# systemctl stop postfix # systemctl stop avahi-daemon # systemctl disable postfix # systemctl disable avahi-daemon
[root@www.netkiller.cn ~]# systemctl is-enabled mongod enabled [root@www.netkiller.cn ~]# systemctl is-enabled spring disabled
# systemctl list-unit-files UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static dev-hugepages.mount static dev-mqueue.mount static proc-sys-fs-binfmt_misc.mount static sys-fs-fuse-connections.mount static sys-kernel-config.mount static sys-kernel-debug.mount static tmp.mount disabled brandbot.path disabled systemd-ask-password-console.path static systemd-ask-password-plymouth.path static systemd-ask-password-wall.path static session-1.scope static session-2.scope static session-3.scope static session-4.scope static auditd.service enabled autovt@.service disabled avahi-daemon.service enabled blk-availability.service disabled brandbot.service static console-getty.service disabled console-shell.service disabled cpupower.service disabled crond.service enabled dbus-org.fedoraproject.FirewallD1.service enabled dbus-org.freedesktop.Avahi.service enabled dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.locale1.service static dbus-org.freedesktop.login1.service static dbus-org.freedesktop.machine1.service static dbus-org.freedesktop.NetworkManager.service enabled dbus-org.freedesktop.nm-dispatcher.service enabled dbus-org.freedesktop.timedate1.service static dbus.service static debug-shell.service disabled dm-event.service disabled dnsmasq.service disabled dracut-cmdline.service static dracut-initqueue.service static dracut-mount.service static dracut-pre-mount.service static dracut-pre-pivot.service static dracut-pre-trigger.service static dracut-pre-udev.service static dracut-shutdown.service static ebtables.service disabled emergency.service static firewalld.service enabled getty@.service enabled halt-local.service static initrd-cleanup.service static initrd-parse-etc.service static initrd-switch-root.service static initrd-udevadm-cleanup-db.service static irqbalance.service enabled kdump.service enabled kmod-static-nodes.service static lvm2-lvmetad.service disabled lvm2-monitor.service enabled lvm2-pvscan@.service static messagebus.service static microcode.service enabled NetworkManager-dispatcher.service enabled NetworkManager-wait-online.service disabled NetworkManager.service enabled plymouth-halt.service disabled plymouth-kexec.service disabled plymouth-poweroff.service disabled plymouth-quit-wait.service disabled plymouth-quit.service disabled plymouth-read-write.service disabled plymouth-reboot.service disabled plymouth-start.service disabled plymouth-switch-root.service static polkit.service static postfix.service enabled quotaon.service static rc-local.service static rdisc.service disabled rescue.service static rhel-autorelabel-mark.service static rhel-autorelabel.service static rhel-configure.service static rhel-dmesg.service disabled rhel-domainname.service disabled rhel-import-state.service static rhel-loadmodules.service static rhel-readonly.service static rsyslog.service enabled serial-getty@.service disabled sshd-keygen.service static sshd.service enabled sshd@.service static systemd-ask-password-console.service static systemd-ask-password-plymouth.service static systemd-ask-password-wall.service static systemd-backlight@.service static systemd-binfmt.service static systemd-fsck-root.service static systemd-fsck@.service static systemd-halt.service static systemd-hibernate.service static systemd-hostnamed.service static systemd-hybrid-sleep.service static systemd-initctl.service static systemd-journal-flush.service static systemd-journald.service static systemd-kexec.service static systemd-localed.service static systemd-logind.service static systemd-machined.service static systemd-modules-load.service static systemd-nspawn@.service disabled systemd-poweroff.service static systemd-quotacheck.service static systemd-random-seed.service static systemd-readahead-collect.service enabled systemd-readahead-done.service static systemd-readahead-drop.service enabled systemd-readahead-replay.service enabled systemd-reboot.service