Linux servers start with a number of system services that provide local and network users with a system-functional interface for Linux that is directly targeted to applications and users. The programs that provide these services are executed by daemons running in the background (daemons). A daemon is a process that has a long lifetime. They are independent of the control terminal and periodically perform certain tasks or wait to handle certain occurrences. They often start when the system boots and terminate when the system shuts down. Linux systems have many daemons, and most servers are implemented with daemons. At the same time, the daemon completes many system tasks, such as job planning process crond, printing process lqd and so on. Some books and materials also call the daemon a "service". Choose which daemons to run, depending on your specific needs. To view the services that the system can provide for the daemons, run as root with the following methods:
#ntsysv
The window shown in interface 1 below provides a detailed description of the functions of each system service. The English alphabet is the preface:
I. Introduction to the Linux daemon
1. Alsasound:alsa sound card driver daemon. The ALSA sound card driver was originally written for a sound card gravis Ultrasound (GUS) and the program proved to be excellent, so the author started writing drivers for the general sound card. Alsa and Oss/free and Oss/linux are compatible, but have their own interfaces, even better than OSS.
2. Acpid:acpid (Advanced Configuration and Power Interface) is a new power management standard that has been introduced to replace traditional APM power management standards. Usually laptops need to be powered up for management.
3. Atalk:appletalk the network daemon. Be careful not to run the program in the background, the program's data structure must be initialized before running other processes.
4. AMD: Automatically installs the NFS daemon.
5. Anacron: An automated running task daemon. Red Hat Linux has four tools for automating tasks: Cron, Anacron, at, and BATC. When your Linux server is not running all day, this anacron can help you perform the work that you did not do during the "crontab" time set.
6. APMD:APMD (Advanced Power Management) is a premium management. Traditional power management standards, for notebook computers are more useful, you can understand the system's battery power information. and writes the relevant information to the log through SYSLOGD. can also be used to shut down when power is low.
7. ARPTABLES_JF: Control the filtering daemon for users of the Arptables network.
8. Arpwatch: Log and build an Ethernet address and IP address pair database that you see on the LAN interface.
Atd:at and Batch command daemons, the tasks that the user dispatches with the AT command. Batch is used to run batch tasks when the system load is low.
9. AutoFS: Automatically installs the management process AutoMount, which is related to NFS and relies on Server for NIS.
BOOTPARAMD: A boot parameter server that provides the information needed to boot a diskless workstation on a LAN.
Bluetooch: Bluetooth server daemon.
Crond:cron is a traditional program under UNIX that periodically runs user-scheduled tasks. Compared to the traditional UNIX version, the Linux version adds a lot of attributes and is more secure and simpler to configure. Similar to Scheduled tasks.
Chargen: The Chargen server,chargen (Character Generator Protocol) using the TCP protocol is a network service, and the main function is to provide similar remote typing capabilities.
CHARGEN-UDP: Chargen server using the UDP protocol.
Cpuspeed: Monitors system idle percentages, reduces or accelerates CPU clock speed and voltage to minimize energy consumption when the system is idle, and maximizes system execution speed when the system is busy.
DHCPD: The service daemon for Dynamic Host Control Protocol (PROTOCOL).
Cups:cups (Common Unix Printing System) is a generic UNIX print daemon that provides third-generation printing capabilities for Linux.
Cups-config-daemons:cups Print System Switch daemon.
The Cups-lpd:cups line Print daemon.
Daytime: The daytime daemon using the TCP protocol, which provides the client with the ability to obtain the date and time from a remote server. Default port: 13.
DAYTIME-UDP: The daytime daemon using the UDP protocol.
Dc_server: Proxy Server daemon using SSL Secure sockets.
Dc_client: The client daemon that uses SSL Secure sockets.
Diskdump: Server disk Backup daemon.
Echo: The server echoes the Customer data Service daemon.
ECHO-UDP: The server that uses the UDP protocol echoes the client data Service daemon.
Eklogin: A daemon that accepts rlogin session forensics and a service that is encrypted with KERBEROS5.
Gated: Gateway routing daemon. It supports a variety of routing protocols, including RIP versions 1 and 2, the DCN Hello Protocol, OSPF version 2, and EGP versions 2 through 4.
