Linux (CentOS) service management

Time:2021-11-30

1、 Introduction and classification

1. System operation level

Run level
Run level meaning
0 Shut down
1 Single user mode, which can be roughly understood as windows security mode, is mainly used for system repair
2 Incomplete command line mode, excluding NFS service (network file system)
3 Full command line mode, i.e. standard character interface
4 System retention
5 Graphic mode
6 restart
View the current operating level of the system
runlevel
  • example
[root~]$runlevel
N 3

Output Description:

The first number is which operation level enters the current operation level. N indicates that the power on directly enters the current operation level.
The second number is the current run level.

Modify system operation level
Init [run level]
[root~]$init 5

[root~]$runlevel
3 5
System default run level

Centos6 can be modified before/etc/inittabConfiguration file to modify the system default run level

In centos7/etc/inittabThe configuration file is deprecated

[root~]$cat /etc/inittab
# inittab is no longer used when using systemd.
#
# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target
#
# systemd uses 'targets' instead of runlevels. By default, there are two main targets:
#
# multi-user.target: analogous to runlevel 3
# graphical.target: analogous to runlevel 5
#
# To view current default target, run:
# systemctl get-default
#
# To set a default target, run:
# systemctl set-default TARGET.target

Translated as follows:

After using SYSTEMd, inittab is no longer used.

Adding a configuration here will not take effect.

Ctrl Alt delete is handled by / usr / lib / SYSTEMd / system / Ctrl Alt del.target.

SYSTEMd uses' targets' instead of runlevels. By default, there are two main targets:

Multi-user.target: similar to run level 3 (full command line mode)
Graphical.target: similar to runlevel 5 (graphical mode)

To view the current default target, run:
systemctl get-default

To set a default target, run:
systemctl set-default TARGET.target
  • example
[root~]$systemctl get-default
multi-user.target

[root~]$systemctl set-default graphical.target
Removed symlink /etc/systemd/system/default.target.
Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/graphical.target.

[root~]$systemctl get-default
graphical.target

2. Classification of services

RPM package service
  • Show all started services

    `systemctl list-units --type=service`
    
[root~]$systemctl list-units --type=service
  UNIT                               LOAD   ACTIVE SUB     DESCRIPTION
  auditd.service                     loaded active running Security Auditing Service
  crond.service                      loaded active running Command Scheduler
  dbus.service                       loaded active running D-Bus System Message Bus
  firewalld.service                  loaded active running firewalld - dynamic firewall daemon
  [email protected]                 loaded active running Getty on tty1
  gssproxy.service                   loaded active running GSSAPI Proxy Daemon
  irqbalance.service                 loaded active running irqbalance daemon
● network.service                    loaded failed failed  LSB: Bring up/down networking
  NetworkManager-wait-online.service loaded active exited  Network Manager Wait Online
  NetworkManager.service             loaded active running Network Manager
... omit
  vboxadd-service.service            loaded active running vboxadd-service.service
  vboxadd-x11.service                loaded active exited  vboxadd-x11.service
  vboxadd.service                    loaded active exited  vboxadd.service

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

37 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
Source package service
  • Query installed services

    Check the service installation location, usually under ` / usr / local / '

3. Services and ports

What is the port

If the IP address is turned into a house, the port is the door in the house. There are only a few doors in a real house, but there can be 65536 ports with IP addresses.

The port is the door that the transport layer wants to transfer data to the application layer.

Correspondence between common ports and services
/etc/services

/etc/servicesThe file only records the corresponding relationship between common ports and services, but this relationship is not absolute and is for reference only.

  • View the port number corresponding to the service

Grep [services] / etc / services

[root~]$grep memcache /etc/services
memcache        11211/tcp               # Memory cache service
memcache        11211/udp               # Memory cache service
  • View the services corresponding to the specified port

    `Grep [port number] / etc / services`
[root~]$grep 11211 /etc/services
memcache        11211/tcp               # Memory cache service
memcache        11211/udp               # Memory cache service

[root~]$grep ' 80/' /etc/services
http            80/tcp          www www-http    # WorldWideWeb HTTP
http            80/udp          www www-http    # HyperText Transfer Protocol
http            80/sctp                         # HyperText Transfer Protocol
List the open services and corresponding ports in the system
netstat -tulnp

-t: Lists the ports of the TCP protocol
-u: Lists the ports of the UDP protocol
-l: List only network services that are listening
-n: Use IP address and port number instead of domain name and service name
-p: Displays the program ID and program name of the socket being used
  • example
[root~]$netstat -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1069/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      3121/sendmail: acce
tcp6       0      0 :::22                   :::*                    LISTEN      1069/sshd
udp        0      0 0.0.0.0:68              0.0.0.0:*                           3048/dhclient

2、 RPM package service management

1. Installation directory of RPM package service

For reference only

catalogue explain
/etc/init.d/ Directory of startup script
/etc/sysconfig/ Initialize environment profile directory
/etc/ Profile installation directory
/var/log/ Log file directory
/usr/bin/ Executable command installation directory
/usr/lib/ The function library used by the program is saved in the directory
/usr/share/doc/ Basic software user manual save directory
/usr/share/man/ Help file save directory

