One-day study of Linux System Service Management

 

About daemon

You may often hear about daemon, but you may not know what daemon is. I understand that daemon is called the service startup. Services are the stuff that provides services for US (such as web mail ftp. Therefore, we manage services through daemon. In many cases, we also describe daemon as a service. In fact, this is almost the same.

 

Daemon Classification

According to the daemon startup and management methods, daemon can be set to a standalone daemon and a service managed in a unified manner through super daemon, the following is a brief introduction of the differences between them:

 

 

Independently started services: This type of daemon can be independently started without other mechanisms for management. After such daemon is started and loaded to the memory, it will continue to occupy memory and system resources. The biggest advantage is that there is always memory, so when a customer requests, his response speed is faster.

 

Super daemon: the startup of such a service is managed by a common daemon (xinetd in the rhel/CentOS system. This management mode is characterized by: the original services are not started, when a customer requests, super daemon will wake up the corresponding service, when the client's request ends, the wake-up service also closes and releases system resources. Therefore, the service response managed by super daemon is slow.

 

Service and Port

I am very familiar with this port. You can use a metaphor to describe the role of IP and port. We can use the IP address as the address on the Internet, and the port number is the floor number. Different floors provide different services. Haha ......

To view the port corresponding to the service, refer to/etc/services. We can only refer to it here, because we can change the service port number.

 

Directories and files related to daemon startup scripts

/Etc/init. d/This directory is where the startup script is stored. In RHEL/CentOS, it is actually stored in/etc/rc. d/init. d/. Why? In fact, you can check the directory. /Etc/init. d is actually the link directory of/etc/rc. d/init. d.

 

[Root @ yufei ~] # Ls-ld/etc/init. d

Lrwxrwxrwx. 1 root 11 May 31 :43/etc/init. d-> rc. d/init. d

/Etc/sysconfig/initialize environment configuration files for each service. Almost all services write initialization options to this directory.

 

/Etc/xinetd. conf,/etc/xinetd. d/: directory of the super daemon configuration file. The main configuration file of super daemon is/etc/xinetd. conf. Other daemon settings managed by super daemon are in/etc/xinetd. d.

 

/Etc/: the directory of the configuration files for each service, usually ending with. conf.

 

/Var/run/: where the PID of each service program is stored.

 

Start, stop, or load a service

 

Let's first look at the common daemon startup method.

 

The service software installed with RPM or YUM is basically stored in the/etc/init. d/directory. The scripts in this directory can be opened by VI. The script contains the following content: script description, Environment call, search for configuration files, load functions, stop and load services, and finally script parameters.

 

The script can be executed using the relative or absolute path of the script. Of course, a command service is provided on RHEL/CentOS to directly call the script.

 

Let's take SSHD as an example.

 

[Root @ yufei ~] #/Etc/init. d/sshd -- help

Usage:/etc/init. d/sshd {start | stop | restart | reload | force-reload | condrestart | try-restart | status}

This prompt is very clear. You will see what the parameters are executed in combination with the script file, so let's study it for yourself.

 

[Root @ yufei ~] # Cd/etc/init. d/

[Root @ yufei init. d] #./sshd restart

Stopping sshd: [OK]

Starting sshd: [OK]

The same is true when you start a service in a relative path. Of course, you can use a service in any directory to directly execute a service. As for why does it call/etc/init. d/The script in it. You can see the/sbin/service file.

 

[Root @ yufei init. d] # service sshd restart

Stopping sshd: [OK]

Starting sshd: [OK]

Let's take a look at the startup method of Super daemon.

In fact, Super daemon itself is also a common daemon, but it is only necessary to manage some of the less commonly used services. Therefore, the xinetd startup method is the same as that of the common daemon, and all the services managed by the xinetd are in the/etc/xinetd. d/directory. The service opening and closing are controlled by the service files in the directory. You can open it and see that each file contains such content as disable = yes or disable = no. If YES, the file is not started. If NO, the file is started.

 

The following example uses telnet for demonstration.

 

[Root @ yufei ~] # Cd/etc/xinetd. d/

[Root @ yufei xinetd. d] # yum install telnet-server

[Root @ yufei xinetd. d] # ls-l | grep telnet

-Rw-r --. 1 root 305 Sep 9 2004 telnet

 

[Root @ yufei xinetd. d] # grep disable telnet

Disable = yes

Let's start it.