GPM:GPM (General Purpose Mouse Daemon) daemon provides mouse support for Linux programs in text mode such as MC (Midnight Commander). It also supports copy, paste, and pop-up menus for mouse under the console.
GSSFTP: FTP daemon with Kerberos 5 authentication
Httpd:web Server Apache daemon that can be used to provide HTML files as well as CGI dynamic content services.
inetd: Internet Operation daemon. Monitor the network's needs for the various services it manages, and start the appropriate service programs when necessary. Replaced by xinetd in Redhat and Mandrake Linux. Debian, Slackware, and SuSE are still used.
Innd:usenet News server Daemon.
Iiim: Chinese Input Method Server daemon.
Iptables:iptables Firewall daemon.
The. IrDA: Infrared Port daemon.
ISDN:ISDN starts and aborts the service daemon.
Krb5-telnet: The telnet daemon that uses Kerberos 5 authentication.
Klogin: remote login daemon.
Keytable: The function of this process is to reprint the keyboard mapping table defined in/etc/sysconfig/keyboards, which can be selected through the Kbdconfig tool. You should make the program active.
Irqbalance: A daemon that load balances system interrupt requests in multiple system processor environments. If you have only one CPU installed, you do not need to load this daemon.
Kshell:kshell daemon process.
Kudzu: Hardware automatic detection program, will automatically detect whether the hardware changes, and the corresponding hardware additions, deletions work. When the system starts, Kudzu detects the current hardware and controls the hardware information stored in the/etc/sysconfig/hwconf, and if a hardware is added or removed from the system, then Kudzu will be aware of it and inform the user whether to configure it. Then modify the etc/sysconfig/hwconf to keep the hardware data in sync with the system. If/etc/sysconfig/hwconf This file does not exist, then kudzu will be from/etc/modprobe.conf,/etc/sysconfig/network-scripts/and etc/x11/ Detects existing hardware in the xf86config. If you do not intend to add new hardware, you can turn off the startup service to speed up the system startup time.
The Directory Access Protocol server daemon for LDAP:LDAP (Lightweight Directory Access Protocol).
Lm_seroems: Detects the motherboard work daemon.
LPD:LPD is an old-fashioned print daemon responsible for submitting programs such as LPR to print jobs.
Mdmonitor:raid. Daemon for related devices.
Messagebus:d-bus is a library that provides one-to-two communication for two or more two applications. Dbus-daemon-1 is an application that uses this library to implement the Messagebus daemon. Multiple applications can exchange information with other programs by connecting the Messagebus daemon.
Microcode_ctl: Can encode and send new micro-code to the kernel to update the Intel IA32 Series Processor Daemon.
Mysqld: A fast and efficient and reliable lightweight SQL database engine daemon.
The Named:dns (BIND) server daemon.
NETPLUGD:NETPLUGD (Network cable hotplug Management daemon) daemon, which monitors the state of one or more network interfaces and runs an external script program when certain events are triggered.
Netdump: Remote network backup server daemon.
Netfs:network Filesystem Mounter, the process installs and uninstalls NFS, samba, and NCP network file systems.
NFS: Network File System daemon.
Nfslock:nfs is a popular protocol for sharing files over a TCP/IP network, and this daemon provides the NFS file locking feature.
Ntpd:network Time Protocol Daemon (Network Temporal Correction Protocol). NTPD is the protocol daemon used to keep the system and an accurate time source in sync with time.
NET: Activates/shuts down the various network interface daemons at startup.
PSACCT: The daemon includes several tools for monitoring process activity, including Ac,lastcomm, Accton, and SA.
PCMCIA: Mainly used to support the laptop interface daemon.
Portmap: This daemon is used to support RPC connections, and RPC is used for services such as NFS and NIS.
Postgresql:postgresql relational database engine.
PROFTPD:PROFTPD is a daemon that configures a flexible FTP server under UNIX.
PPPOE:ADSL Connection daemon.
Random: A high-quality random number generator that saves and restores the system, which is provided by some random behavior of the system.
Rawdevices: The daemon used to load raw devices when using a clustered file system.
ReadAhead, Readahead_early:readahead, and Readahead_early are the latest two daemons running in the background in Fedora Core 2. The function is to start the system, the file to be used to start the system to read into memory, and then execute in memory to speed up the system.
rhnsd:red Hat Network Service daemon. Notify the official security information and patch the system.
