Juniper SRX防火墙系统会话链接的清除
维护Juniper防火墙SRX系列防火墙,一段时间后,发现防火墙老是有时候登录不上去,有时候可以登录。
查看用户的时候,发现,系统挂了很多连接会话,怪不得老是无法登录,资料被消耗了。
用户并不多:
{primary:node0}
james@SRX3600-FW-1> show system users
node0:
--------------------------------------------------------------------------
3:58PM up 648 days, 15:42, 3 users, load averages: 0.27, 0.19, 0.14
USER TTY FROM LOGIN@ IDLE WHAT
james p0 10.251.152.212 2:42PM 1:07 ssh 10.244.136
james p1 10.251.152.212 3:53PM - -cli (cli)
node1:
--------------------------------------------------------------------------
3:58PM up 40 days, 10 hrs, 0 users, load averages: 0.17, 0.19, 0.12
连接数倒是很多。。。
james@SRX3600-FW-1> show system connections | match 10.111.141.146.22
tcp4 0 0 10.111.141.146.22 10.251.152.212.1669 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.251.152.212.1281 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.27.46565 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.24.40582 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.30.3102 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.30.27496 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.30.22894 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.30.22890 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.30.21030 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.30.25413 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.24.51123 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.27.59378 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.26.40712 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.27.9228 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.26.7785 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.27.27143 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.27.46143 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.28.9249 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.24.19977 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.30.54018 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.24.37582 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.28.39697 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.30.51267 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.30.28047 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.30.36206 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.26.12024 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.28.19595 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.27.32237 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.28.62761 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.28.8727 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.28.57345 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.24.7457 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.28.60782 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.30.50150 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.24.23601 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.30.54827 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.28.51074 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.27.35025 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.26.13587 ESTABLISHED
登录查看是那些进程:
root@SRX3600-FW-1% ps -aux | grep sshd
root 61980 0.1 0.2 6084 2432 ?? S 10:37AM 0:00.30 sshd: nsm [priv] (sshd)
root 3740 0.0 0.2 7288 2484 ?? Is 9Sep15 0:00.76 sshd: kevinw@notty (sshd)
root 3791 0.0 0.2 7288 2484 ?? Is 9Sep15 0:00.50 sshd: kevinw@notty (sshd)
