A detailed introduction to Linux system configuration (service control)

Preface

The Linux operating system contains a large number of service programs. These service programs are started or terminated according to the preset status when switching the operation level. Many system services may not be required by users, but they are still running by default.

1. System Service Control

1. systemctl

In CentOS system, the control scripts of various system services are placed in the usr/lib/systemd directory by default. The systemctl command tool can be used to control the specified system services. The syntax format is as follows

systemctl control type service name

For most system services, the following are some common control types:

start (start): run the specified system service program to implement the service function stop (stop): terminate the specified system service program and turn off the corresponding function restart (restart): exit first, and then re-run the specified system service program reload (reload): do not exit the service program, just refresh the configuration, which is the same as the restart operation in some services status (check status): check the running status and related information of the specified system service

For servers running in actual production environments, do not easily execute stop or restart operations to avoid interrupting client access and causing unnecessary losses. If you just want to enable new configurations for system services, you can use the relatively mild "reload" parameter to reload the configuration instead of abruptly executing "restart". For example, for the httpd service that is providing Web access to users, when you need to apply a new configuration, it is recommended to execute the "systemctl reload httpd.service" command to reload the configuration instead of executing "systemctl restart httpd.service".

2. target

(1) View target

Knowing the target of the current system will help the administrator to troubleshoot some application failures. If the current target is not known, you can directly execute the "runlevel" command to query. The two characters in the displayed result represent the target before switching and the current target respectively. If the run level has not been switched before, the first column will display "N".

If the user wants to view the target that runs by default when the system starts, you can execute the "systemctl get-default" command to display the system default target

Target description of run level systemd 0target Using this level will shut down the host 1rescue.target Single-user mode, you can log in to the system without password verification, mostly used for system maintenance 2multi-user.target User-defined/domain-specific run level, equivalent to 33multi-user.target Full multi-user mode of character interface, most server hosts run at this level 4multi-user.target User-defined/domain-specific run level, equivalent to 35graphical.target Multi-user mode of graphical interface, providing a graphical desktop operating environment 6reboot.target Restart, using this level will restart the host

(2) Switch target

When the user needs to switch the system to another target, he can do so through the traditional init program by using the number corresponding to the run level (0-6) as the command parameter, or use the systermctl command to switch the target. For example, in order to save system resources, the system running target can be switched from graphics mode (5) to character mode (3). You can execute the "init 3" or "systemctl isolate multi-user. target" command. After the system is switched to character mode, the graphical desktop environment is no longer available. At this time, pressing the Alt+F7 key combination cannot restore the graphical desktop environment. When you need to use the graphical desktop again, you can execute the "init 5" or "systermctl isolate graphical target" command to switch back.

By switching the target, two special functions can be achieved, that is, shutdown and reboot. Run levels 0 and 6 correspond to the two special modes of shutdown and reboot respectively. Therefore, just execute the "init 0" or "init 6" command to achieve the corresponding shutdown or reboot operations. Run levels 0 and 6 correspond to systemd's "poweroff.target" and "reboot.target" targets respectively, so executing the "systemctl poweroff" and "systemctl reboot" commands can also achieve the corresponding shutdown and reboot operations.

If you want to permanently switch the run level, you can execute the following command to change the current system's default run level from graphical.target to multi-user.target

systemctl set-default runlevel3.target 

Use the following command to switch the boot interface back to the graphical interface mode

systemctl set-default runlevel5.target 

3. Common system services

In the CentOS system, there are more than 100 system services installed by default. These system services provide users with a wealth of application services. Only by understanding the purpose of each system service can we selectively optimize operations and enable Linux services on demand.

