9. System Services
9.1 System Services
The computer can be understood as a place such as Zhongguancun Street, understood as a system service Zhongguancun Street barber shop, restaurants, shopping malls, etc., each of which is a system service, providing customers with different content services
Services: resident program in memory, and can provide some system or network function, and that is service.
Service computer system there are many, such as
apache to provide web services
ftp file upload download services provide
ssh remote connectivity service provides
firewall provides security services, etc.
9.2 daemon
The main task of Linux servers is to provide a variety of services to local or remote users. Program provides services on a Linux system is usually performed by a daemon running in the background (Daemon). An actual running Linux systems generally have more of these programs running. These daemons running in the background after the system is turned on, and the front desk at the time to listen to customer service requests, once the client sends a service request, the daemon will provide services for them.
9.3 Special Daemon
The system initialization process is a special daemon that PD 1, which is the parent or ancestor process all other daemons. In other words, on the system all the daemons are managed by the system initialization process (such as start, stop, etc.).
All daemons on the system are carried out by the system initialization process management (such as start, stop, etc.)
systemV (before Red Hat 7)
the INI in accordance with the level of priority, has awakened other services
services that depend on
multi-command management services work together
Including init service chkconfig command
systemd
started in parallel, faster
service dependencies self-examination
a command management services
int Service backward compatible with scripts
Command a systemctl
9.4 Service Category
- Independent service
uses systemd management, service independent running in memory, fast service response speed, but take up more memory. - Non-independent service
xinetd service itself is independent of the presence of a number of management services. Some user requests a service managed by xinetd its service, and then return the requested service xinetd reply to the user, rather agent.
9.4.1 independent service
Independent service running in memory, service response block, but take up more memory.
Service startup scripts are independent services directory / usr / lib / systemd / system in
systemctl command
systemctl [the Command] [Unit]
the Command mainly
start: immediately followed by the start of Unit
STOP: immediately followed by the close of the unit.
restart: unt started immediately after closing the back contact, i.e., execute the stop means re-start.
reload: without shutting down the unit, and reload the configuration file so that the settings take effect.
enable: When you set the next boot, the unit will be followed by the start
disable: Set next boot, back then the unit will not be started.
status: followed by the current status of this unt, there are no lists are performing, whether to start at boot time and other information.
is- active: There is no running.
is- enabled: there is no default enable this unit to boot.
kill: Do not be scared kill the name, it is actually sending a signal to the operation unit of the process
show: list the unit's configuration.
mask: write-off unit, you can not start after the cancellation of this unit the
unmask: Cancel the write-off of the unit
The deployment of independent service vsftpd
Check whether the installation
[wangzirui@laotie system]$ yum list vsftpd
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: ap.stykers.moe
* extras: ap.stykers.moe
* updates: ap.stykers.moe
已安装的软件包
vsftpd.x86_64 3.0.2-25.el7 installedSystemctl status vsftpd
You can view the current status of vsftpd
[wangzirui@laotie system]$ systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)Loaded is whether the boot is disabled. . Active refers to whether to start now, it is Inactive, so now this service is not started yet.
Start Service
sytemctl start vsftpd
[root@laotie system]# systemctl start vsftpdNo return receipt has been launched successfully.
Now to see the status of vsftpd
[wangzirui@laotie system]$ systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled)
Active: active (running) since 一 2020-02-10 22:20:40 CST; 1min 17s ago
Process: 4204 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
Main PID: 4206 (vsftpd)
Tasks: 1
CGroup: /system.slice/vsftpd.service
└─4206 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
2月 10 22:20:40 laotie systemd[1]: Starting Vsftpd ftp daemon...
2月 10 22:20:40 laotie systemd[1]: Started Vsftpd ftp daemon.Close vsftpd
[wangzirui@laotie system]$ systemctl stop vsftpd
[wangzirui@laotie system]$ systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
2月 10 22:20:40 laotie systemd[1]: Starting Vsftpd ftp daemon...
2月 10 22:20:40 laotie systemd[1]: Started Vsftpd ftp daemon.
2月 10 22:24:15 laotie systemd[1]: Stopping Vsftpd ftp daemon...
2月 10 22:24:15 laotie systemd[1]: Stopped Vsftpd ftp daemon.
About restart and reload
After restart his Main PID will change, and then reload Main PID will not change.
About whether the boot
Systemctl enable vsftpd
[wangzirui@laotie system]$ systemctl enable vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.Equivalent to vsftpd.service connected to multi-user.target.wants. Then realized boot. This time we see
[wangzirui@laotie system]$ systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
Active: active (running) since 一 2020-02-10 22:27:53 CST; 9min ago
Main PID: 4508 (vsftpd)
CGroup: /system.slice/vsftpd.service
└─4508 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
2月 10 22:27:53 laotie systemd[1]: Starting Vsftpd ftp daemon...