Routed: The daemon supports automatic IP routing table maintenance for RIP protocols. RIP is primarily used on small networks where a larger network requires a more complex protocol.
Rsync:remote Sync Remote Data Backup daemon.
RSH: Starts a shell on the remote host and executes the user command.
Rwhod: Allows a remote user to obtain a list of all logged-in users on the machine running the rwho daemon.
RSTATD: A waiting process for collecting and providing system information for other machines on the LAN.
Ruserd: Remote User location service, an RPC-based service that provides user information about the current record to a machine log in the LAN
RWALLD: Activates the Rpc.rwall service process, an RPC-based service that allows users to write messages to each other terminal registered on the LAN machine.
Rwhod: Activates the Rwhod service process, which supports LAN rwho and Ruptime services.
SASLAUTHD: Use the SASL authentication daemon.
SendMail: Mail server sendmail daemon.
Smb:samba File share/Print Service daemon.
SNMPD: Local Simple Network management daemon.
Bayi Squid: Agent server squid daemon.
The SSHD:OPENSSH server daemon. Secure Shell protocol enables remote management of hosts safely.
Smartd:self Monitor Analysis and Reporting technology System monitors your hard drive for failure.
Syslog: A script that lets the system boot up the syslog and klogd the system log waiting process.
Time: The daemon obtains the times and dates from the remote host, using the TCP protocol.
TIME-UDP: The daemon obtains the time and date from the remote host, using the UDP protocol.
Tux: The daemon that runs the Apache server in the Linux kernel.
The daemon of the VSFTPD:VSFTPD server.
VNCSERVER:VNC, virtual network Computing, which provides a lightweight protocol that displays the entire "desktop" of a remote computer on a local system.
xfs:x Window Font Server daemon that provides font sets for local and remote X servers.
XINETD: A core daemon that supports multiple network services.
Ypbind: Activates the Ypbind service process for NIS (Network Information System) clients.
The Yppasswdd:nis Password Server daemon.
94. Ypserv:nis Master Server daemon.
YUM:RPM operating system auto-upgrade and package management daemon.
Ii. How the Daemon works
In Client/server mode. Server snooping (Listen) waits for a client to connect on a specific port. After the connection is successful, the server and client communicate through the port. The daemon's job is to open a port and wait for (Listen) to enter the connection. If the client generates a connection request, the daemon creates (Fork) a child server to respond to the connection, and the primary server continues to listen for other service requests.
2. How the Daemon works:
(1) running an independent daemon
The standalone daemon is managed by the Init script, and the scripts for all the independently running daemons are in the/etc/rc.d/init.d/directory. System services are run independently of daemons including: Syslogd and Cron. Running an independent daemon is called: stand-alone. It is a UNIX traditional access mode for C/s mode. Server snooping (Listen) waits for the client to be online on a feature port. If the client generates a connection request, the daemon creates (Fork) a child server to respond to the connection, and the primary server continues to listen. To keep multiple child server pools waiting for the next client request. Stand-alone mode working principle see.
Network services that work in stand-alone mode have route, gated. In addition, we are most familiar with the Web server: Apache and mail server sendmail, domain name server bind. Because these loads are very large on the server, pre-creating a child server can be done through the customer's service speed. Services initiated through stand-alone operating mode on Linux systems are initiated by symbolic links in the corresponding runlevel below/etc/rc.d/.
(2) xinetd mode
From the daemon concept, it can be seen that for each service that the system is going through, it must run a daemon that listens to a port connection, which usually means a waste of resources. To solve this problem, Linux introduces the concept of "Network Daemon Service Program". The network daemon used by Redhat Linux 9.0 is xinted (eXtended Internet daemon). The xinted mode is also known as the Internet super-server (super server) compared to the stand-alone mode. XINETD can listen to multiple specified ports at the same time, when accepting user requests, he can initiate different network service processes to handle these user requests depending on the port requested by the user. You can think of xinetd as a Management server that manages the startup service, decides to hand over a client request to that program, and then initiates the appropriate daemon. XINETD mode working principle see.
