Application of linux basic entry system services systemctl and xinted

9. System Services

9.1 System Services

Computers can be understood as a place such as Zhongguancun Street System Services can be understood as barber shops, restaurants, shopping malls and so on, each of which is a system service to provide customers with different content services

Service: A program that resides in memory and provides some system or network functionality, that is, a service.
There are many system services on your computer, such as
apache provides web Services
ftp provides file download and upload services
ssh provides remote connection services
Firewall provides security services, etc.

9.2 Daemon

The main task of a Linux server is to provide services to local or remote users.Usually the programs that provide services on a Linux system are executed by a daemon running in the background.A Linux system that is actually running typically has more than one such program running.These daemons run when the system is powered on and listen to the front-end customer's requests for service at all times. Once a customer makes a request for service, the daemon serves them.

9.3 Special Daemon

The system initialization process is a special daemon with a PD1 that is the parent or ancestor of all other daemons.That is, all daemons on the system are managed by the system initialization process (such as start, stop, etc.).
All daemons on the system are managed by system initialization processes (such as start, stop, etc.)

systemV (before Red Hat 7)
ini wakes up other services according to priority
Services have dependencies
Multi-command Collaborative Work Management Service

Commands include init service chkconfig

systemd
Start in parallel, faster
Service Dependency Self-Check
A Command Management Service
Downward compatible int service scripts

Command on a systemctl

9.4 Service Classification

  • Independent Services
    With systemd management, services run independently in memory, service responds quickly, but takes up more memory.
  • Independent Services
    The xinetd service itself exists independently, managing some services.Users request some of the services they manage through the xinetd service, and xinetd returns a reply to the user requesting the service, which is equivalent to a proxy.

9.4.1 Independent Services

Standalone services run in memory, service response blocks, but use more memory.

Service startup scripts for stand-alone services are in directory/usr/lib/systemd/system

systemctl command

systemctl [command] [unit]
The main command s are
start: start immediately followed by the unit
stop: Close the following unit immediately.
restart: Start the unt immediately after closing, which means to execute stop and start again.
reload: reload the configuration file without closing unit for the settings to take effect.
enable: Set the next boot time, the following unit s will be started
disable: Sets that the unit that follows will not be started the next time you power on.
Status: The status of this unt, which is now followed, lists information such as whether it is executing, whether it is started at startup, and so on.
Is-active: Is it currently running.
Is-enabled: Whether this unit is enabled by default at startup.
Kill: Don't be frightened by the name kill, it actually signals processes that run unit
show: Lists the configuration of unit.
mask: Unregister the unit, you will not be able to start the unit after it is unregistered
unmask: Unregister unit

Deploying stand-alone service vsftpd

Check whether to install

[wangzirui@laotie system]$ yum list vsftpd
//Plugins loaded: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ap.stykers.moe
 * extras: ap.stykers.moe
 * updates: ap.stykers.moe
//Installed Packages
vsftpd.x86_64                       3.0.2-25.el7                       installed

Systemctl status vsftpd

You can view the current status of vsftpd

[wangzirui@laotie system]$ systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

Loaded is boot-up or disabled.Active refers to whether it is started now, it is Inactive, so this service is not started now.

Start Services

sytemctl start vsftpd

[root@laotie system]# systemctl start vsftpd

No receipt indicates that the startup was successful.

Now let's see the status of vsftpd

[wangzirui@laotie system]$ systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled)
   Active: active (running) since 2020-02-10 22:20:40 CST; 1min 17s ago
  Process: 4204 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
 Main PID: 4206 (vsftpd)
    Tasks: 1
   CGroup: /system.slice/vsftpd.service
           └─4206 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

2 January 1022:20:40 laotie systemd[1]: Starting Vsftpd ftp daemon...
2 January 1022:20:40 laotie systemd[1]: Started Vsftpd ftp daemon.

Turn off vsftpd

[wangzirui@laotie system]$ systemctl stop vsftpd
[wangzirui@laotie system]$ systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

2 January 1022:20:40 laotie systemd[1]: Starting Vsftpd ftp daemon...
2 January 1022:20:40 laotie systemd[1]: Started Vsftpd ftp daemon.
2 January 1022:24:15 laotie systemd[1]: Stopping Vsftpd ftp daemon...
2 January 1022:24:15 laotie systemd[1]: Stopped Vsftpd ftp daemon.

About restart and reload

After restart, his Main PID changes, but not after reload.

About Starting Up or Not

Systemctl enable vsftpd

[wangzirui@laotie system]$ systemctl enable vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.

It is equivalent to connecting vsftpd.service to multi-user.target.wants. and then booting up.Now let's look at it

[wangzirui@laotie system]$ systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
   Active: active (running) since 2020-02-10 22:27:53 CST; 9min ago
 Main PID: 4508 (vsftpd)
   CGroup: /system.slice/vsftpd.service
           └─4508 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

2 January 1022:27:53 laotie systemd[1]: Starting Vsftpd ftp daemon...
2 January 1022:27:53 laotie systemd[1]: Started Vsftpd ftp daemon.