2月 10 22:27:53 laotie systemd[1]: Started Vsftpd ftp daemon.
Loaded become enabled. He said he started the boot
Or he wanted to disable the start on the line.
[wangzirui@laotie system]$ systemctl disable vsftpd
Removed symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service.Disable Service
[wangzirui@laotie system]$ systemctl mask vsftpd
Created symlink from /etc/systemd/system/vsftpd.service to /dev/null.Now this state can not start, can not be suspended.
That there is no direct determine whether a service in the services?
Systemctl is-active vsftpd
[root@laotie system]# systemctl is-active vsftpd
active9.5 Non-independent service
xinetd: super daemon, can - in some small service into κinet hosting. After hosting the benefits is that you can use xinetd powerful parameter to control these services, and enhance security.
Xinetd similar to inetd + TCP Wrappers provide functionality, but more powerful and safe. Xinetd has replaced behind inetd, and provides access control, enhanced logging and resource management capabilities.
TCP Wrappers access control program is an application layer, the principle is wrapped in a layer of security detection mechanisms on TCP service provided by the server out. First of all incoming connections requests through this layer of safety inspection system services to be received, after obtaining certification.
Related Category
xinetd services master configuration file: etc / xinetd.conf
used to store directory is hosted services: / etc / xinetd.d /
The deployment of a non-independent service telnet
First install the service and client service as well as super daemon xinetd
[root@laotie system]# yum -y install telnet-server telnet xinetd-y means that default is Y, the installation of the province of the back and forth of the input y.
Next, enter telnet /etc/xinetd.d/ then create a new file
[root@laotie system]# cd /etc/xinetd.d
[root@laotie xinetd.d]# vim telnetThe following contents:
service telnet
{flags=REUSE
socket_type= stream
wait = no
user= root
server=/usr/sbin/in.telnetd
log_on_ failure += USERID
disable= no
}Statement parameters
Can be set to yes or no, to yes to disable a service, see the fags disable tag
disable =no
Specifying information registration failure. Registration always indicate the nature of the error message, Wang does not register any default information. This property holds Po all operators. ∪ SERID
RFC1413 calling by capturing the client user ∪D. Streaming service is only available for multi-threaded
log on failure + = USERID
Using TCP / IP socket type, value may stam (TCP), dgram (UDP), raW and Iseqpacket (Sequenced Packet reliable)
socket type= stream
Specify the parameters passed to the process, but does not include service program name
server args =--daemon
To set the connection rate. It requires two parameters, the first parameter represents the number of connections can be processed per second, while if more than this number of connections, then the incoming connection processing is temporarily stopped; the second parameter indicates the number of seconds after stopping the treatment, processing continues previously suspended process connection
cps = 2530
Specifies the protocol used by the service, its value must be defined in the etc / protocols in. If not specified, the default use of the service agreement
protocol = tcp
This property has two possible values. If yes, then xinetd will start the process of requesting each other, and stop processing other requests until the process of terminating the service, suitable for single-threaded service; if it is no, a process that starts xnet for each request, regardless of previous state started the process, suitable for multi-threaded server
wait = no
Set UD service process. If not valid UD 0 xinetd, which property is invalid
user=root
To activate the process, you must specify the full path
server =/usr/sbin/sshd
Specify the parameters passed to the process, but does not include service program name
server= args
Space-separated list of clients allowed to access the service. If you do not specify a value for the property, he refused to Wang who access this service. This attribute supports all operators.
= 192.168.1.0 the only_from / 24
no_access = 192.168.1.20192.168.1.200
The maximum number of connections is 3
instances =3
Each source can have only one connection P
per source =1
9:00 to 18:00 only to ssh connection
access times =9: 00-18: 00
Specify logging to arog / xinetd ssh. Log in
log type = fe / ar / log / xinetd_ssh. log # specify logging into var / log / xinetd ssh. log in
the service port
pot = 7722
[root@laotie xinetd.d]# systemctl start xinetdHow proof is not open, you can see the state of the network directly, use this command netstat
[root@laotie wangzirui]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1076/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1354/master
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1396/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1080/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1076/cupsd
tcp6 0 0 :::23 :::* LISTEN 1084/xinetd
tcp6 0 0 ::1:25 :::* LISTEN 1354/master
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 1080/sshd 23 can see the port number, so you can start talnet of the,
[wangzirui@laotie ~]$ telnet localhost
Trying ::1...
Connected to localhost.
Escape character is '^]'.
Kernel 3.10.0-1062.el7.x86_64 on an x86_64
laotie login: wangzirui
Password:
Last login: Tue Feb 11 00:15:56 on pts/0