2. RPM package service start stop restart status

Systemctl [start | stop | restart | status] service name
[root~]$systemctl stop crond

[root~]$systemctl status crond
● crond.service - Command Scheduler
   Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Thu 2018-05-24 04:23:44 UTC; 5s ago
  Process: 588 ExecStart=/usr/sbin/crond -n $CRONDARGS (code=exited, status=0/SUCCESS)
 Main PID: 588 (code=exited, status=0/SUCCESS)

May 24 01:03:51 localhost.localdomain systemd[1]: Started Command Scheduler.
May 24 01:03:51 localhost.localdomain systemd[1]: Starting Command Scheduler...
May 24 01:03:51 localhost.localdomain crond[588]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 12% if used.)
May 24 01:03:51 localhost.localdomain crond[588]: (CRON) INFO (running with inotify support)
May 24 04:23:44 10.0.2.15 systemd[1]: Stopping Command Scheduler...
May 24 04:23:44 10.0.2.15 systemd[1]: Stopped Command Scheduler.

[root~]$systemctl start crond

[root~]$systemctl restart crond

[root~]$systemctl status crond
● crond.service - Command Scheduler
   Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2018-05-24 04:24:15 UTC; 1s ago
 Main PID: 7480 (crond)
   CGroup: /system.slice/crond.service
           └─7480 /usr/sbin/crond -n

May 24 04:24:15 10.0.2.15 systemd[1]: Started Command Scheduler.
May 24 04:24:15 10.0.2.15 systemd[1]: Starting Command Scheduler...
May 24 04:24:15 10.0.2.15 crond[7480]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 82% if used.)
May 24 04:24:15 10.0.2.15 crond[7480]: (CRON) INFO (running with inotify support)
May 24 04:24:15 10.0.2.15 crond[7480]: (CRON) INFO (@reboot jobs will be run at computer's startup.)

3. Self start setting of RPM package service

Systemctl [enable|disable] service name

useSystemctl is enabled service nameYou can view the service self start status

[root~]$systemctl is-enabled crond
enabled
[root~]$systemctl disable crond
Removed symlink /etc/systemd/system/multi-user.target.wants/crond.service.
[root~]$systemctl is-enabled crond
disabled
[root~]$systemctl enable crond
Created symlink from /etc/systemd/system/multi-user.target.wants/crond.service to /usr/lib/systemd/system/crond.service.
[root~]$systemctl is-enabled crond
enabled
modify/etc/rc.d/rc.localfile

Just add the command to be executed when starting the file. Don’t forget to add execution permission to the file.

[root~]$cat /etc/rc.d/rc.local
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.

touch /var/lock/subsys/local

3、 Source package service management

1. Directory of source package installation service

Generally, it is under / usr / local / for reference only

2. Startup of source package installation service

Using the absolute path, call the startup script to start.
Different source packages have different startup scripts.
You can view the installation instructions of the source package and the method of starting the script.

  • Example: start, stop and restart of source package nginx
/usr/local/nginx/sbin/nginx
/usr/local/nginx/sbin/nginx -s stop
/usr/local/nginx/sbin/nginx -s reload

3. Service self start setting

modify/etc/rc.d/rc.localfile

Just add the command to be executed when starting the file. Don’t forget to add execution permission to the file.

[root~]$cat /etc/rc.d/rc.local
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.

