Home | 簡體中文 | 繁體中文 | 雜文 | 打賞(Donations) | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 知乎專欄 | Search | About

16.2. Services

16.2.1. systemctl

# systemctl stop postfix
# systemctl stop avahi-daemon
# systemctl disable postfix
# systemctl disable avahi-daemon		
		

16.2.1.1. rc.local

$ chmod +x /etc/rc.d/rc.local
$ systemctl enable rc-local
$ systemctl start rc-local
$ systemctl status rc-local
			

16.2.1.2. is-enabled 查看當前服務的啟用狀態

[root@www.netkiller.cn ~]# systemctl is-enabled mongod
enabled
[root@www.netkiller.cn ~]# systemctl is-enabled spring
disabled
			

16.2.1.3. 重載 systemd

systemctl daemon-reload			
			
# systemctl list-unit-files
UNIT FILE                                   STATE   
proc-sys-fs-binfmt_misc.automount           static  
dev-hugepages.mount                         static  
dev-mqueue.mount                            static  
proc-sys-fs-binfmt_misc.mount               static  
sys-fs-fuse-connections.mount               static  
sys-kernel-config.mount                     static  
sys-kernel-debug.mount                      static  
tmp.mount                                   disabled
brandbot.path                               disabled
systemd-ask-password-console.path           static  
systemd-ask-password-plymouth.path          static  
systemd-ask-password-wall.path              static  
session-1.scope                             static  
session-2.scope                             static  
session-3.scope                             static  
session-4.scope                             static  
auditd.service                              enabled 
autovt@.service                             disabled
avahi-daemon.service                        enabled 
blk-availability.service                    disabled
brandbot.service                            static  
console-getty.service                       disabled
console-shell.service                       disabled
cpupower.service                            disabled
crond.service                               enabled 
dbus-org.fedoraproject.FirewallD1.service   enabled 
dbus-org.freedesktop.Avahi.service          enabled 
dbus-org.freedesktop.hostname1.service      static  
dbus-org.freedesktop.locale1.service        static  
dbus-org.freedesktop.login1.service         static  
dbus-org.freedesktop.machine1.service       static  
dbus-org.freedesktop.NetworkManager.service enabled 
dbus-org.freedesktop.nm-dispatcher.service  enabled 
dbus-org.freedesktop.timedate1.service      static  
dbus.service                                static  
debug-shell.service                         disabled
dm-event.service                            disabled
dnsmasq.service                             disabled
dracut-cmdline.service                      static  
dracut-initqueue.service                    static  
dracut-mount.service                        static  
dracut-pre-mount.service                    static  
dracut-pre-pivot.service                    static  
dracut-pre-trigger.service                  static  
dracut-pre-udev.service                     static  
dracut-shutdown.service                     static  
ebtables.service                            disabled
emergency.service                           static  
firewalld.service                           enabled 
getty@.service                              enabled 
halt-local.service                          static  
initrd-cleanup.service                      static  
initrd-parse-etc.service                    static  
initrd-switch-root.service                  static  
initrd-udevadm-cleanup-db.service           static  
irqbalance.service                          enabled 
kdump.service                               enabled 
kmod-static-nodes.service                   static  
lvm2-lvmetad.service                        disabled
lvm2-monitor.service                        enabled 
lvm2-pvscan@.service                        static  
messagebus.service                          static  
microcode.service                           enabled 
NetworkManager-dispatcher.service           enabled 
NetworkManager-wait-online.service          disabled
NetworkManager.service                      enabled 
plymouth-halt.service                       disabled
plymouth-kexec.service                      disabled
plymouth-poweroff.service                   disabled
plymouth-quit-wait.service                  disabled
plymouth-quit.service                       disabled
plymouth-read-write.service                 disabled
plymouth-reboot.service                     disabled
plymouth-start.service                      disabled
plymouth-switch-root.service                static  
polkit.service                              static  
postfix.service                             enabled 
quotaon.service                             static  
rc-local.service                            static  
rdisc.service                               disabled
rescue.service                              static  
rhel-autorelabel-mark.service               static  
rhel-autorelabel.service                    static  
rhel-configure.service                      static  
rhel-dmesg.service                          disabled
rhel-domainname.service                     disabled
rhel-import-state.service                   static  
rhel-loadmodules.service                    static  
rhel-readonly.service                       static  
rsyslog.service                             enabled 
serial-getty@.service                       disabled
sshd-keygen.service                         static  
sshd.service                                enabled 
sshd@.service                               static  
systemd-ask-password-console.service        static  
systemd-ask-password-plymouth.service       static  
systemd-ask-password-wall.service           static  
systemd-backlight@.service                  static  
systemd-binfmt.service                      static  
systemd-fsck-root.service                   static  
systemd-fsck@.service                       static  
