Systems Manager のセッションマネージャについてちょっと調べたメモ。
sh-4.2$ sudo su - Last login: Wed Dec 25 04:26:13 UTC 2019 on pts/0 [root@ip-172-**-*-97 ~]# cat /var/log/secure Dec 22 06:09:01 ip-172-**-*-97 sshd[20477]: Accepted publickey for ec2-user from 27.0.3.145 port 51147 ssh2: RSA SHA256:.. Dec 22 06:09:01 ip-172-**-*-97 sshd[20477]: pam_unix(sshd:session): session opened for user ec2-user by (uid=0) Dec 22 09:27:04 ip-172-**-*-97 sshd[20477]: pam_unix(sshd:session): session closed for user ec2-user Dec 24 22:57:56 ip-172-**-*-97 sshd[29406]: Accepted publickey for ec2-user from 27.0.3.145 port 31209 ssh2: RSA SHA256:.. Dec 24 22:57:56 ip-172-**-*-97 sshd[29406]: pam_unix(sshd:session): session opened for user ec2-user by (uid=0) Dec 25 03:18:04 ip-172-**-*-97 sshd[29406]: pam_unix(sshd:session): session closed for user ec2-user Dec 25 04:26:04 ip-172-**-*-97 useradd[30372]: new group: name=ssm-user, GID=501 Dec 25 04:26:04 ip-172-**-*-97 useradd[30372]: new user: name=ssm-user, UID=501, GID=501, home=/home/ssm-user, shell=/bin/bash Dec 25 04:26:13 ip-172-**-*-97 sudo: ssm-user : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/bin/su - Dec 25 04:26:13 ip-172-**-*-97 su: pam_unix(su-l:session): session opened for user root by (uid=0) Dec 25 04:27:20 ip-172-**-*-97 su: pam_unix(su-l:session): session closed for user root Dec 25 04:27:37 ip-172-**-*-97 sudo: ssm-user : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/bin/su - ★ログイン Dec 25 04:27:37 ip-172-**-*-97 su: pam_unix(su-l:session): session opened for user root by (uid=0) [root@ip-172-**-*-97 ~]#
- SSMエージェントのプロセスを確認する。
[root@ip-172-30-1-97 ~]# ps -elf|grep [s]sm- 4 S root 30299 1 0 80 0 - 164149 - 04:23 ? 00:00:00 /usr/bin/amazon-ssm-agent 4 S root 30404 30299 0 80 0 - 138868 wait_w 04:27 ? 00:00:00 /usr/bin/ssm-session-worker az...-...-... 4 S ssm-user 30420 30404 0 80 0 - 28843 - 04:27 pts/0 00:00:00 sh
- SSMエージェントの通信確立先を調べる。
[root@ip-172-**-*-97 ~]# netstat -alpe|grep ssm tcp 0 0 ip-172-**-*-97.ap-nor:49982 5*.***.218.91:https ESTABLISHED root 967239 30299/amazon-ssm-ag tcp 0 0 ip-172-**-*-97.ap-nor:49938 5*.***.225.173:https ESTABLISHED root 967528 30299/amazon-ssm-ag tcp 0 0 ip-172-**-*-97.ap-nor:59912 5*.***.222.59:https ESTABLISHED root 967738 30404/ssm-session-w
[root@ip-172-**-*-97 net]# lsof -p 30299 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME amazon-ss 30299 root cwd DIR 202,1 4096 2 / amazon-ss 30299 root rtd DIR 202,1 4096 2 / amazon-ss 30299 root txt REG 202,1 31163880 19416 /usr/bin/amazon-ssm-agent amazon-ss 30299 root mem REG 202,1 2173512 2310 /lib64/libc-2.17.so amazon-ss 30299 root mem REG 202,1 144736 2336 /lib64/libpthread-2.17.so amazon-ss 30299 root mem REG 202,1 164240 2303 /lib64/ld-2.17.so amazon-ss 30299 root 0u CHR 1,3 0t0 1028 /dev/null amazon-ss 30299 root 1u CHR 1,3 0t0 1028 /dev/null amazon-ss 30299 root 2u CHR 1,3 0t0 1028 /dev/null amazon-ss 30299 root 3r 0000 0,12 0 9785 anon_inode amazon-ss 30299 root 4u 0000 0,12 0 9785 anon_inode amazon-ss 30299 root 5u 0000 0,12 0 9785 anon_inode amazon-ss 30299 root 6r FIFO 0,11 0t0 963414 pipe amazon-ss 30299 root 7w FIFO 0,11 0t0 963414 pipe amazon-ss 30299 root 8u IPv4 967592 0t0 TCP ip-172-**-*-97.ap-northeast-1.compute.internal:49978->54.