Loaded becomes enabled.Means he started when he turned on

You just don't want him to start disable.

[wangzirui@laotie system]$ systemctl disable vsftpd
Removed symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service.

Disable Service

[wangzirui@laotie system]$ systemctl mask vsftpd
Created symlink from /etc/systemd/system/vsftpd.service to /dev/null.

This state cannot start now and cannot be paused.

Can you directly determine if a service is in service?

Systemctl is-active vsftpd

[root@laotie system]# systemctl is-active vsftpd
active

9.5 Independent Services

Xinetd: Super daemon that hosts small services in kappa inet.The benefit of hosting is that you can use xinetd's powerful parameters to control these services and enhance security.
xinetd provides functionality similar to inetd+TCP Wrappers, but more powerful and secure.xinetd has replaced inetd and provides access control, enhanced logging, and resource management.
TCP Wrappers is an application-tier access control program. Its principle is to wrap a layer of security detection mechanism on TCP services provided outward by the server.External connection requests must pass this level of security detection before they can be received by system services after they are authenticated.

Related Catalogs

Main configuration file for xinetd service: etc/ xinetd.conf
Directory for hosted services: /etc/ xinetd.d/

Deploy a non-independent service telnet

The server and client that installed the service first also have the superdaemon xinetd

[root@laotie system]# yum -y install telnet-server telnet xinetd

-y means Y by default, which saves you from typing y back and forth during installation.

Next go to / etc/xinetd.d/and create a new telnet file

[root@laotie system]# cd /etc/xinetd.d
[root@laotie xinetd.d]# vim telnet

The content is as follows:

service telnet

{flags=REUSE
socket_type= stream
wait = no
user= root
server=/usr/sbin/in.telnetd
log_on_ failure += USERID
disable= no

}

Declarations of parameters

You can set it to yes or no, and yes will disable a service, as detailed in the disable tag of fags

​ disable =no

Specify information to register on failure.Always register messages indicating the nature of the error, and by default no information is registered.This property holds all operators._SERID

Capture D of client user through RFC1413 call.Multithreaded Stream Services Only
log on failure += USERID

TCP/IP socket type used, values may be stam(TCP), dgram(UDP),raW, and Iseqpacket (reliable ordered packets)

​ socket type= stream

Specify the parameters to be passed to the process, but do not include the service program name

​ server args =--daemon

Used to set the connection rate.It requires two parameters, the first representing the number of connections that can be processed per second, beyond which incoming connections will be temporarily suspended; the second representing the number of seconds after which processing will be suspended before continuing with previously suspended connections.
cps=2530

Specifies the protocol used by the service whose value must be defined in etc/protocols.If not specified, use the default protocol for the service

​ protocol = tcp

This property has two possible values.If yes, xinetd will start the process requested by the other party and stop processing other requests for the service until the process terminates, which is suitable for single-threaded services; if no, xnet will start a process for each request, regardless of the state of the previously started process, which is suitable for multi-threaded services
wait=no

Sets the UD of the service process.This property is invalid if xinetd's valid UD is not 0

​ user=root

To activate a process, you must specify a complete path

​ server =/usr/sbin/sshd

Specify the parameters to be passed to the process, but do not include the service program name

​ server= args

A space-separated list of clients allowed to access services.If you do not specify a value for this property, deny access to the service to anyone.This property supports all operators.
only_from=192.168.1.0/24
no_access=192.168.1.20192.168.1.200

Maximum number of connections is 3

​ instances =3

There can only be one connection per source P

​ per source =1

Only 9:00 to 18:00 can ssh connect

​ access times =9: 00-18: 00

Specify logging to arog/ xinetd ssh. log

Logtype=fe/ar/log/xinetd_ssh. log#Specifies that the log is recorded in var/log/xinetd ssh. log
Service Port
​ pot=7722

[root@laotie xinetd.d]# systemctl start xinetd

How to prove if it's turned on, you can directly see the status of the network, with the command netstat

[root@laotie wangzirui]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1076/cupsd          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1354/master         
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1396/dnsmasq        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1080/sshd           
tcp6       0      0 ::1:631                 :::*                    LISTEN      1076/cupsd          
tcp6       0      0 :::23                   :::*                    LISTEN      1084/xinetd         
tcp6       0      0 ::1:25                  :::*                    LISTEN      1354/master         
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd           
tcp6       0      0 :::22                   :::*                    LISTEN      1080/sshd           

You can see the port number 23, so you can start talnet.

[wangzirui@laotie ~]$ telnet localhost
Trying ::1...
Connected to localhost.
Escape character is '^]'.

Kernel 3.10.0-1062.el7.x86_64 on an x86_64
laotie login: wangzirui
Password: 
Last login: Tue Feb 11 00:15:56 on pts/0

Tags: Linux vsftpd ftp ssh

Posted on Mon, 10 Feb 2020 12:45:46 -0500 by mohamdally