 

[Root @ yufei xinetd. d] # service xinetd restart

Stopping xinetd: [OK]

Starting xinetd: [OK]

[Root @ yufei xinetd. d] # telnet localhost

Trying: 1...

Telnet: connect to address: 1: Connection refused

Trying 127.0.0.1...

Telnet: connect to address 127.0.0.1: Connection refused

Telnet connection unavailable

 

We replace disable = yes with no.

 

[Root @ yufei xinetd. d] # vim telnet

[Root @ yufei xinetd. d] # grep disable telnet

Disable = no

Restart xinetd

 

[Root @ yufei xinetd. d] # service xinetd restart

Stopping xinetd: [OK]

Starting xinetd: [OK]

[Root @ yufei xinetd. d] # telnet localhost

Trying: 1...

Connected to localhost.

Escape character is '^]'.

Red Hat Enterprise Linux Server release 6.1 (Santiago)

Kernel 2.6.32-131.0.15.el6.x86 _ 64 on an x86_64

Login:

It was found that the response was a little slow at this time. After a while, the login: login information will appear. On RHEL6.1, even if the user name and password are correct, it seems that the system cannot log on normally. It should be for the sake of security. It may be forbidden. If you are interested, study it yourself.

 

This just demonstrates how to start a service managed by xinetd. I think you should be clear about it. Of course, telnet is in plain text and insecure, so we can unmount it.

 

[Root @ yufei xinetd. d] # yum remove telnet-server-y

[Root @ yufei xinetd. d] # rm-fr telnet. rpmsave

Next, we will analyze the file/etc/xinetd. conf.

 

This file contains the logging method and record content settings, connection settings, network settings, environment parameter settings, and other service settings.

 

We mainly look at the connection restriction settings

 

Cps = 50 10

Instances = 50

Per_source = 10

The first line indicates that the maximum number of online connections in the same second is 50. If the number exceeds the limit, the service is suspended for 10 seconds.

The second line indicates the maximum number of concurrent connections of the same service.

The third line indicates the maximum number of connections of the same client.

The parameters in this file are a global setting. You can also perform other settings on the managed services. The managed service is/etc/xinetd. d/in this directory, you can open a service and check the parameter settings. Here we will not describe them one by one, mainly about network settings.

 

Only_from: only the IP address or host name set here can use a service. This setting can be followed by a network segment such as 192.168.1.0/24 or a domain such as .opsers.org. If there are multiple different settings, you can use + = to set other content.

 

No_access: similar to the above, it is only used to restrict certain hosts from using a service.

 

Access_times: Set the service opening time. The setting method is [-], that is, from a certain time period to a certain time period. If there are multiple time periods, you can open them with spaces in the middle, for example: 01: 00 --

 

Tcp_wrappers

In fact, any service managed by xinetd can be limited by/etc/hosts. allow,/etc/hosts. deny, which can be called firewall (tcp_wrappers ). This management mechanism is more convenient for centralized management. Are these two files effective for all the services in the system? In fact, this is not the case. Only services loaded with the libwrap. so function can be controlled by/etc/hosts. allow,/etc/hosts. deny. Let's take a look.

[Root @ yufei ~] # Ldd $ (which sshd) | grep libwrap. so

Libwrap. so.0 =>/lib64/libwrap. so.0 (0x00007f61d35bf000)

[Root @ yufei ~] # Ldd $ (which httpd) | grep libwrap. so

[Root @ yufei ~] #

We found that SSH supports libwrap. so, so it can control permissions through the/etc/hosts. allow,/etc/hosts. deny files.

 

You can use man 5 hosts_options and man 5 hosts_access to view the file format.

 

The basic format is as follows:

 

Service: IP address, domain name, or host name: Action

 

Some special parameters of the first and second fields:

 

ALL: indicates that ALL program_name or IP addresses are accepted, for example, ALL: deny

 

LOCAL: indicates the meaning of the LOCAL machine, for example: ALL: LOCAL: allow

 

UNKNOWN: indicates an unknown ip address, domain, or service.

 

KNOWN: indicates the IP address, domain, and other information that can be parsed.

 

Note:

 

A service is a program that starts the service. Generally, the service name can be seen in the script.

 

Generally

 

1. Write the allowed access information in/etc/hosts. allow.

 

2. The blocked access is written in/etc/hosts. deny.

 

The two files are judged based on ALLOW priority.