systemd-halt.service                        static  
systemd-hibernate.service                   static  
systemd-hostnamed.service                   static  
systemd-hybrid-sleep.service                static  
systemd-initctl.service                     static  
systemd-journal-flush.service               static  
systemd-journald.service                    static  
systemd-kexec.service                       static  
systemd-localed.service                     static  
systemd-logind.service                      static  
systemd-machined.service                    static  
systemd-modules-load.service                static  
systemd-nspawn@.service                     disabled
systemd-poweroff.service                    static  
systemd-quotacheck.service                  static  
systemd-random-seed.service                 static  
systemd-readahead-collect.service           enabled 
systemd-readahead-done.service              static  
systemd-readahead-drop.service              enabled 
systemd-readahead-replay.service            enabled 
systemd-reboot.service                      static  
systemd-remount-fs.service                  static  
systemd-shutdownd.service                   static  
systemd-suspend.service                     static  
systemd-sysctl.service                      static  
systemd-timedated.service                   static  
systemd-tmpfiles-clean.service              static  
systemd-tmpfiles-setup-dev.service          static  
systemd-tmpfiles-setup.service              static  
systemd-udev-settle.service                 static  
systemd-udev-trigger.service                static  
systemd-udevd.service                       static  
systemd-update-utmp-runlevel.service        static  
systemd-update-utmp.service                 static  
systemd-user-sessions.service               static  
systemd-vconsole-setup.service              static  
teamd@.service                              static  
tuned.service                               enabled 
wpa_supplicant.service                      disabled
-.slice                                     static  
machine.slice                               static  
system.slice                                static  
user.slice                                  static  
avahi-daemon.socket                         enabled 
dbus.socket                                 static  
dm-event.socket                             enabled 
lvm2-lvmetad.socket                         enabled 
sshd.socket                                 disabled
syslog.socket                               static  
systemd-initctl.socket                      static  
systemd-journald.socket                     static  
systemd-shutdownd.socket                    static  
systemd-udevd-control.socket                static  
systemd-udevd-kernel.socket                 static  
basic.target                                static  
bluetooth.target                            static  
cryptsetup.target                           static  
ctrl-alt-del.target                         disabled
default.target                              enabled 
emergency.target                            static  
final.target                                static  
getty.target                                static  
graphical.target                            disabled
halt.target                                 disabled
hibernate.target                            static  
hybrid-sleep.target                         static  
initrd-fs.target                            static  
initrd-root-fs.target                       static  
initrd-switch-root.target                   static  
initrd.target                               static  
kexec.target                                disabled
local-fs-pre.target                         static  
local-fs.target                             static  
multi-user.target                           enabled 
network-online.target                       static  
network.target                              static  
nss-lookup.target                           static  
nss-user-lookup.target                      static  
paths.target                                static  
poweroff.target                             disabled
printer.target                              static  
reboot.target                               disabled
remote-fs-pre.target                        static  
remote-fs.target                            enabled 
rescue.target                               disabled
rpcbind.target                              static  
runlevel0.target                            disabled
runlevel1.target                            disabled
runlevel2.target                            disabled
runlevel3.target                            disabled
runlevel4.target                            disabled
runlevel5.target                            disabled
runlevel6.target                            disabled
shutdown.target                             static  
sigpwr.target                               static  
sleep.target                                static  
slices.target                               static  
smartcard.target                            static  
sockets.target                              static  
sound.target                                static  
suspend.target                              static  
swap.target                                 static  
sysinit.target                              static  
system-update.target                        static  
time-sync.target                            static  
timers.target                               static  
umount.target                               static  
systemd-readahead-done.timer                static  
systemd-tmpfiles-clean.timer                static  

210 unit files listed.		
		

16.2.1.4. 列出啟動失敗的服務

# systemctl --failed
  UNIT           LOAD   ACTIVE SUB    DESCRIPTION
● spring.service loaded failed failed Spring Boot Application

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

1 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.			
			