root 4066 0.0 0.2 7288 2488 ?? Is 9Sep15 0:00.18 sshd: james@notty (sshd)
root 4449 0.0 0.2 7288 2484 ?? Is 9Sep15 0:00.38 sshd: kevinw@notty (sshd)
root 6513 0.0 0.2 7288 2484 ?? Is 1Sep15 0:00.29 sshd: kevinw@notty (sshd)
root 17193 0.0 0.2 7288 2484 ?? Is 1Sep15 0:00.29 sshd: kevinw@notty (sshd)
root 17558 0.0 0.2 7288 2484 ?? Is Mon02PM 0:00.26 sshd: kevinw@notty (sshd)
root 18548 0.0 0.2 7288 2484 ?? Is Mon03PM 0:00.16 sshd: kevinw@notty (sshd)
root 21354 0.0 0.2 7288 2484 ?? Is 1Sep15 0:00.41 sshd: kevinw@notty (sshd)
root 21658 0.0 0.2 7288 2484 ?? Is 1Sep15 0:00.25 sshd: kevinw@notty (sshd)
root 27719 0.0 0.2 7288 2484 ?? Is 28Aug15 0:00.39 sshd: kevinw@notty (sshd)
root 28611 0.0 0.2 7288 2484 ?? Is Thu04PM 0:00.23 sshd: kevinw@notty (sshd)
root 33524 0.0 0.2 7288 2484 ?? Is 24Aug15 0:00.19 sshd: kevinw@notty (sshd)
root 36425 0.0 0.2 7288 2484 ?? Is 6Sep15 0:00.26 sshd: kevinw@notty (sshd)
root 36800 0.0 0.2 7288 2484 ?? Is 6Sep15 0:00.27 sshd: kevinw@notty (sshd)
root 42448 0.0 0.2 7300 2496 ?? Is Tue03PM 0:00.13 sshd: kevinw@notty (sshd)
root 42450 0.0 0.2 7300 2496 ?? Is Tue03PM 0:00.13 sshd: kevinw@notty (sshd)
root 42953 0.0 0.2 7300 2496 ?? Is Tue04PM 0:00.31 sshd: kevinw@notty (sshd)
root 45193 0.0 0.2 7288 2484 ?? Is 2Sep15 0:00.62 sshd: kevinw@notty (sshd)
root 47703 0.0 0.2 7288 2484 ?? Is Fri12PM 0:00.83 sshd: kevinw@notty (sshd)
root 50156 0.0 0.2 7300 2496 ?? Is Wed09AM 0:00.13 sshd: kevinw@notty (sshd)
root 51153 0.0 0.2 7300 2496 ?? Is 11:24AM 0:00.13 sshd: kevinw@notty (sshd)
root 51155 0.0 0.2 7300 2496 ?? Is 11:24AM 0:00.13 sshd: kevinw@notty (sshd)
root 54215 0.0 0.2 7300 2496 ?? Is 5:09PM 0:00.13 sshd: kevinw@notty (sshd)
root 54223 0.0 0.2 7300 2496 ?? Is 5:10PM 0:00.13 sshd: kevinw@notty (sshd)
root 56559 0.0 0.2 7288 2484 ?? Is 25Aug15 0:00.24 sshd: james@notty (sshd)
root 58693 0.0 0.2 7288 2484 ?? Is 7Sep15 0:00.70 sshd: kevinw@notty (sshd)
root 60181 0.0 0.2 7288 2484 ?? Is 7Sep15 0:00.31 sshd: kevinw@notty (sshd)
root 60286 0.0 0.2 7288 2484 ?? Is 7Sep15 0:00.21 sshd: kevinw@notty (sshd)
root 60326 0.0 0.2 7288 2484 ?? Is 7Sep15 0:00.19 sshd: kevinw@notty (sshd)
root 61834 0.0 0.2 7288 2484 ?? Is 25Aug15 0:00.37 sshd: kevinw@notty (sshd)
root 61910 0.0 0.2 7292 2480 ?? Ss 10:30AM 0:00.22 sshd: james@ttyp0 (sshd)
sshd 61981 0.0 0.1 5740 1192 ?? I 10:37AM 0:00.11 sshd: nsm [net] (sshd)
root 77273 0.0 0.2 7288 2484 ?? Is 8Sep15 0:00.30 sshd: kevinw@notty (sshd)
root 78136 0.0 0.2 7288 2484 ?? Is 8Sep15 0:00.86 sshd: kevinw@notty (sshd)
root 79456 0.0 0.4 8512 3692 ?? Is 26Aug15 0:01.69 sshd: kevinw@notty (sshd)
root 80979 0.0 0.2 7288 2480 ?? Is 8Sep15 0:01.87 sshd: kevinw@ttyp2 (sshd)
root 86243 0.0 0.2 7288 2488 ?? Is 26Aug15 0:00.25 sshd: james@notty (sshd)
root 93209 0.0 0.2 7288 2488 ?? Is 31Aug15 0:00.56 sshd: andy@notty (sshd)
root 93754 0.0 0.2 7288 2484 ?? Is 31Aug15 0:01.00 sshd: kevinw@notty (sshd)
root 97322 0.0 0.2 7288 2484 ?? Is 31Aug15 0:00.71 sshd: andy@notty (sshd)
root 61994 0.0 0.1 2096 804 p0 R+ 10:37AM 0:00.01 grep sshd
root@SRX3600-FW-1%
root@SRX3600-FW-1%
把进程杀杀杀,全部杀光:
root@SRX3600-FW-1%
root@SRX3600-FW-1% kill -9 4449
kill -9 6513
root@SRX3600-FW-1% kill -9 6513
kill -9 17193
root@SRX3600-FW-1% kill -9 17193
root@SRX3600-FW-1% kill -9 17558
root@SRX3600-FW-1% kill -9 18548
root@SRX3600-FW-1% kill -9 21354
root@SRX3600-FW-1% kill -9 21658