touch /var/lock/subsys/local
#Boot nginx
/usr/local/nginx/sbin/nginx

4、 Introduction to common service functions

Service name Function introduction proposal
acpid Power management interface.
If it is recommended by notebook users to enable, they can listen to relevant power events in the kernel layer
open
anacron Scheduled task program of the system.
A subsystem of cron. If a scheduled task misses the execution time, it can continue to wake up and execute through anacron
close
alsasound Alsa sound card driver.
If you use alsa sound card, turn it on
close
apmd Power management module.
If acpid is supported, apmd is not required and can be turned off
close
atd Specifies that the system can execute a task at a specific time, only once.
Turn on if necessary, but we usually use crond to perform cyclic timing tasks
close
auditd Audit subsystem.
If this service is enabled, the audit information of SELinux will be written to the / var / log / audit / audit.log file. If it is not enabled, the audit information will be recorded in syslog
open
autofs The server can automatically mount the shared data of other servers in the network. It is generally used to automatically mount NFS services.
If there is no NFS service, shutdown is recommended
close
avahi-daemon Avahi is an implementation of the zeroconf protocol.
It can find devices and services based on zeroconf protocol in LAN without DNS service.
Shut down unless you have a compatible device or use the zeroconf protocol
close
bluetooth Bluetooth device support.
Generally, the Bluetooth device will not be enabled on the server. Turn it off
close
capi Only useful for users using isnd devices close
chargen-dgram Chargen server using UDP protocol.
The main function is to provide functions similar to remote typing
close
chargen-stream ditto close
cpuspeed Can be used to adjust the CPU frequency.
When idle, the CPU frequency can be automatically reduced to save power
open
crond Scheduled tasks of the system.
General Linux servers need scheduled tasks to help system maintenance. Recommended on
open
cvs A version control system close
daytime-dgram Daytime the daytime daemon that uses the TCP protocol.
The protocol enables the client to obtain the date and time from the remote server
close
daytime-stream ditto close
dovecot Daemon of POP3 / imap service in mail service.
It is mainly used to receive letters. If the mail service is started, it will be turned on, otherwise it will be turned off
close
echo-dgram Server echo client service process close
echo-stream ditto close
firstboot After the system installation is completed, there is a welcome interface. The system process needs to be initially set, which is the function of this process.
Since it’s not the first time to start, close it
close
gpm In the character terminal (tty1-tty6), you can use the mouse to copy and paste, which is the function of this service open
haldaemon The detection box supports USB devices.
If the server can be turned off, the personal computer is recommended to be turned on
close
hidd Bluetooth mouse, keyboard and other Bluetooth devices detection.
The Bluetooth service must be started
close
hplip HP printer support
If you don’t have an HP printer, turn it off
close
httpd Daemon of Apache service
If you need to start Apache, start it
open
ip6tables Firewall for IPv6
At present, IPv6 protocol is not used and can be turned off
close
iptables Firewall function
Firewall is a kernel supported function in Linux. This is the main protection means of the server and must be turned on.
open
irda IrDA provides communication support between infrared devices (notebook, PDA’s, mobile phone, calculator, etc.). Close it close
irqbalance Support multi-core processors, so that the CPU can automatically allocate system interrupt (IRQ) to improve system performance
At present, most servers are multi-core CPUs. Please turn it on
open
isdn Connect to the network using ISDN equipment
At present, the mainstream networking methods are optical fiber access and ADSL. ISDN is very rare. Please turn it off
close
kudzu The service can perform hardware detection at startup and call relevant setting software.
It is recommended to turn it off and only turn it on when necessary
close
lvm2-monitor This service enables the system to support LVM logical volume groups
If the partition adopts LVM mode, it should be turned on. Recommended on
open
mcstrans SELinux support services. Recommended start open
mdmonitor This service is used to monitor software RAID or LVM information.
The service is not required. It is recommended to close it
close
mdmpd This service is used to monitor multi path devices.
Not a required service
close
messagebus This is the IPC (interprocess communication) service of Linux, which is used to exchange information in various software.
Personal suggestion closed
close
microcode_ctl Intel series CPUs can support additional microinstruction sets through this service close
mysqld Mysql database server.
Open if necessary, otherwise close
open
named The daemon of DNS service, which is used for domain name resolution.
If it is a DNS server, turn it on; otherwise, turn it off
close
netfs This service is used to automatically mount the shared file space in the network when the system starts
For example: NFS, samba, etc. Open if necessary, otherwise close
close
network Provide network setting function.
Manage the network through this service, so open
open
nfs NFS (network file system) service, file sharing service between Linux and Linux.
Open if necessary, otherwise close
close
nfslock In Linux, if NFS service is used, in order to prevent the same file from being edited by different users at the same time, all users have this lock service.
NFS is turned on, otherwise it is turned off
close
ntpd The service can automatically update the system time through the Internet, so that the system time is always accurate.
Turn on if necessary, but it is not a required service
close
pcscd Smart card detection service can be turned off close
portmap The service used in remote procedure call (RPC) can be shut down if there is no RPC service.
Mainly NFS and NIS services
close
psacct The daemon supports several tools to monitor process activity close
rdisc Client ICMP routing protocol close
readahead_early When the system starts up, load some processes first, such as memory defragmentation, which can speed up the startup speed close
readahead_later ditto close
restorecond Used to monitor and reload the correct file context for SELinux.
If SELinux is enabled, it needs to be enabled
close
rpcgssd NFS related client functionality.
If you don’t have NFS, shut it down
close
rpcidmapd ditto close
rsync Remote data backup daemon close
sendmail Sendmail daemon for the mail service.
If there is a mail service, turn it on, otherwise turn it off
close
setroubleshoot This service is used to record SELinux related information in the log / var / log / messages.
Recommended on
open
smartd This service is used to automatically detect the status of the hard disk.
Recommended on
open
smb Network service Samba daemon.
You can share data between Linux and windows. Turn on if necessary
close
squid The daemon for the proxy service.
Open if necessary, otherwise close
close
sshd SSH encryption remote login management service.
This service must be used for remote management of the server. Do not turn it off
open
syslog Log daemon open
vsftpd The daemon of vsftp service.
If FTP service is required, turn it on; otherwise, turn it off
close
xfs This is the font daemon of X window.
Provide font service for graphical interface. If you don’t start the graphical interface, you don’t need to open it
close
xinetd Super daemon.
If there is a service that depends on xinetd, it must be turned on
open
ypbind Activate the ypbind service process for NIS (Network Information System) clients close
yum-updatesd Online upgrade service using Yum or up2date close