16.2.1.5. list-units

$ systemctl list-units --type=target
UNIT                  LOAD   ACTIVE SUB    DESCRIPTION
basic.target          loaded active active Basic System
cryptsetup.target     loaded active active Encrypted Volumes
getty.target          loaded active active Login Prompts
local-fs-pre.target   loaded active active Local File Systems (Pre)
local-fs.target       loaded active active Local File Systems
multi-user.target     loaded active active Multi-User System
network-online.target loaded active active Network is Online
network.target        loaded active active Network
paths.target          loaded active active Paths
slices.target         loaded active active Slices
sockets.target        loaded active active Sockets
swap.target           loaded active active Swap
sysinit.target        loaded active active System Initialization
timers.target         loaded active active Timers

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

14 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
			
			
$ systemctl list-units | more
UNIT                                             LOAD   ACTIVE SUB       DESCRIPTION
proc-sys-fs-binfmt_misc.automount                loaded active running   Arbitrary Executable File Formats File System Automount Point
sys-devices-platform-serial8250-tty-ttyS0.device loaded active plugged   /sys/devices/platform/serial8250/tty/ttyS0
sys-devices-platform-serial8250-tty-ttyS1.device loaded active plugged   /sys/devices/platform/serial8250/tty/ttyS1
sys-devices-platform-serial8250-tty-ttyS2.device loaded active plugged   /sys/devices/platform/serial8250/tty/ttyS2
sys-devices-platform-serial8250-tty-ttyS3.device loaded active plugged   /sys/devices/platform/serial8250/tty/ttyS3
sys-devices-vbd\x2d51728-block-xvdb-xvdb1.device loaded active plugged   /sys/devices/vbd-51728/block/xvdb/xvdb1
sys-devices-vbd\x2d51728-block-xvdb.device       loaded active plugged   /sys/devices/vbd-51728/block/xvdb
sys-devices-vbd\x2d768-block-xvda-xvda1.device   loaded active plugged   /sys/devices/vbd-768/block/xvda/xvda1
sys-devices-vbd\x2d768-block-xvda.device         loaded active plugged   /sys/devices/vbd-768/block/xvda
sys-devices-vif\x2d0-net-eth0.device             loaded active plugged   /sys/devices/vif-0/net/eth0
sys-devices-vif\x2d1-net-eth1.device             loaded active plugged   /sys/devices/vif-1/net/eth1
sys-devices-virtual-net-tun0.device              loaded active plugged   /sys/devices/virtual/net/tun0
sys-module-configfs.device                       loaded active plugged   /sys/module/configfs
sys-subsystem-net-devices-eth0.device            loaded active plugged   /sys/subsystem/net/devices/eth0
sys-subsystem-net-devices-eth1.device            loaded active plugged   /sys/subsystem/net/devices/eth1
sys-subsystem-net-devices-tun0.device            loaded active plugged   /sys/subsystem/net/devices/tun0
-.mount                                          loaded active mounted   /
dev-hugepages.mount                              loaded active mounted   Huge Pages File System
dev-mqueue.mount                                 loaded active mounted   POSIX Message Queue File System
opt.mount                                        loaded active mounted   /opt
proc-sys-fs-binfmt_misc.mount                    loaded active mounted   Arbitrary Executable File Formats File System
proc-xen.mount                                   loaded active mounted   /proc/xen
run-user-0.mount                                 loaded active mounted   /run/user/0
sys-kernel-config.mount                          loaded active mounted   Configuration File System
sys-kernel-debug.mount                           loaded active mounted   Debug File System
brandbot.path                                    loaded active waiting   Flexible branding
systemd-ask-password-plymouth.path               loaded active waiting   Forward Password Requests to Plymouth Directory Watch
systemd-ask-password-wall.path                   loaded active waiting   Forward Password Requests to Wall Directory Watch
session-231.scope                                loaded active running   Session 231 of user root
session-571.scope                                loaded active running   Session 571 of user root
aegis.service                                    loaded active running   LSB: aegis update.
agentwatch.service                               loaded active running   SYSV: Starts and stops guest agent
cloudmonitor.service                             loaded active running   LSB: @app.long.name@
crond.service                                    loaded active running   Command Scheduler
dbus.service                                     loaded active running   D-Bus System Message Bus
exim.service                                     loaded active running   Exim Mail Transport Agent
getty@tty1.service                               loaded active running   Getty on tty1
gitlab-runsvdir.service                          loaded active running   GitLab Runit supervision process
iptables.service                                 loaded active exited    IPv4 firewall with iptables
jexec.service                                    loaded active exited    LSB: Supports the direct execution of binary formats.
kmod-static-nodes.service                        loaded active exited    Create list of required static device nodes for the current kernel
lvm2-lvmetad.service                             loaded active running   LVM2 metadata daemon
lvm2-monitor.service                             loaded active exited    Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling
mysqld.service                                   loaded active running   MySQL Server
network.service                                  loaded active exited    LSB: Bring up/down networking
nscd.service                                     loaded active running   Name Service Cache Daemon
ntpd.service                                     loaded active running   Network Time Service
openvpn@server.service                           loaded active running   OpenVPN Robust And Highly Flexible Tunneling Application On server
rhel-dmesg.service                               loaded active exited    Dump dmesg to /var/log/dmesg
rhel-import-state.service                        loaded active exited    Import network configuration from initramfs
rhel-readonly.service                            loaded active exited    Configure read-only root support
rsyslog.service                                  loaded active running   System Logging Service
--More--