static systemd-remount-fs.service static systemd-shutdownd.service static systemd-suspend.service static systemd-sysctl.service static systemd-timedated.service static systemd-tmpfiles-clean.service static systemd-tmpfiles-setup-dev.service static systemd-tmpfiles-setup.service static systemd-udev-settle.service static systemd-udev-trigger.service static systemd-udevd.service static systemd-update-utmp-runlevel.service static systemd-update-utmp.service static systemd-user-sessions.service static systemd-vconsole-setup.service static teamd@.service static tuned.service enabled wpa_supplicant.service disabled -.slice static machine.slice static system.slice static user.slice static avahi-daemon.socket enabled dbus.socket static dm-event.socket enabled lvm2-lvmetad.socket enabled sshd.socket disabled syslog.socket static systemd-initctl.socket static systemd-journald.socket static systemd-shutdownd.socket static systemd-udevd-control.socket static systemd-udevd-kernel.socket static basic.target static bluetooth.target static cryptsetup.target static ctrl-alt-del.target disabled default.target enabled emergency.target static final.target static getty.target static graphical.target disabled halt.target disabled hibernate.target static hybrid-sleep.target static initrd-fs.target static initrd-root-fs.target static initrd-switch-root.target static initrd.target static kexec.target disabled local-fs-pre.target static local-fs.target static multi-user.target enabled network-online.target static network.target static nss-lookup.target static nss-user-lookup.target static paths.target static poweroff.target disabled printer.target static reboot.target disabled remote-fs-pre.target static remote-fs.target enabled rescue.target disabled rpcbind.target static runlevel0.target disabled runlevel1.target disabled runlevel2.target disabled runlevel3.target disabled runlevel4.target disabled runlevel5.target disabled runlevel6.target disabled shutdown.target static sigpwr.target static sleep.target static slices.target static smartcard.target static sockets.target static sound.target static suspend.target static swap.target static sysinit.target static system-update.target static time-sync.target static timers.target static umount.target static systemd-readahead-done.timer static systemd-tmpfiles-clean.timer static 210 unit files listed.
# systemctl --failed UNIT LOAD ACTIVE SUB DESCRIPTION ● spring.service loaded failed failed Spring Boot Application LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 1 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'.
$ systemctl list-units --type=target UNIT LOAD ACTIVE SUB DESCRIPTION basic.target loaded active active Basic System cryptsetup.target loaded active active Encrypted Volumes getty.target loaded active active Login Prompts local-fs-pre.target loaded active active Local File Systems (Pre) local-fs.target loaded active active Local File Systems multi-user.target loaded active active Multi-User System network-online.target loaded active active Network is Online network.target loaded active active Network paths.target loaded active active Paths slices.target loaded active active Slices sockets.target loaded active active Sockets swap.target loaded active active Swap sysinit.target loaded active active System Initialization timers.target loaded active active Timers LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 14 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'.
$ systemctl list-units | more UNIT LOAD ACTIVE SUB DESCRIPTION proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point sys-devices-platform-serial8250-tty-ttyS0.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS0 sys-devices-platform-serial8250-tty-ttyS1.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS1 sys-devices-platform-serial8250-tty-ttyS2.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS2 sys-devices-platform-serial8250-tty-ttyS3.