 

Next we will introduce the service observation.

A command is ps, which is generally used to query all processes in the system.

 

A command is netstat, which is used to display statistics related to the IP, TCP, UDP, and ICMP protocols. It is generally used to check the network connection of each port on the local machine. We will mainly introduce the usage of netstat (network statistics ).

 

[Root @ yufei ~] # Netstat-help

 

The above command will display the netstat format and related parameters. The following describes the main parameter meanings.

 

-R,-route shows the route table (like the route command, you can add the following-n parameter)

 

-I,-interfaces: displays the connection status of network interfaces (eth0, lo)

 

-S,-statistics displays statistics of IP, ICMP, IcmpMsg, TCP, UDP, UdpLite, TcpExt, and IpExt.

 

-N,-numeric: display the address and port number in numbers

 

-P,-programs Display PID/Program name

 

-L,-listening: display the listening port

 

-A,-all,-listening: displays all connection and listening ports.

 

-T,-tcp shows the connection status of TCP transmission protocol

 

-U,-udp shows the connection status of UDP transmission protocol

 

-E this option is used to display statistics about Ethernet. It lists items including the total number of bytes, number of errors, number of delimiters, number of datagram, and number of broadcasts. These statistics include both the number of sent and received data packets. This option can be used to calculate some basic network traffic ).

 

The output result of netstat can be divided into two parts: Active Internet connections, called Active network connection. List the following information

 

Proto: displays the protocol used by the connection.

 

Recv-Q: number of bytes not received locally

Send-Q: number of bytes not received by the remote host

 

Local Address: Local Address and port

Foreign Address: Remote Address and port

State: connection status

 

The other is Active UNIX domain sockets, called the Active Unix domain interface. List the following information

 

Proto: displays the protocol used by the connection.

 

RefCnt: indicates the process number connected to this interface.

 

Types: Type of the display set Interface

 

State: displays the current status of the Set interface.

 

Path: the Path name used by other processes connected to the set Interface

 

Netstat is closely related to the network, so if you want to know more about the information listed above, it is best to have a network base. Of course, it doesn't matter if you don't. Let's list several common command combinations for you to use.

 

Netstat-tl: view the current tcp listening port

 

Netstat-ul: view the current udp listening port

 

Netstat-tlp: view the current tcp listening port and display the listening program name.

 

Netstat-tlpn displays the preceding content in numbers

 

Netstat-tulpna check the network information that is being connected

 

The above information is basically enough. To learn more about netstat usage, use man.

 

Service Management

As I have mentioned so much above, I believe that you have a deeper understanding of the service, so let's take a look at how the service is managed.

 

To manage the service, you must master the use of the command chkconfig. Let's take a look at how to use this command.

 

Chkconfig-list [name]

Lists the Service (/etc/init. d/) statuses in the system (under the/etc/init. d/directory. [Name] is used to view the status of a service.

 

Chkconfig-add <name>

 

Add a service to the/etc/init. d/directory.

 

Chkconfig-del <name>

 

Delete A service under the/etc/init. d/directory

 

Chkconfig [-- level <levels>] <name> <on | off>

 

Set the status of a service at a certain level

 

The preceding command is relatively simple, but pay attention to the following points:

 

1. To manage a service, the service must be in/etc/init. d/directory, you can use chkconfig for management. Otherwise, the error "error reading information on service network: No such file or directory" may occur.

 

2. The file must have the execution permission.

 

3./etc/init. d/The service files in the Directory have something in common, that is, there is a line similar to # chkconfig: 2345 10 90, that is, the first line #! Like/bin/bash, it is necessary, not the comments we usually call. The three columns indicate different running levels, startup sequence, and closing sequence. That is to say, in/etc/rc. d/rcN. d/(N is 2, 3, 4, 5) will have the corresponding file starting with S10 and/etc/rc. d/rcN. d/(N is 0, 1, 6. You can view the previous information about the running level.

 

Finally, if your system does not contain xinetd, install some software.

[Root @ yufei ~] # Yum install xinetd

[Root @ yufei ~] # Chkconfig -- list

Omitted

Xinetd based services:

Chargen-dgram: off

Chargen-stream: off

Daytime-dgram: off

Daytime-stream: off

Discard-dgram: off

Discard-stream: off

Echo-dgram: off

Echo-stream: off

Tcpmux-server: off

Time-dgram: off

Time-stream: off

From yufei blog