m (add cat) |
(I added lvm2-monitor) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 166: | Line 166: | ||
|- | |- | ||
| Amanda BackupPC || Backup software | | Amanda BackupPC || Backup software | ||
|- | |||
| abrt || Automatic Bug-Reporting Tool. | |||
|- | |||
| acpid || Advanced Configuration and Power Interface daemon which controls and allows interfacing to power management and certain input devices.. | |||
|- | |- | ||
| amd || Runs the automount daemon for remote filesystem mounting such as nfs. | | amd || Runs the automount daemon for remote filesystem mounting such as nfs. | ||
Line 224: | Line 228: | ||
|- | |- | ||
| isdn || Provides ISDN functionality. | | isdn || Provides ISDN functionality. | ||
|- | |||
| jexec || This is provided as a helper to directly run java JAR applications. This is will be included if you installed Sun Java. It is not necessary and can be disabled. | |||
|- | |- | ||
| kdump || kexec based crash dumping mechanism for Linux. | | kdump || kexec based crash dumping mechanism for Linux. | ||
Line 238: | Line 244: | ||
|- | |- | ||
| lpd || local printer services | | lpd || local printer services | ||
|- | |||
| lvm2-monitor || This is a monitoring application for your LVM (Logical Volume Management) system. This is recommended if you use LVM, however if you use manually partition your drives it can be disabled. | |||
|- | |- | ||
| mcstran || SELinux related | | mcstran || SELinux related |
Latest revision as of 00:53, 30 November 2011
Services and Daemons
Introduction
Services (daemons) are programs that perform useful functions on a system but are not normally started by the user. For example, MySQL runs normally as a service; it is not started every time another service needs to connect to the database. Instead, it is normally always running once configured, unless manually shut down.
Services can be started at other times than at system boot. They may be turned on,off, or restarted without restarting the machine as well as being set to run only at certain run levels.
Run levels are various states the machine can exist in. There are two main run levels most Linux users see. Run level 5 is usually the default for most systems, and presents a full graphical environment. The other is run level 3, which is typically used on servers that don't run a graphical environment, or for trouble shooting and low level system driver installation. Run level 0 is a system halt. Run level 6 is a system reboot.
To change run levels, use the init
command.
Services and Security
Turn off any service not being used. Leaving a service running that is not used leaves a potential system vulnerability for no benefit. For example, Bluetooth in Fedora is enabled by default. If the system isn't actively connecting to a Bluetooth device, there is no reason to keep the service running. Until recently an ISDN service ran by default. If the system does not use ISDN to connect to the Internet, there is no reason to have it installed and always running. There are several ways to
find out what a running system's purpose is. [[The GUI service menus often
]have descriptions.?? On the command line, the command man <service name>
produces documentation about most services. The general rule is to leave it
running unless it is known what the services does.
Configuring Services
- In KDE (presumes the
kde-admin
tools are installed): Click on the Fedora icon in the toolbar on the default desktop, then navigate to Administration > Server Settings > Services. - In Gnome, in the toolbar click on System > Server Settings > Services.
- Give the root password when prompted.
In the KDE services application, clicking on a service produces a description of that service and its status. Services without a check mark are not started at run (boot) time. To prevent a service from running on system start up, uncheck the box next to it.
- To enable a service at start up, check the box.
- To stop a service select it, then click on the Stop button.
In the GNOME services application, the On Demand Services tab is for services that are loaded when a client program calls them. For example, the backup system Amanda only runs when an Amanda client talks to the system.
To save the new configuration, click on the Save button. Failing to save changes means the services do not change start up behavior. Clicking on the Revert button erases all the changes.
Services can be configured to start/not start from the command line
using chkconfig
. The basic usage of chkconfig
is to check
the list of services and what run level they start in:
/sbin/chkconfig --list NetworkManager 0:off 1:off 2:on 3:on 4:on 5:on 6:off NetworkManagerDispatcher 0:off 1:off 2:off 3:off 4:off 5:off 6:off acpid 0:off 1:off 2:off 3:off 4:off 5:off 6:off anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off ...
- Open a terminal window (Applications > Accessories > Terminal)
- To disable a service such as
sendmail
:su -c 'chkconfig --level 2345 sendmail off'
This stopssendmail
from being started in run levels 2,3,4, and 5. - To turn sendmail on for run levels 3 and 5:
su -c 'chkconfig --level 35 sendmail on'
A full list of chkconfig
options is available on the manual page:
man chkconfig
To manually stop, restart, or start a service that wasn't already
running, use the service
command. This example starts the
sendmail
service:
su -c 'service sendmail restart'
In the screen capture you see an example of stopping a service that failed. In this case because the service was already stopped. You will also see an example of starting NFS. Notice that not just NFS started. 3 other services started automatically when NFS started. Many services are like this.
There is one final way to edit services.
To stop a service, use ps
to acquire its PID, then stop
the PID using the kill
command. To modify the stop/start of a
service in a particular run time level, edit the /etc/rc
files:
ls -d /etc/rc* rc rc1.d/ rc3.d/ rc5.d/ rc.d/ rc.sysinit rc0.d/ rc2.d/ rc4.d/ rc6.d/ rc.local
Each directory corresponds with the same numbered run time level. To
start a service for run time level 5, add a link in the /etc/rc5.d/
directory to the corresponding start script in
/etc/init.d
. The S
and K
prefix
with a number refers to the order in which that service is started or
stopped when the system is starting up or shutting down.
These last methods are recommended only for experienced users. On rare occasions it is necessary to modify these files to change default behavior. Generally, an administrator never has to directly touch these files.
xinetd-Based Services
Many services run as sub-services managed by the xinetd
service. FTP servers, backup servers, rsync
, and a host of others. To enable or disable these services, use the chkconfig
command as with init
based services.