			

16.2.2. service

# service nginx
Usage: nginx {start|stop|restart|condrestart|try-restart|force-reload|upgrade|reload|status|help|configtest}

# service nginx stop
# service nginx start
# service nginx restart
		
[ ] NetworkManager   自動在多種網絡連接中進行轉換,如果你的電腦有Wireless WiFi 和 Ethernet多種網絡連接類型的話,可以選擇開啟。
[ ] acpid            (Advanced Configuration and Power Interface)是為替代傳統的APM電源管理標準而推出的新型電源管理標準。通常筆記型電腦需要啟動電源進行管理。
[*] anacron          自動化運行任務守護進程
[*] atd              自動化運行任務守護進程
[ ] auditd           審核信息,將消息寫入控制台以及 audit_warn 電子郵件別名。用於存放內核生成的系統審查記錄,這些記錄會被一些程序使用。特別是對於SELinux用戶來說。
[ ] autofs           自動掛載/卸載檔案系統服務,可以自動掛載想訪問但還未掛載的檔案系統,自動卸載長期不訪問的檔案系統,自動安裝管理進程automount,與NFS 相關,依賴于NIS
[ ] avahi-daemon     Zeroconf service discovery守護進程,Avahi是zeroconf協議的實現。它可以在沒有DNS服務的區域網路裡發現基于zeroconf協議的設備和服務。它跟mDNS一樣。除非你有兼容的設備或使用 zeroconf 協議的服務,否則就可以關閉。
[ ] avahi-dnsconfd   /etc/avahi/dnsconf.action腳本守護進程
[ ] bluetooth        藍芽
[ ] conman           控制台管理
[ ] cpuspeed         監測系統空閒百分比,降低或加快CPU時鐘速度和電壓
[*] crond            一個傳統的UNIX程序crontab,可以周期地運行用戶調度的任務。
[ ] cups             通用UNIX打印守護進程,(Common UNIX Printing System)公共UNIX打印支持,為Linux提供打印功能。 安裝打印機時需要的服務。
[ ] dnsmasq          Dns cache server守護進程
[ ] dund             藍芽撥號網絡
[ ] firstboot        安裝完之後的用戶配置嚮導,用於第一次設置系統
[ ] gpm              為文本模式下的Linux程序提供滑鼠支持、拷貝、粘貼操作、彈出式菜單
[ ] haldaemon        硬件監控系統
[ ] hidd             藍芽H.I.D.伺服器
[ ] httpd            Apache伺服器
[ ] ip6tables        防火牆守護進程
[*] iptables         防火牆守護進程
[ ] irda             紅外連接埠守護進程
[*] irqbalance       多系統處理器環境下的系統中斷請求進行負載平衡,單CPU無用
[ ] kudzu            硬件自動檢測程序,如不增加新硬件,可以關閉
[ ] lvm2-monitor     LVM2 mirror devices守護進程
[ ] mcstrans         SELinux Context Translation System Daemon
[ ] mdmonitor        RAID相關設備的守護程序
[ ] mdmpd            RAID相關設備的守護程序
[*] messagebus       事件監控服務,在必要時向所有用戶發送廣播信息
[ ] microcode_ctl    可編碼以及發送新微代碼到內核以更新Intel IA32系列處理器守護進程
[ ] multipathd       Manage device-mapper multipath devices
[ ] netconsole       Initializes network console logging
[ ] netfs            安裝和卸載NFS、SAMBA和NCP網絡檔案系統
[ ] netplugd         服務監控網絡界面,根據信號關閉或啟動它,用於手提電腦
[*] network          激活已配置網絡介面的腳本程序
[ ] nfs              網絡檔案系統守護進程
[ ] nfslock          NFS檔案鎖定功能
[ ] nscd             密碼與群查找服務
[ ] ntpd             網絡時間同步
[ ] oddjobd
[ ] pand             藍芽個人區域網絡
[ ] pcscd            智能卡支持
[ ] portmap          用來支持RPC連接,RPC被用於NFS以及NIS 等服務
[ ] psacct           進程審計守護進程
[ ] rawdevices		 rawdevices	to block devices。Oracle資料庫使用
[ ] rdisc            discovers routers守護進程
[ ] readahead_early  開機內存載入優化
[ ] readahead_later  開機內存載入優化
[ ] restorecond      SELinux相關聯
[ ] rpcgssd          manages RPCSEC GSS contexts for the NFSv4 server
[ ] rpcidmapd        rpcidmapd for NFSv4 that maps user names to UID and GID nu
[ ] rpcsvcgssd       rpcsvcgssd manages RPCSEC GSS contexts for the NFSv4 server
[ ] saslauthd        使用SASL的認證守護進程
[*] sendmail         郵件伺服器sendmail守護進程
[*] smartd           監控硬碟故障
[*] sshd             OpenSSH伺服器守護進程
[*] syslog           系統日誌
[ ] winbind          用於Samba伺服器
[ ] wpa_supplicant   無線設備支持
[ ] xfs              X Window字型伺服器守護進程,為本地和遠程X伺服器提供字型集
[ ] ypbind           為NIS客戶機激活ypbind服務進程
[ ] yum-updatesd	 RPM操作系統自動升級和軟件包管理守護進程
		

