ¼ÒÀ¯ÁÖ°¡ »ç¿ëÁßÀÎ ÅÍ¹Ì³Î Æ÷Æ®¸¦ ³ªÅ¸³½´Ù. STAT(BSD), S (System V) ÇöÀçÀÇ ÇÁ·Î¼¼½ºÀÇ »óÅÂ¸¦ ³ªÅ¸³½´Ù. »óÅÂ¿¡´Â ´ÙÀ½°ú °°Àº °ÍµéÀÌ ÀÖ´Ù. R : Running ÁßÀÎ »óÅÂ S : Sleep ÁßÀÎ »óÅÂ I : Idle(BSD) »óÅÂ ¶Ç´Â Intermediate »óÅÂ(System V) T : Signal µîÀ» ¹Þ¾Æ¼ ÁßÁöµÈ »óÅÂ Z : Á»ºñ ÇÁ·Î¼¼½º D : BSD ¿¡¸¸ Á¸ÀçÇÏ´Â »óÅÂÇ¥½Ã·Î¼ Disk ÀÇ wait »óÅÂ¸¦ ³ªÅ¸³½´Ù. P : BSD ¿¡¸¸ Á¸ÀçÇÏ´Â »óÅÂÇ¥½Ã·Î¼ Page ÀÇ wait »óÅÂ¸¦ ³ªÅ¸³½´Ù. X : System V ¿¡¸¸ Á¸ÀçÇÏ´Â »óÅÂÇ¥½Ã·Î¼ ÇöÀç ¸Þ¸ð¸® wait ÁßÀÎ »óÅÂ¸¦ ³ªÅ¸³½´Ù. K : AIX ¿¡¸¸ Á¸ÀçÇÏ´Â »óÅÂÇ¥½Ã·Î¼ À¯È¿ÇÑ Ä¿³ÎÀÇ ÇÁ·Î¼¼½º¸¦ ³ªÅ¸³½´Ù. W : BSD ¿¡¸¸ Á¸ÀçÇÏ´Â »óÅÂÇ¥½Ã·Î¼ swap-out µÈ »óÅÂ¸¦ ³ªÅ¸³½´Ù. N : BSD ¿¡¸¸ Á¸ÀçÇÏ´Â »óÅÂÇ¥½Ã·Î¼ Nice µÇ¾î ÀÖ´Â »óÅÂ¸¦ Ç¥½ÃÇÑ´Ù. : BSD ¿¡¸¸ Á¸ÀçÇÏ´Â »óÅÂÇ¥½Ã·Î¼ ÀÓÀÇ·Î nice °¡ ÇÒ´çµÈ »óÅÂÀÓÀ» Ç¥½ÃÇÑ´Ù. TIME ÃÑ »ç¿ëµÈ CPU time À» Ç¥½Ã COMMAND ½ÇÇàµÈ ¸í·É¾îÀÇ ÀÌ¸§À» Ç¥½Ã STIME (System V) , START (SunOS) ÇÁ·Î¼¼½º°¡ ½ÇÇàµÈ ½Ã°£À» Ç¥½Ã F process ¿Í °ü·ÃµÈ flag ¸¦ Ç¥½Ã PPID parent ÇÁ·Î¼¼½ºÀÇ process ID ¸¦ Ç¥½Ã NI nice number ¸¦ ³ªÅ¸³½´Ù. C (System V) CPU »ç¿ë ÀÎÀÚ¿Í °ü·ÃµÈ Ç×¸ñÀ» Ç¥½Ã CP (BSD) ½ÇÇà priority ¸¦ Ç¥½Ã PRI ½ÇÁ¦ÀûÀÎ ½ÇÇà priority ¸¦ Ç¥½Ã WCHAN ´ë±âÁßÀÎ event ÇÁ·Î¼¼½º¸¦ Ç¥½Ã ¡¡ ÀÌÁ¦ process ¸¦ °¨½ÃÇÏ´Âµ¥ ÇÊ¿äÇÑ ±âº»ÀûÀÎ ¸í·É¾î´Â ´ë·« ¼³¸íÀÌ µÈ µí ÇÏ´Ï process management ¸¦ ÇÏ´Âµ¥ À¯¿ëÇÑ ÅøµéÀ» »ìÆìº¸ÀÚ. top ÇÁ·Î¼¼½º¸¦ °¨½ÃÇÏ´Âµ¥ À¯¿ëÇÑ ÇÁ·Î±×·¥À¸·Î top ÀÌ ÀÖ´Ù. top Àº ¸®¾óÅ¸ÀÓÀ¸·Î ÇÁ·Î¼¼½ºÀÇ º¯È ¹× ½Ã½ºÅÛÀÇ Àü¹ÝÀûÀÎ ¸Þ¸ð¸® »ç¿ë »óÈ², CPU »ç¿ë »óÈ²µéÀ» ÇÔ²² º¸¿©ÁÖ¹Ç·Î »ó´çÈ÷ À¯¿ëÇÑ ÅøÀÌ´Ù. HP-UX ¿Í IRIX , Linux ÀÇ °æ¿ì´Â OS ÀÚÃ¼¿¡ Æ÷ÇÔÀÌ µÇ¾î ÀÖ°í, ´Ù¸¥ OS ¿¡¼´Â monitor ÆÐÅ°Áö¸¦ »õ·Î ÀÎ½ºÅçÀ» ÇØ¾ß ÇÑ´Ù . ÀÌÁ¦ °£·«ÇÑ top ÀÇ »ç¿ë¹ýÀ» »ìÆìº¸ÀÚ. top ¿¡¼ status ¸¦ ¾÷µ¥ÀÌÆ® ½ÃÅ°´Â ½Ã°£À» ¿É¼ÇÀ¸·Î ÀçÁ¶Á¤ÇØÁÙ ¼ö ÀÖ´Ù. ´ÙÀ½Àº °¢ OS ¿¡¼ 8 ÃÊ¸¶´Ù ¾÷µ¥ÀÌÆ® ½ÃÅ°¶ó´Â top ÀÇ ¸í·ÉÀÌ´Ù. Linux : top d8 HP-UX : top -s 8 IRIX : top -i 8 ±×¸®°í top ÀÌ ±¸µ¿µÇ´Â È¸é ¾È¿¡¼ k ¸¦ ´·¯ ¿øÇÏ´Â process ¸¦ kill ÇÒ¼ö ÀÖ°í ÇöÀç ÀÛµ¿µÇ´Â process µé¿¡ r Å°¸¦ ´·¯¼ priority ¸¦ ÀçÇÒ´ç ½ÃÅ³ ¼öµµ ÀÖ´Ù. ´ÙÀ½ÀÌ top ÀÇ Ã¢ ¾È¿¡¼ ÁÙ ¼ö ÀÖ´Â ¸í·ÉµéÀÌ´Ù. ^L È¸éÀ» redraw ½ÃÅ²´Ù. h or ? µµ¿ò¸»À» º»´Ù. i idle proceses µéÀ» º»´Ù. k ÇÁ·Î¼¼½º¸¦ kill ÇÏ´Âµ¥ »ç¿ëµÈ´Ù. n or # ÀÔ·ÂÇÑ ¼ýÀÚÀÇ ÇÁ·Î¼¼½º¸¦ º¸¿©ÁØ´Ù. q top À» Á¾·áÇÑ´Ù. r process ÀÇ nice ¸¦ ´Ù½Ã ÁöÁ¤ÇÏ¿© priority ¸¦ ÀçÇÒ´çÇÑ´Ù. S status ¸¦ ´©Àû½ÃÄÑ¼ º¸¿©ÁØ´Ù. s update time À» ÀçÁ¶Á¤ÇÑ´Ù. pstree ÇÁ·Î¼¼½ºµéÀÇ »çÇ×µé (child process , mother process µéÀÇ fork »óÈ²µé)À» tree ·Î Ç¥ÇöÇÏ¿© º¸±â ÁÁ°í, °¨½ÃÇÏ±â ÁÁ°Ô ÇØ ³õÀº ÅøÀÌ´Ù. ±âº»ÀûÀ¸·Î Linux ¿¡´Â Æ÷ÇÔÀÌ µÇ¾îÀÖ´Â ÅøÀÎµ¥, ´Ù¸¥ OS ¿¡¼µµ procps ÆÐÅ°Áö¸¦ ¼³Ä¡ÇÏ¸é Æ÷ÇÔÀÌ µÇ°Ô µÈ´Ù. ÀÌ¸¦ ÅëÇÏ¿© ¸¹Àº À¯¿ëÇÑ ÀÏÀ» ÇÒ ¼ö ÀÖ´Âµ¥ ±× ¿¹¸¦ µé¸é in.telnetd ´Â ½´ÆÛµ¥¸óÀÎ inetd ¿¡¼ È£ÃâµÇ¾î ±¸µ¿µÇ´Â µ¥¸óÀÌ´Ù. ÇÏÁö¸¸ ÇØÄ¿°¡ ÀÚ½ÅÀÇ ÇØÅ· ÇÁ·Î±×·¥À» ps ¸¦ ÅëÇØ °¨½ÃÇÏ´õ¶óµµ °¨ÁöµÇÁö ¾Ê±â À§ÇØ in.telnetd ¶õ ÀÌ¸§À¸·Î ¹Ù²Ù¾î ½ÇÇà½ÃÄ×´Ù ÇÒ Áö¶óµµ inetd ¿¡¼ È£ÃâµÈ °ÍÀÌ ¾Æ´Ï¹Ç·Î pstree ¸¦ ÀÌ¿ëÇÏ¿© °¨ÁöÇØ ³¾ ¼ö ÀÖ°Ô µÈ´Ù. ¡¡ Linux_maching% pstree init-+-agetty |-crond |-httpd---10*[httpd] |-inetd-+-in.rlogind---tcsh | |-in.telnetd---tcsh-+-pstree | | `-tcsh | |-in.telnetd---tcsh---vi | `-nmbd |-kerneld |-kflushd |-klogd |-kswapd |-lpd |-4*[nfsiod] |-rpc.mountd |-rpc.nfsd |-rpc.portmap |-screen---2*[tcsh] |-sendmail |-sshd |-syslogd |-update |-xconsole `-xdm-+-X `-xdm ÀÌ ¿Ü¿¡µµ Á÷Á¢ÀûÀÎ process management ¿Í´Â °ü°è°¡ ÀûÁö¸¸ memory management ¿¡ »ç¿ëµÇ´Â °ü·ÃÀÖ´Â ¸í·É¾î·Î vmstat, limit , ulimit , sar(System V) , schedtune(AIX) , dispadmin (Solaris), hinv (IRIX), lsattr(AIX) monitor(AIX), grosview(IRIX) µîÀÌ ÀÖÀ¸´Ï ÂüÁ¶ÇÏ±â ¹Ù¶õ´Ù. ÀÌµé ¸í·É ¹× Memory Management ¿Í °ü·ÃµÈ »çÇ×µéÀº ´ÙÀ½ È£¿¡¼ ´Ù·ç°íÀÚ ÇÑ´Ù. 3) process ¿¡ priority ÇÒ´çÇÏ±â (nice , renice ) ´ëºÎºÐÀÇ À¯´Ð½º ½Ã½ºÅÛµéÀº priority ±â¹ÝÀÇ round-robin ½ºÄÉÁì¸µ ¾Ë°í¸®Áò¿¡ ±Ù°ÅÇÏ¿© CPU ¸®¼Ò½º¸¦ ¿©·¯ »ç¿ëÀÚµéÀÌ »ç¿ëÇÏ°Ô µÈ´Ù. ¶ÇÇÑ ¸ðµç ¸í·ÉÀº °¢°¢ÀÇ execution priority ¸¦ °¡Áö°í ±¸µ¿ µÇ°Ô µÇ¾î ÀÖ´Âµ¥ º¸Åë °°Àº priority ¸¦ °®´Â ¸í·É¿¡¼´Â CPU Time À» ½ÃºÐÇÒ·Î ÇÒ´ç ¹Þ¾Æ¼ ±¸µ¿ µÇ°Ô µÈ´Ù. ÇÁ·Î±×·¥ °íÀ¯ÀÇ priority ´Â ps -l ¿É¼ÇÀ» ÁÖ¾î¼ NI ÇÊµå¸¦ »ìÆìº¸¸é µÈ´Ù. ±×¸®°í priority °¡ Á»´õ ³ôÀº ¸í·É¾î¶ó¸é CPU ÀÇ »ç¿ë½Ã°£ÀÌ Á»´õ ±æ¾îÁö°Ô Ã³¸®¸¦ ÇØÁÖ¹Ç·Î priority °¡ ³ôÀº ÇÁ·Î±×·¥ÀÌ ÈÎ¾À »¡¸® Ã³¸®µÇ°Ô µÈ´Ù. Priority number ´Â -20 ¿¡¼ +20 ±îÁö ÀÖ´Âµ¥ root °¡ ÀÓÀÇ·Î ÇÒ´çÇÏ¿© priority¸¦ Àç¹èÁ¤½ÃÅ³ ¼ö°¡ ÀÖ´Ù. ÀÌ ¶§ »ç¿ëµÇ´Â ¸í·É¾î°¡ nice ³ª renice ÀÎµ¥ °ü¸®ÀÚ°¡ ÀÓÀÇ·Î priority ¸¦ ÀçÇÒ´ç½ÃÅ² °æ¿ì current (actual) execution priority ·Î ÇÒ´çÀÌ µÇ°Ô µÇ°í, ÀÌ¸¦ »ìÆìº¸±â À§ÇØ¼´Â ps -l ¿É¼ÇÀ» ÁÖ¾î¼ PRI ÇÊµå¸¦ »ìÆìº¸¸é µÈ´Ù. Priority number ´Â ±âº»ÀûÀ¸·Î BSD ¿¡¼´Â 0 ÀÌ ÁÖ¾îÁö°í , System V ¿¡¼´Â 20 ÀÌ ÁÖ¾îÁö´Âµ¥, ¼ýÀÚÅ©±â°¡ ÀûÀ» ¼ö·Ï ³ôÀº priority ¸¦ °®´Â´Ù. nice ÀÇ »ç¿ë¹ýÀº ´ÙÀ½°ú °°´Ù. % nice [+|- n] command (C shell built in command ) # nice - [[-] n] command (/usr/bin ¿¡ À§Ä¡ÇÑ ÇÁ·Î±×·¥À¸·Î¼ÀÇ nice ¸í·É¾î) ¿¹¸¦ µé¾îº¸¸é, % nice +6 a.out # /bin/nice -6 a.out À» ¼öÇà½ÃÅ°¸é a.out ÀÇ current execution priority ´Â BSD °è¿¿¡¼´Â 6 , System V °è¿¿¡¼´Â 26 ÀÇ priority ¸¦ °®°Ô µÈ´Ù. % nice -5 important_job # nice - -5 important_job À§ÀÇ °æ¿ì¿¡´Â improtant_job ÀÇ current execution priority ´Â BSD °è¿ÀÇ °æ¿ì -5 ¸¦ °®°Ô µÇ°í, System V ÀÇ °æ¿ì 15 ÀÇ priority ¸¦ °®°Ô µÈ´Ù. nice ÀÇ °æ¿ì´Â ÇÁ·Î±×·¥À» ¼öÇà½ÃÅ°¸é¼ priority ¸¦ ÇÒ´ç½ÃÄÑ ¸í·ÉÀ» ½ÇÇà½ÃÅ°´Â °æ¿ìÀÌ°í, ÀÌ¿¡ ¹ÝÇØ ÀÌ¹Ì ½ÇÇà½ÃÅ² ¸í·ÉÀÇ priority ¸¦ º¯°æ½ÃÅ°°í ½ÍÀº °æ¿ì¿¡´Â renice ¶ó´Â ¸í·É¾î¸¦ »ç¿ëÇÏ¸é µÈ´Ù. Àü¹ÝÀûÀÎ »ç¿ë¹ýÀº nice ¿Í µ¿ÀÏÇÑµ¥ argument ·Î command ´ë½Å process ID°¡ µé¾î°£´Ù´Â °ÍÀÌ ´Ù¸£´Ù. # renice new-nice-number pid ´ÙÀ½Àº ½ÇÇà ¿¹ÀÌ´Ù. # renice 5 8101 À§¿Í °°Àº ¸í·É¾î¸¦ ¼öÇà½ÃÅ°¸é 8101 ÇÁ·Î¼¼½ºÀÇ priority ´Â 5 °¡ µÈ´Ù. renice ÀÇ °æ¿ì AIX , HP-UX °æ¿ì¿¡´Â »ç¿ë¹ýÀÌ Á¶±Ý ´Ù¸£´Ù. # renice -n 12 8101 8101: old priority 0, new priority 12 °ú °°ÀÌ ¸í·ÉÀ» ÁÖ¾î¾ß À§ÀÇ ¸í·É¾î¿Í °°Àº È¿°ú¸¦ ¾òÀ» ¼ö ÀÖ´Ù. ±×¸®°í , solaris ÀÇ °æ¿ì¿¡´Â priocntl (priority control) ÀÌ¶õ ¸í·É¾î¸¦ »ç¿ëÇÏ¿© ÇÁ·Î¼¼½º¿¡ priority ¸¦ ÀçÇÒ´ç½ÃÅ³ ¼ö ÀÖ´Ù. realtime , time-sharing , interactive ÀÇ Å¬·¡½º·Î ³ª´©¾î¼ ÇÁ·Î¼¼½ºµéÀ» °ü¸®½ÃÅ³ ¼ö ÀÖ´Ù. realtime À¸·Î ½ÇÇà½ÃÅ°¸é priority ÇÒ´ç ¹× ¿ì¼±¼öÇà ÀÚÃ¼´Â È®½ÇÇÏÁö¸¸, ½Ã½ºÅÛ ºÎÇÏ·®ÀÌ Áõ°¡ÇÏ´Â ´ÜÁ¡ÀÌ ÀÖ°í, time-sharing class ´Â CPU time À» ÇÒ´ç ½ÃÄÑÁÖ´Â ºñÀ²À» Á¤ÇØÁØ´Ù. ±×¸®°í interactive Å¬·¡½º´Â ÇÁ·Î±×·¥ÀÌ ÀÔÃâ·ÂÀÌ ¾øÀ¸¸é priority °¡ Á¡Â÷ÀûÀ¸·Î ¶³¾îÁö°Ô µÇ´Â Å¬·¡½ºÀÌ´Ù. ÀÌ ¸í·É¾îÀÇ »ç¿ë¹ýÀº ´ÙÀ½°ú °°´Ù. # priocntl -s -p new-priority -i pid