***.***.173:https (ESTABLISHED) amazon-ss 30299 root 9w REG 202,1 28737480 393927 /var/log/amazon/ssm/amazon-ssm-agent.log amazon-ss 30299 root 10r 0000 0,12 0 9785 anon_inode amazon-ss 30299 root 11u 0000 0,12 0 9785 anon_inode amazon-ss 30299 root 12u IPv4 967239 0t0 TCP ip-172-**-*-97.ap-northeast-1.compute.internal:49982->52.***.***.91:https (ESTABLISHED) amazon-ss 30299 root 13r FIFO 0,11 0t0 967315 pipe amazon-ss 30299 root 14w FIFO 0,11 0t0 967315 pipe
- ssm-session-worker がオープンしているファイルディスクリプタを確認する。
[root@ip-172-**-*-97 net]# lsof -p 30404 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ssm-sessi 30404 root cwd DIR 202,1 4096 2 / ssm-sessi 30404 root rtd DIR 202,1 4096 2 / ssm-sessi 30404 root txt REG 202,1 28292616 19417 /usr/bin/ssm-session-worker ssm-sessi 30404 root mem REG 202,1 2173512 2310 /lib64/libc-2.17.so ssm-sessi 30404 root mem REG 202,1 144736 2336 /lib64/libpthread-2.17.so ssm-sessi 30404 root mem REG 202,1 164240 2303 /lib64/ld-2.17.so ssm-sessi 30404 root 0r CHR 1,3 0t0 1028 /dev/null ssm-sessi 30404 root 1w CHR 1,3 0t0 1028 /dev/null ssm-sessi 30404 root 2w CHR 1,3 0t0 1028 /dev/null ssm-sessi 30404 root 3r 0000 0,12 0 9785 anon_inode ssm-sessi 30404 root 4u 0000 0,12 0 9785 anon_inode ssm-sessi 30404 root 5u 0000 0,12 0 9785 anon_inode ssm-sessi 30404 root 6r FIFO 0,11 0t0 963414 pipe ssm-sessi 30404 root 7w FIFO 0,11 0t0 963414 pipe ssm-sessi 30404 root 8w REG 202,1 28737555 393927 /var/log/amazon/ssm/amazon-ssm-agent.log ssm-sessi 30404 root 9u 0000 0,12 0 9785 anon_inode ssm-sessi 30404 root 10r FIFO 0,11 0t0 967320 pipe ssm-sessi 30404 root 11u 0000 0,12 0 9785 anon_inode ssm-sessi 30404 root 12w FIFO 0,11 0t0 967320 pipe ssm-sessi 30404 root 13r FIFO 0,11 0t0 967315 pipe ssm-sessi 30404 root 14w FIFO 0,11 0t0 967315 pipe ssm-sessi 30404 root 15w REG 202,1 0 527221 /var/lib/amazon/ssm/i-072bad1d99a769532/session/orchestration/az.../Standard_Stream/stderr ssm-sessi 30404 root 16w REG 202,1 0 527222 /var/lib/amazon/ssm/i-072bad1d99a769532/session/orchestration/az.../Standard_Stream/stdoutConsole ssm-sessi 30404 root 17w REG 202,1 0 527223 /var/lib/amazon/ssm/i-072bad1d99a769532/session/orchestration/az.../Standard_Stream/stdout ssm-sessi 30404 root 18w REG 202,1 3965439 393634 /var/log/amazon/ssm/errors.log ssm-sessi 30404 root 19u IPv4 967738 0t0 TCP ip-172-**-*-97.ap-northeast-1.compute.internal:59912->52.***.***.59:https (ESTABLISHED) ssm-sessi 30404 root 20w REG 202,1 0 527224 /var/lib/amazon/ssm/i-072bad1d99a769532/session/orchestration/az.../Standard_Stream/stderrConsole ssm-sessi 30404 root 21u CHR 5,2 0t0 9833 /dev/ptmx ssm-sessi 30404 root 22u REG 202,1 2575671 527225 /var/lib/amazon/ssm/i-072bad1d99a769532/session/orchestration/az.../Standard_Stream/ipcTempFile.log