16.2.2.1. chkconfig

chkconfig acpid off
			
[root@development ~]# chkconfig --add mysqld 		[在服務清單中添加mysql服務]
[root@development ~]# chkconfig mysqld on			[設置mysql服務開機啟動]
[root@development ~]# chkconfig --list mysqld		[設置mysql啟動級別]
mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off
			
chkconfig --level 3 mysqld on
chkconfig --level 3 mysqld off
			

16.2.3. xinetd.d

# yum -y install xinetd
		

16.2.3.1. tftpd

# yum install -y tftp-server tftp
			

/etc/xinetd.d/tftp

# vim /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /tftpboot
        disable                 = yes
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}
			

disable = yes 改為 disable = no

mkdir /tftpboot
/etc/init.d/xinetd restart
			
16.2.3.1.1. atftp-server
# yum install -y atftp-server atftp
				

/etc/xinetd.d/tftp

# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer protocol. The tftp protocol is often used to boot diskless workstations, download configuration files to network-aware printers, and to start the installation process for some operating systems.
service tftp
{
    disable         = no
    socket_type     = dgram
    protocol        = udp
    wait            = yes
    user            = root
    server          = /usr/sbin/in.tftpd
    server_args     = /tftpboot
    per_source      = 11
    cps             = 100 2
    flags           = IPv4
}
				

atftp-server 是一個可以不依賴xinetd的tftp伺服器

				

16.2.3.2. rsync

# vim /etc/xinetd.d/rsync
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
#       allows crc checksumming etc.
service rsync
{
        disable = no
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/bin/rsync
        server_args     = --daemon
        log_on_failure  += USERID
}

			

16.2.3.3. rshd

/etc/xinetd.d/rsh

# cat  /etc/xinetd.d/rsh
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
#	consequently, for the rsh(1) program.  The server provides \
#	remote execution facilities with authentication based on \
#	privileged port numbers from trusted hosts.
service shell
{
	socket_type		= stream
	wait			= no
	user			= root
	log_on_success		+= USERID
	log_on_failure 		+= USERID
	server			= /usr/sbin/in.rshd
	disable			= no
}
			

訪問權限配置

# cat /etc/hosts.allow
#
# hosts.allow	This file describes the names of the hosts which are
#		allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
#
in.rshd : your.example.com 192.168.0.1
			
# cat /etc/hosts.deny
#
# hosts.deny	This file describes the names of the hosts which are
#		*not* allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
all : all
			

訪問主機設置

# cat ~/.rhosts
your.example.com user
192.168.0.1	user
			

16.2.4. rpcinfo

# rpcinfo -p 192.168.187.75
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp    697  status
    100024    1   tcp    700  status
    100011    1   udp    864  rquotad
    100011    2   udp    864  rquotad
    100011    1   tcp    867  rquotad
    100011    2   tcp    867  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100021    1   udp  32778  nlockmgr
    100021    3   udp  32778  nlockmgr
    100021    4   udp  32778  nlockmgr
    100021    1   tcp  35837  nlockmgr
    100021    3   tcp  35837  nlockmgr
    100021    4   tcp  35837  nlockmgr
    100005    1   udp    880  mountd
    100005    1   tcp    883  mountd
    100005    2   udp    880  mountd
    100005    2   tcp    883  mountd
    100005    3   udp    880  mountd
    100005    3   tcp    883  mountd
		

16.2.5. SELINUX

禁用SElinux編輯/etc/selinux/config,修改如下內容:

SELINUX=disabled
		

使用命令

getenforce
setenforce 0
		
lokkit --selinux=disabled