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS3 sys-devices-vbd\x2d51728-block-xvdb-xvdb1.device loaded active plugged /sys/devices/vbd-51728/block/xvdb/xvdb1 sys-devices-vbd\x2d51728-block-xvdb.device loaded active plugged /sys/devices/vbd-51728/block/xvdb sys-devices-vbd\x2d768-block-xvda-xvda1.device loaded active plugged /sys/devices/vbd-768/block/xvda/xvda1 sys-devices-vbd\x2d768-block-xvda.device loaded active plugged /sys/devices/vbd-768/block/xvda sys-devices-vif\x2d0-net-eth0.device loaded active plugged /sys/devices/vif-0/net/eth0 sys-devices-vif\x2d1-net-eth1.device loaded active plugged /sys/devices/vif-1/net/eth1 sys-devices-virtual-net-tun0.device loaded active plugged /sys/devices/virtual/net/tun0 sys-module-configfs.device loaded active plugged /sys/module/configfs sys-subsystem-net-devices-eth0.device loaded active plugged /sys/subsystem/net/devices/eth0 sys-subsystem-net-devices-eth1.device loaded active plugged /sys/subsystem/net/devices/eth1 sys-subsystem-net-devices-tun0.device loaded active plugged /sys/subsystem/net/devices/tun0 -.mount loaded active mounted / dev-hugepages.mount loaded active mounted Huge Pages File System dev-mqueue.mount loaded active mounted POSIX Message Queue File System opt.mount loaded active mounted /opt proc-sys-fs-binfmt_misc.mount loaded active mounted Arbitrary Executable File Formats File System proc-xen.mount loaded active mounted /proc/xen run-user-0.mount loaded active mounted /run/user/0 sys-kernel-config.mount loaded active mounted Configuration File System sys-kernel-debug.mount loaded active mounted Debug File System brandbot.path loaded active waiting Flexible branding systemd-ask-password-plymouth.path loaded active waiting Forward Password Requests to Plymouth Directory Watch systemd-ask-password-wall.path loaded active waiting Forward Password Requests to Wall Directory Watch session-231.scope loaded active running Session 231 of user root session-571.scope loaded active running Session 571 of user root aegis.service loaded active running LSB: aegis update. agentwatch.service loaded active running SYSV: Starts and stops guest agent cloudmonitor.service loaded active running LSB: @app.long.name@ crond.service loaded active running Command Scheduler dbus.service loaded active running D-Bus System Message Bus exim.service loaded active running Exim Mail Transport Agent getty@tty1.service loaded active running Getty on tty1 gitlab-runsvdir.service loaded active running GitLab Runit supervision process iptables.service loaded active exited IPv4 firewall with iptables jexec.service loaded active exited LSB: Supports the direct execution of binary formats. kmod-static-nodes.service loaded active exited Create list of required static device nodes for the current kernel lvm2-lvmetad.service loaded active running LVM2 metadata daemon lvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling mysqld.service loaded active running MySQL Server network.service loaded active exited LSB: Bring up/down networking nscd.service loaded active running Name Service Cache Daemon ntpd.service loaded active running Network Time Service openvpn@server.service loaded active running OpenVPN Robust And Highly Flexible Tunneling Application On server rhel-dmesg.service loaded active exited Dump dmesg to /var/log/dmesg rhel-import-state.service loaded active exited Import network configuration from initramfs rhel-readonly.service loaded active exited Configure read-only root support rsyslog.service loaded active running System Logging Service --More--
# service nginx
Usage: nginx {start|stop|restart|condrestart|try-restart|force-reload|upgrade|reload|status|help|configtest}
# service nginx stop
# service nginx start
# service nginx restart
[ ] NetworkManager 自動在多種網絡連接中進行轉換,如果你的電腦有Wireless WiFi 和 Ethernet多種網絡連接類型的話,可以選擇開啟。 [ ] acpid (Advanced Configuration and Power Interface)是為替代傳統的APM電源管理標準而推出的新型電源管理標準。通常筆記型電腦需要啟動電源進行管理。 [*] anacron 自動化運行任務守護進程 [*] atd 自動化運行任務守護進程 [ ] auditd 審核信息,將消息寫入控制台以及 audit_warn 電子郵件別名。用於存放內核生成的系統審查記錄,這些記錄會被一些程序使用。特別是對於SELinux用戶來說。 [ ] autofs 自動掛載/卸載檔案系統服務,可以自動掛載想訪問但還未掛載的檔案系統,自動卸載長期不訪問的檔案系統,自動安裝管理進程automount,與NFS 相關,依賴于NIS [ ] avahi-daemon Zeroconf service discovery守護進程,Avahi是zeroconf協議的實現。它可以在沒有DNS服務的區域網路裡發現基于zeroconf協議的設備和服務。它跟mDNS一樣。除非你有兼容的設備或使用 zeroconf 協議的服務,否則就可以關閉。 [ ] avahi-dnsconfd /etc/avahi/dnsconf.action腳本守護進程 [ ] bluetooth 藍芽 [ ] conman 控制台管理 [ ] cpuspeed 監測系統空閒百分比,降低或加快CPU時鐘速度和電壓 [*] crond 一個傳統的UNIX程序crontab,可以周期地運行用戶調度的任務。 [ ] cups 通用UNIX打印守護進程,(Common UNIX Printing System)公共UNIX打印支持,為Linux提供打印功能。 安裝打印機時需要的服務。 [ ] dnsmasq Dns cache server守護進程 [ ] dund 藍芽撥號網絡 [ ] firstboot 安裝完之後的用戶配置嚮導,用於第一次設置系統 [ ] gpm 為文本模式下的Linux程序提供滑鼠支持、拷貝、粘貼操作、彈出式菜單 [ ] haldaemon 硬件監控系統 [ ] hidd 藍芽H.I.D.伺服器 [ ] httpd Apache伺服器 [ ] ip6tables 防火牆守護進程 [*] iptables 防火牆守護進程 [ ] irda 紅外連接埠守護進程 [*] irqbalance 多系統處理器環境下的系統中斷請求進行負載平衡,單CPU無用 [ ] kudzu 硬件自動檢測程序,如不增加新硬件,可以關閉 [ ] lvm2-monitor LVM2 mirror devices守護進程 [ ] mcstrans SELinux Context Translation System Daemon [ ] mdmonitor RAID相關設備的守護程序 [ ] mdmpd RAID相關設備的守護程序 [*] messagebus 事件監控服務,在必要時向所有用戶發送廣播信息 [ ] microcode_ctl 可編碼以及發送新微代碼到內核以更新Intel IA32系列處理器守護進程 [ ] multipathd Manage device-mapper multipath devices [ ] netconsole Initializes network console logging [ ] netfs 安裝和卸載NFS、SAMBA和NCP網絡檔案系統 [ ] netplugd 服務監控網絡界面,根據信號關閉或啟動它,用於手提電腦 [*] network 激活已配置網絡介面的腳本程序 [ ] nfs 網絡檔案系統守護進程 [ ] nfslock NFS檔案鎖定功能 [ ] nscd 密碼與群查找服務 [ ] ntpd 網絡時間同步 [ ] oddjobd [ ] pand 藍芽個人區域網絡 [ ] pcscd 智能卡支持 [ ] portmap 用來支持RPC連接,RPC被用於NFS以及NIS 等服務 [ ] psacct 進程審計守護進程 [ ] rawdevices rawdevices to block devices。Oracle資料庫使用 [ ] rdisc discovers routers守護進程 [ ] readahead_early 開機內存載入優化 [ ] readahead_later 開機內存載入優化 [ ] restorecond SELinux相關聯 [ ] rpcgssd manages RPCSEC GSS contexts for the NFSv4 server [ ] rpcidmapd rpcidmapd for NFSv4 that maps user names to UID and GID nu [ ] rpcsvcgssd rpcsvcgssd manages RPCSEC GSS contexts for the NFSv4 server [ ] saslauthd 使用SASL的認證守護進程 [*] sendmail 郵件伺服器sendmail守護進程 [*] smartd 監控硬碟故障 [*] sshd OpenSSH伺服器守護進程 [*] syslog 系統日誌 [ ] winbind 用於Samba伺服器 [ ] wpa_supplicant 無線設備支持 [ ] xfs X Window字型伺服器守護進程,為本地和遠程X伺服器提供字型集 [ ] ypbind 為NIS客戶機激活ypbind服務進程 [ ] yum-updatesd RPM操作系統自動升級和軟件包管理守護進程
chkconfig acpid off
[root@development ~]# chkconfig --add mysqld [在服務清單中添加mysql服務] [root@development ~]# chkconfig mysqld on [設置mysql服務開機啟動] [root@development ~]# chkconfig --list mysqld [設置mysql啟動級別] mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off
chkconfig --level 3 mysqld on chkconfig --level 3 mysqld off
# yum -y install xinetd
# yum install -y tftp-server tftp
/etc/xinetd.d/tftp
# vim /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
disable = yes
per_source = 11
cps = 100 2
flags = IPv4
}
disable = yes 改為 disable = no
mkdir /tftpboot /etc/init.d/xinetd restart
# yum install -y atftp-server atftp
/etc/xinetd.d/tftp
# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer protocol. The tftp protocol is often used to boot diskless workstations, download configuration files to network-aware printers, and to start the installation process for some operating systems.
service tftp
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = /tftpboot
per_source = 11
cps = 100 2
flags = IPv4
}
atftp-server 是一個可以不依賴xinetd的tftp伺服器
# vim /etc/xinetd.d/rsync
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
/etc/xinetd.d/rsh
# cat /etc/xinetd.d/rsh
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
# consequently, for the rsh(1) program. The server provides \
# remote execution facilities with authentication based on \
# privileged port numbers from trusted hosts.
service shell
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
disable = no
}
訪問權限配置
# cat /etc/hosts.allow # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # in.rshd : your.example.com 192.168.0.1
# cat /etc/hosts.deny # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! all : all
訪問主機設置
# cat ~/.rhosts your.example.com user 192.168.0.1 user
# rpcinfo -p 192.168.187.75
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 697 status
100024 1 tcp 700 status
100011 1 udp 864 rquotad
100011 2 udp 864 rquotad
100011 1 tcp 867 rquotad
100011 2 tcp 867 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 32778 nlockmgr
100021 3 udp 32778 nlockmgr
100021 4 udp 32778 nlockmgr
100021 1 tcp 35837 nlockmgr
100021 3 tcp 35837 nlockmgr
100021 4 tcp 35837 nlockmgr
100005 1 udp 880 mountd
100005 1 tcp 883 mountd
100005 2 udp 880 mountd
100005 2 tcp 883 mountd
100005 3 udp 880 mountd
100005 3 tcp 883 mountd