Common system services in CentOS system

Service Name and Purpose atdDelayed and periodic execution of tasks bluetoothDiscovery and authentication of Bluetooth-related devices crondExecutes scheduled tasks according to a predetermined period irqbalanceScheduling support for multi-core CPU processors kdumpRecords memory information when the kernel crashes lvm2-monitorLVM management and monitoring netfsAccess to shared folders and other network file systems networkConfigures and uses network cards and network addresses restorecondFile monitoring and recovery functions of SELinux security mechanism rhnsdAccesses Red Hat Network, obtains notifications, submits subscriptions, etc. rpcgssdManages the client program context in NFS (Network File Systeam, Network File System) access saslauthdText-based identity authentication smartdMonitors the status of the local hard disk and sends fault reports smb file sharing service sshdProvides remote login and management functions for Linux hosts rsyslogRecords kernel and system log information vsftpdProvides file upload and download functions through FTP (File Transfer Protocol, File Transfer Protocol)

It must be emphasized that whether these services are enabled or disabled should be determined based on the actual functional requirements of the host. For example, if the current Linux host is used to provide file sharing services to the LAN, the smb service should be enabled instead of disabled.

4. Automatic startup service management

The Linux operating system will enter the default systemd running target (such as character mode or graphics mode) every time it is turned on, and run various system services that are set to start by default in the target. If you want to disable some system services from running automatically, you can use ntsysv or systemctl tools to optimize them.

(1) Using ntsysv

The ntsysv tool can be run in character mode, providing users with a graphical interactive operation interface, which is specially used to centrally configure the startup status of various system services. When you need to set the startup status of multiple services at the same time, it is very convenient to use the ntsysv tool. When executing the "ntsysv" command alone, it is only used to manage the services in the current running target. The "--level" option can be used to manage the services in the specified running target (level). For example, executing the "ntsysv --level 35" command can open the ntsysv management program. During operation, press the arrow keys to select different system services. Press the Space key to set the default startup status of the service ([*] means startup, "[]" means shutdown). If you want to view the description information of the selected service, press F1 to get help

(2) Using systemctl

The systemctl tool has similar functions to ntsysv, but systemctl does not provide an interactive operation interface. It is used to query or set the default startup status of system services. When you need to set the default startup status of a service in the current running target, it is more efficient to use the systemetl tool.

There are three common options:

     enable: Automatically start the system at startup disable: Automatically shut down the system at startup is-enable: Check the startup status

Execute the "systemctl list-units --type=service" command in the current system to view all activated system services in the current system.

2. Service Management

1. Firewall and core protection

It is usually not recommended to turn off the firewall and core protection

Firewall Operation

systemctl status firewalld.service Check the firewall status systemctl stop firewalld Turn off the firewall systemctl start firewalld Turn on the firewall systemctl disable firewalld Automatically turn off the firewall at startup systemctl enable firewalld Automatically start the firewall at startup

Core protection operations

setenforce 0 temporarily disables Selinux protection, which will become invalid after restart or shutdown. vim /etc/sysconfig/selinux opens the selinux file "modify SELINUX=disable" save and exit, and permanently disables Selinux protection. vim /etc/selinux/config opens the config file "modify SELINUX=disable" save and exit, and permanently disables Selinux protection.

2. Time Management

Install ntpdate service

yum -y install ntp ntpdate

Set up time synchronization with the network

 ntpdate time server (ntp1.aliyun.com, time.nist.gov, time.nuri.net)

hwclock --systohc Write system time to hardware (BIOS)
timedatectl View system time date View the current system time command of Centos

3. SSH service

SSH is a reliable protocol designed to provide security for remote login sessions and other network services. The SSH protocol can effectively prevent information leakage during remote management. You can remotely manage Linux by establishing an SSH connection. The method to enable SSH is as follows:

vim /etc/ssh/sshd_config

Remove the # sign in front of PasswordAuthentication and change the back to yes

service ssh start Start SSH service netstat -anptu | grep sshd View service process status service ssh status Verify SSH service status update-rc.d ssh enable Set SSH to start automatically at boot

Conclusion

Different targets represent different operating states of the system, and the services or programs enabled are also different. For example, for websites, email servers, etc. on the Internet, they only need to run in text mode without enabling graphical desktop programs.

This is the end of this article about the detailed introduction of Linux system configuration (service control). For more relevant Linux system configuration content, please search for previous articles on 123WORDPRESS.COM or continue to browse the related articles below. I hope everyone will support 123WORDPRESS.COM in the future!