root@SRX3600-FW-1% kill -9 27719
root@SRX3600-FW-1% kill -9 28611
root@SRX3600-FW-1% kill -9 33524
root@SRX3600-FW-1% kill -9 36425
root@SRX3600-FW-1% kill -9 36800
root@SRX3600-FW-1%
root@SRX3600-FW-1% kill -9 42448
root@SRX3600-FW-1% kill -9 42450
root@SRX3600-FW-1% kill -9 42953
root@SRX3600-FW-1% kill -9 45193
root@SRX3600-FW-1% kill -9 47703
root@SRX3600-FW-1% kill -9 50156
root@SRX3600-FW-1% kill -9 51153
kill -9 51155
root@SRX3600-FW-1% kill -9 51155
root@SRX3600-FW-1% kill -9 54215
root@SRX3600-FW-1% kill -9 54223
root@SRX3600-FW-1% kill -9 58693
root@SRX3600-FW-1% kill -9 60181
root@SRX3600-FW-1% kill -9 60286
root@SRX3600-FW-1% kill -9 60326
root@SRX3600-FW-1% kill -9 61834
root@SRX3600-FW-1% kill -9 61981
61981: No such process
root@SRX3600-FW-1% kill -9 77273
root@SRX3600-FW-1%
root@SRX3600-FW-1% kill -9 78136
root@SRX3600-FW-1% kill -9 79456
root@SRX3600-FW-1% kill -9 80979
kill -9 93209
kill -9 93754
kill -9 97322
root@SRX3600-FW-1% kill -9 93209
root@SRX3600-FW-1% kill -9 93754
root@SRX3600-FW-1% kill -9 97322
root@SRX3600-FW-1%
root@SRX3600-FW-1%
root@SRX3600-FW-1% ps -aux | grep sshd
root 4066 0.0 0.2 7288 2488 ?? Is 9Sep15 0:00.18 sshd: james@notty (sshd)
root 56559 0.0 0.2 7288 2484 ?? Is 25Aug15 0:00.24 sshd: james@notty (sshd)
root 61910 0.0 0.2 7292 2480 ?? Ss 10:30AM 0:00.29 sshd: james@ttyp0 (sshd)
root 62018 0.0 0.2 7300 2492 ?? Ss 10:40AM 0:00.13 sshd: kevinw@ttyp1 (sshd)
root 62046 0.0 0.2 6084 2432 ?? S 10:43AM 0:00.18 sshd: nsm [priv] (sshd)
sshd 62047 0.0 0.1 5740 1192 ?? I 10:43AM 0:00.11 sshd: nsm [net] (sshd)
root 86243 0.0 0.2 7288 2488 ?? Is 26Aug15 0:00.25 sshd: james@notty (sshd)
root 62049 0.0 0.1 2168 868 p0 S+ 10:43AM 0:00.01 grep sshd
root@SRX3600-FW-1% kill -9 4066
root@SRX3600-FW-1% kill -9 56559
root@SRX3600-FW-1% ps -aux | grep sshd
root 62055 0.3 0.2 6084 2432 ?? S 10:44AM 0:00.33 sshd: nsm [priv] (sshd)
root 61910 0.0 0.2 7292 2480 ?? Ss 10:30AM 0:00.30 sshd: james@ttyp0 (sshd)
root 62018 0.0 0.2 7300 2492 ?? Ss 10:40AM 0:00.17 sshd: kevinw@ttyp1 (sshd)
sshd 62056 0.0 0.1 5740 1192 ?? I 10:44AM 0:00.11 sshd: nsm [net] (sshd)
root 86243 0.0 0.2 7288 2488 ?? Is 26Aug15 0:00.25 sshd: james@notty (sshd)
root 62058 0.0 0.1 2096 740 p0 R+ 10:44AM 0:00.01 grep sshd
root@SRX3600-FW-1% kill -9 86243
root@SRX3600-FW-1% ps -aux | grep sshd
root 62060 20.0 0.2 6084 2432 ?? S 10:44AM 0:00.62 sshd: nsm [priv] (sshd)
sshd 62061 5.1 0.1 5740 1192 ?? S 10:44AM 0:00.11 sshd: nsm [net] (sshd)
root 61910 0.0 0.2 7292 2480 ?? Ss 10:30AM 0:00.31 sshd: james@ttyp0 (sshd)
root 62018 0.0 0.2 7300 2492 ?? Ss 10:40AM 0:00.19 sshd: kevinw@ttyp1 (sshd)
root 62063 0.0 0.1 2124 848 p0 R+ 10:44AM 0:00.01 grep sshd
root@SRX3600-FW-1%
……
杀光后,发现世界干净很多了。。^_^
{primary:node0}
james@SRX3600-FW-1> show system connections
node0:
--------------------------------------------------------------------------
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 10.111.141.146.55847 10.251.143.1.7804 ESTABLISHED
tcp4 0 0 10.111.141.146.56422 10.244.136.250.22 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.30.48485 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.251.152.212.4002 ESTABLISHED
tcp4 0 0 10.111.141.146.22 10.101.149.27.9228 TIME_WAIT
tcp4 0 0 10.111.141.146.60840 10.251.139.21.23 FIN_WAIT_1
tcp4 0 0 10.111.141.146.22 10.101.149.24.23601 TIME_WAIT
tcp4 0 0 10.111.141.146.22 10.101.149.27.35025 TIME_WAIT