A default configuration of xinetd
services is:
/sbin/chkconfig --list ... xinetd based services: amanda: off amandaidx: off amidxtape: off apgd: off chargen-dgram: off chargen-stream: off csync2: off cups-lpd: off cvs: off daytime-dgram: off daytime-stream: off discard-dgram: off discard-stream: off echo-dgram: off echo-stream: off eklogin: off ekrb5-telnet: off gssftp: off klogin: off krb5-telnet: off kshell: off ktalk: off rsync: off tcpmux-server: off time-dgram: off time-stream: off
For example, to turn on the xinetd
service for rsync
, use the following command:
/sbin/chkconfig rsync on
Then reload the service's configuration with the command su -c 'service xinetd reload'
.
Re-issueing the /sbin/chkconfig --list
command you now see
/sbin/chkconfig --list | grep rsync rsync: on
To customize the configuration of an xinetd
service, edit the file for that service in the /etc/xinetd.d
directory. For more information on the syntax of these configuration files, refer to the man
page for xinetd.conf(5)
.
Common Services
Some services commonly found on Fedora installations.
Service | Description |
---|---|
Amanda BackupPC | Backup software |
abrt | Automatic Bug-Reporting Tool. |
acpid | Advanced Configuration and Power Interface daemon which controls and allows interfacing to power management and certain input devices.. |
amd | Runs the automount daemon for remote filesystem mounting such as nfs. |
anacron and crond | Runs certain programs at specified times. |
apmd | Monitors laptop battery power and shuts down if power gets too low. |
atd | at scheduler. Automatically runs programs/scripts that meet certain criteria. |
auditd | System audit daemon |
autofs | Used to automatically mount filesystems listed in fstab. |
avahi-daemon, avahi-dnsconfd | Supports Apple's Zeroconf protocol. |
bluetooth | Provides Bluetooth functionality. |
btseed, bttrack | Bittorrent related utils. |
cfenvd, cfexecd, cfservd | Part of the cfengine services. cfengine is a system configuration an anomaly detection. |
cman | Cluster manager |
cpuspeed | System sensor and CPU speed adjustment. |
cups | Printing support |
dbmail, Postfix, Sendmail, spamassassin, dovecot | Email services and spam protection. |
dc_client, dc_server | Caching services |
denyhosts | Log watcher that bans hosts with too many failed login attempts. |
dhcdbd | Allow systems to use a DHCP server to obtain an IP address. |
dund | Bluetooth dial-up networking |
firstboot | Used after installation for post-installation configuration. You should turn this off after these configurations are complete. |
gpm | Mouse support on the console |
haldaemon | Hardware detection layer |
hidd | Bluetooth HID daemon |
hplip | HP Linux Imaging and Printing |
httpd | Apache web server |
ip6tables and iptable | Firewall |
ipsec | IPsec encryption/authentication |
irda | Provides infrared device services. |
irqbalance | Distributes hardware interrupts across processors on a multi-processor system. |
isdn | Provides ISDN functionality. |
jexec | This is provided as a helper to directly run java JAR applications. This is will be included if you installed Sun Java. It is not necessary and can be disabled. |
kdump | kexec based crash dumping mechanism for Linux. |
kudzu | Looks for new hardware at boot. Runs only at boot time. |
ldap | LDAP server |
lirc | Linux infrared support |
lisa | Network discovery and protocols |
lm_sensors | Support for hardware sensors such as CPU temp. |
lpd | local printer services |
lvm2-monitor | This is a monitoring application for your LVM (Logical Volume Management) system. This is recommended if you use LVM, however if you use manually partition your drives it can be disabled. |
mcstran | SELinux related |
mdmonitor | Software RAID support. Turn off if you are not using it. |
mdmpd | Multipath device support |
messagebus | App to app communications |
multipathd | failover and multipath support |
microcode_ctl | Support for IA32 (Intel PII and newer) microcode |
mysqld, Postgresql, Oracle | Database servers |
named | Bind DNS server |
netfs | Mounts NFS, SMB and other remote filesystems. |
netplugd | Linux networking related services |
network | Brings up the network. |
nfs, nfslock | Provides NFS services. |
nscd | Name service cache daemon |
ntpd | Syncs your computer clock with time servers. |
openais | Clustering, failover, checkpointing and related API. |
pand | BlueZ Bluetooth PAN daemon |
pcmcia | Provides pcmcia support. May be safely stopped if you are not using a laptop. |
pcscd | Smart card support |
portmap | Support for port mapping and RPC. |
psacct | Monitors system activity and provides audit trail of user actions. |
pxe | Provides pxe support. (Preboot execution environment) |
raduisd | Provides radius VPN support. |
random | Kernel random number generator. |
rdisc | Network discovery daemon |
readahead_early, readahead_later | Used in speeding up boot time. |
restorecond | Sets default SELinux context on new files. |
rpcgssd, rpcidmap, rpcsvcgssd | Network file-sharing support |
rsync | rsync run as a service. Synchronises files mostly between remote systems. |
saslauthd | SASL authentication server |
sgi_fam | File alteration monitor |
smartd | Watches hard-drives for problems. |
smb | Samba server |
snmpd, snmtrapd | Linux SNMP support |
squid | Proxy server |
sshd | SSH server |
syslog | System logging service |
sysstat | Starts special system logging services. |
tux | Tux web server |
vncserver | VNC server |
vsftpd | FTP server |
winbind | Maps Windows domain databases to UNIX |
wpa_supplicant | WPA (Wi-Fi Protected Access) supplicant for Linux |
xend, xendomains, VMware, libvirtd | Provides a virtual machine. |
xfs | X Font Server |
ypbind | YP/NIS support |
yum-updatesd | Automatic yum updates |