process_id ´ÙÀ½Àº Solaris ¿¡¼ priocntl À» ¼öÇà½ÃÅ°´Â ¿¹ÀÌ´Ù. # priocntl -s -p -5 -i pid 8733 4) Process ¸¦ kill ÇÏ±â kill ÀÇ ¸í·É¾î´Â º¸Åë ¸¹ÀÌ »ç¿ëÇØ ºÃ±â ¶§¹®¿¡ Æ¯º°È÷ ¼³¸íÇÏÁø ¾Ê°Ú´Ù. ÇÏÁö¸¸ ¸î °¡Áö Ã·¾ðÀ» ÇÏÀÚ¸é -9 ¿É¼ÇÀ» ÀÌ¿ëÇØ¼ °Á¦Á¾·á¸¦ ½ÃÅ³ °æ¿ì Àß¸øÇÏ¸é Á»ºñ process ¸¦ »ý¼º½ÃÅ³ ¼ö ÀÖ´Â ¿äÀÎÀÌ µÇ¹Ç·Î -15 ¿É¼ÇÀ» ÀÌ¿ëÇÏ¿© process ¸¦ Á¾·á½ÃÅ°±â ¹Ù¶õ´Ù. ¶Ç, kill °ú °ü·ÃµÈ ¸í·É¾î·Î killall ÀÌ ÀÖ´Âµ¥ , ÀÌ´Â IRIX ¿Í LINUX ¿¡¼ Á¦°øµÇ´Â ¸í·É¾î´Ù. ÀÚ, ÀÌ·Î¼ process °ü¸® ¹× °¨½Ã¿¡ °üÇÑ ³»¿ëÀ» ¸¶Ä¥±î ÇÑ´Ù. °ü¸®ÀÚ°¡ Ç×»ó ¸í½ÉÇØ¾ß ÇÒ Ã¶ÇÐÀÌ ÀÖ´Ù. ´ÙÀ½ ³»¿ëµéÀÌ´Ù. "The analyst must resist the temptation to tune what is measurable rather than what is important" (AIX version 3.2 , 4.1 ÀÇ Performance Tuning Guide ¿¡¼) Resist the temptation to tune something just because it is tunable. If it isn't broken, don't fix it. ½Ã½ºÅÛÀ» °ü¸®ÇØ º» »ç¶÷µéÀÌ¶ó¸é ¹«¾ð°¡ ´À²¸Áö´Â °ÍÀÌ ÀÖÀ» °ÍÀÌ´Ù.±×¸®°í ¶ÇÇÑ, ½Ã½ºÅÛÀ» ¿ì¼±ÀûÀ¸·Î »ý°¢ÇÏ´Â °Íµµ Áß¿äÇÏÁö¸¸, Ç×»ó »ç¿ëÀÚµéÀÇ ´Ù¼öÀÇ ÆíÀÇ¸¦ ´Ã °í·ÁÇØ ÁÖ±â ¹Ù¶õ´Ù. General Security Administration III ºÎ (´ÙÀ½ È£) ½Ã½ºÅÛÀÇ ·Î±×°ü¸® ¹× ºÐ¼®¹ý. °ü·Ã ¸í·É¾î ¹× Åø ¼Ò°³ ====================================================================== (footnote) # ´Â root shell ÇÁ·ÒÇÁÆ®¸¦ ¶æÇÑ´Ù. $ Àº ÀÏ¹Ý »ç¿ëÀÚÀÇ borne shell °è¿ ½© ÇÁ·ÒÇÁÆ®¸¦ ¶æÇÑ´Ù. % ´Â ÀÏ¹Ý »ç¿ëÀÚÀÇ C shell °è¿ ½© ÇÁ·ÒÇÁÆ®¸¦ ¶æÇÑ´Ù. ===================================================================== References 1. Essential System Administration, O'Reilly & Assoiates, Inc. 2. [General Security Technique - Practically Useful], ±èÈÖ° ,Á¦ 4 È¸ WWW-KR Conference