tcp4 0 0 129.16.0.1.51627 130.16.1.22.49713 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 130.16.1.24.49713 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 130.16.1.24.64910 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 130.16.1.22.64910 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 130.16.1.22.56881 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 130.16.1.22.58046 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 130.16.1.24.56881 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 130.16.1.24.58046 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 129.16.1.22.49713 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 129.16.1.22.64910 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 129.16.1.24.49713 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 129.16.1.22.56881 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 129.16.1.22.58046 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 129.16.1.24.64910 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 129.16.1.24.56881 ESTABLISHED
tcp4 0 0 129.16.0.1.51627 129.16.1.24.58046 ESTABLISHED
tcp4 0 0 *.22 *.* LISTEN
tcp4 0 0 129.16.0.1.9000 129.16.0.1.61057 ESTABLISHED
tcp4 0 0 129.16.0.1.61057 129.16.0.1.9000 ESTABLISHED
tcp4 0 0 *.7000 *.* LISTEN
tcp4 0 0 *.6156 *.* LISTEN
tcp4 0 0 *.666 *.* LISTEN
tcp4 0 0 *.6159 *.* LISTEN
tcp4 0 0 129.16.0.1.9000 129.16.0.1.53096 ESTABLISHED
tcp4 0 0 129.16.0.1.53096 129.16.0.1.9000 ESTABLISHED
tcp4 0 0 *.9000 *.* LISTEN
tcp4 0 0 *.51627 *.* LISTEN
tcp4 0 0 *.6161 *.* LISTEN
tcp4 0 0 *.31343 *.* LISTEN
tcp4 0 0 *.31341 *.* LISTEN
tcp4 0 0 *.2049 *.* LISTEN
tcp4 0 0 *.6666 *.* LISTEN
tcp4 0 0 *.830 *.* LISTEN
tcp4 0 0 *.514 *.* LISTEN
tcp4 0 0 *.513 *.* LISTEN
tcp4 0 0 *.6234 *.* LISTEN
udp4 0 0 *.49299 *.*
udp46 0 0 *.514 *.*
udp4 0 0 *.514 *.*
udp4 72 0 *.55829 *.*
udp4 0 0 129.16.0.1.123 *.*
udp4 0 0 *.123 *.*
udp4 0 0 *.31342 *.*
udp46 0 0 *.64560 *.*
udp4 0 0 10.111.141.146.64967 *.*
udp46 0 0 *.161 *.*
udp4 0 0 *.161 *.*
udp46 0 0 *.4500 *.*
udp4 0 0 *.4500 *.*
udp46 0 0 *.500 *.*
udp4 0 0 *.500 *.*
udp46 0 0 *.49152 *.*
udp46 0 0 *.4784 *.*
udp46 0 0 *.3784 *.*
udp4 0 0 *.49152 *.*
udp4 0 0 *.4784 *.*
udp4 0 0 *.3784 *.*
udp4 0 0 *.31340 *.*
udp4 0 0 *.31340 *.*
udp4 0 0 *.2049 *.*
udp4 0 0 *.6666 *.*
udp4 0 0 *.6333 *.*
ip4 0 0 *.* *.*
ip4 0 0 *.* *.*
ip4 0 0 *.* *.*
ip4 0 0 *.* *.*
ip4 0 0 *.* *.*
node1:
--------------------------------------------------------------------------
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 *.7000 *.* LISTEN
tcp4 0 0 *.9000 *.* LISTEN
tcp4 0 0 *.6161 *.* LISTEN
tcp4 0 0 *.31343 *.* LISTEN
tcp4 0 0 *.31341 *.* LISTEN
tcp4 0 0 *.2049 *.* LISTEN
tcp4 0 0 *.6666 *.* LISTEN
tcp4 0 0 *.830 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp4 0 0 *.514 *.* LISTEN
tcp4 0 0 *.513 *.* LISTEN
tcp4 0 0 *.6234 *.* LISTEN
udp46 0 0 *.514 *.*
udp4 0 0 *.514 *.*
udp46 0 0 *.59430 *.*
udp4 0 0 10.111.141.146.63851 *.*
udp4 0 0 *.31342 *.*
udp46 0 0 *.161 *.*
udp4 0 0 *.161 *.*
udp46 0 0 *.49152 *.*
udp46 0 0 *.4784 *.*
udp46 0 0 *.3784 *.*
udp4 0 0 *.49152 *.*
udp4 0 0 *.4784 *.*
udp4 0 0 *.3784 *.*
udp4 0 0 *.31340 *.*
udp4 0 0 *.31340 *.*
udp4 0 0 130.16.0.1.123 *.*
udp4 0 0 *.123 *.*
udp4 0 0 *.2049 *.*
udp4 0 0 *.6666 *.*
udp4 0 0 *.6333 *.*
ip4 0 0 *.* *.*
ip4 0 0 *.* *.*
{primary:node0}
james@SRX3600-FW-1>