The system does not want every network service process to listen to its service port compared to the stand-alone mode of operation. Running a single xinetd can simultaneously listen to all service ports, which reduces system overhead and protects system resources. However, for the large number of accesses and frequent concurrent access, xinetd wants to start the corresponding network service process frequently, which can result in degraded system performance. The view system provides the mode method for Linux services on the Linux command line you can use the Pstree command to see two different ways to start a network service. In general, the system has some high-load services: SendMail, Apache services are started separately. Other service types can be managed using XINETD Super server. To view the currently running daemons, you can use the command: "Pstree"
Third, daemon management tools
Linux offers three different daemon management tools: Redhat-config-services, NTSYSV, and Chkconfig, which can be used flexibly depending on the specific needs.
(1) redhat-config-services
Redhat-config-services is a graphical application that shows a description of each service and whether each service is started at boot time (runlevel 3, 4, 5) and allows you to start, stop, or restart which of the/ETC/RC.D/INIT.D SysV services, which xinetd services. To start the Service Configuration tool from the desktop, click "Main Menu"=>"system settings"=>"server Settings"=>"Service" on the panel, or at the shell prompt, type the command: "Redhat-config-services".
Redhat-config-services lists the services in/ETC/RC.D/INIT.D and the services controlled by XINETD. Click the service name in the list on the left to display a brief description of the service and its service status. If the service is not a xinetd service, the status window will show whether the service is currently running. If the service is controlled by xinetd, the status window will display the phrase "xinetd service. To start, stop, or restart a service immediately, select the service from the list, and then click the appropriate button on the toolbar (or select action from the Action drop-down menu). If the service is a xinetd service, the action buttons are disabled because they cannot be started or stopped individually. If you enable or disable the XINETD service by selecting or deselecting the check box next to the service name, you must restart xinetd by selecting "File"=>"Save Changes" from the dropdown menu and immediately enable or disable the XINETD service you have changed. The XINETD is also configured as an automatic memory setting. You can enable or disable multiple XINETD services at the same time, and then save the changes after the end.
(2) Ntsysv
The NTSYSV tool provides a simple interface for activating or deactivating services. You can use NTSYSV to start or close a service managed by xinetd. You can also use NTSYSV to configure the runlevel. By default, only the current runlevel will be configured. To configure different runlevel, use the--level option to specify one or more run levels. For example, command NTSYSV--level 345 To configure run levels 3, 4, and 5. NTSYSV's working interface is shown in Figure 1. Use the up and down arrows to view the list up and down. Use the SPACEBAR to select or deselect services, or to press the OK and Cancel buttons. To switch between the list of services and the OK, cancel buttons, use the [Tab] key. * Indicates that a service is set to start. The [F1] key pops up a brief description of each service.
(3) Chkconfig
The Chkconfig command can also be used to activate and deactivate services. The Chkconfig--list command displays a list of system services and whether these services have been started (on) or stopped (off) at run level 0 through 6. Chkconfig can also be used to set whether a service is started or deactivated within a specified runlevel. For example, to deactivate the NFS service in RunLevel 3, 4, 5, use the following command:
Chkconfig--level 345 NFS Off
Iv. reasonable selection of daemons to evade security risks
Running an unnecessary or vulnerable daemon can have a security and performance impact on the operating system. For system security, if any of the vulnerabilities in the operating system can cause the entire system to be compromised. Therefore, the best way to increase system security is to monitor the function of the system as much as possible. The article begins with an introduction to the important daemons, where "Crond, Syslog, keytable, xinetd, kudzu, iptables" are required to run, Echo, ECHO-UDP, daytime, DAYTIME-UDP, Chargen, CHARGEN-UDP is mainly to do the adjustment trial, ordinary users can not be used to close the basic.
The daemon at the beginning of the R word: rsh, rstatd, rsync, RUSERSD, rwalld These commands are Berkley remote commands, because they all start with the letter R and are called r* commands. The primary use is to make one of the users on one computer remotely execute a program on another computer with the same account. However, the R command has been proven to present a security risk. For the daemons that are really needed, you should try to use the latest version of the program and increase its security.
In addition, we have to choose a reasonable daemon such as innd is the process of running the newsgroup service, if the user does not do Usenet server, should be turned off.
Summarize:
The
Open source Linux provides a platform for users to customize their Linux daemon based on their own software and hardware environment. Therefore, depending on the application scope of each user to customize the application environment, the security and performance of the Linux system can be increased to a new height.