Administration Guide Draft/Daemons
(I added jexec)
(I added lvm2-monitor)
|Line 244:||Line 244:|
| lpd || local printer services
| lpd || local printer services
| mcstran || SELinux related
| mcstran || SELinux related
Latest revision as of 00:53, 30 November 2011
 Services and Daemons
Services (daemons) are programs that perform useful functions on a system but are not normally started by the user. For example, MySQL runs normally as a service; it is not started every time another service needs to connect to the database. Instead, it is normally always running once configured, unless manually shut down.
Services can be started at other times than at system boot. They may be turned on,off, or restarted without restarting the machine as well as being set to run only at certain run levels.
Run levels are various states the machine can exist in. There are two main run levels most Linux users see. Run level 5 is usually the default for most systems, and presents a full graphical environment. The other is run level 3, which is typically used on servers that don't run a graphical environment, or for trouble shooting and low level system driver installation. Run level 0 is a system halt. Run level 6 is a system reboot.
To change run levels, use the
 Services and Security
Turn off any service not being used. Leaving a service running that is not used leaves a potential system vulnerability for no benefit. For example, Bluetooth in Fedora is enabled by default. If the system isn't actively connecting to a Bluetooth device, there is no reason to keep the service running. Until recently an ISDN service ran by default. If the system does not use ISDN to connect to the Internet, there is no reason to have it installed and always running. There are several ways to
find out what a running system's purpose is. [[The GUI service menus often
]have descriptions.?? On the command line, the command
man <service name>
produces documentation about most services. The general rule is to leave it
running unless it is known what the services does.
 Configuring Services
- In KDE (presumes the
kde-admintools are installed): Click on the Fedora icon in the toolbar on the default desktop, then navigate to Administration > Server Settings > Services.
- In Gnome, in the toolbar click on System > Server Settings > Services.
- Give the root password when prompted.
In the KDE services application, clicking on a service produces a description of that service and its status. Services without a check mark are not started at run (boot) time. To prevent a service from running on system start up, uncheck the box next to it.
- To enable a service at start up, check the box.
- To stop a service select it, then click on the Stop button.
In the GNOME services application, the On Demand Services tab is for services that are loaded when a client program calls them. For example, the backup system Amanda only runs when an Amanda client talks to the system.
To save the new configuration, click on the Save button. Failing to save changes means the services do not change start up behavior. Clicking on the Revert button erases all the changes.
Services can be configured to start/not start from the command line
chkconfig. The basic usage of
chkconfig is to check
the list of services and what run level they start in:
/sbin/chkconfig --list NetworkManager 0:off 1:off 2:on 3:on 4:on 5:on 6:off NetworkManagerDispatcher 0:off 1:off 2:off 3:off 4:off 5:off 6:off acpid 0:off 1:off 2:off 3:off 4:off 5:off 6:off anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off ...
- Open a terminal window (Applications > Accessories > Terminal)
- To disable a service such as
su -c 'chkconfig --level 2345 sendmail off'This stops
sendmailfrom being started in run levels 2,3,4, and 5.
- To turn sendmail on for run levels 3 and 5:
su -c 'chkconfig --level 35 sendmail on'
A full list of
chkconfig options is available on the manual page:
To manually stop, restart, or start a service that wasn't already
running, use the
service command. This example starts the
su -c 'service sendmail restart'
In the screen capture you see an example of stopping a service that failed. In this case because the service was already stopped. You will also see an example of starting NFS. Notice that not just NFS started. 3 other services started automatically when NFS started. Many services are like this.
There is one final way to edit services.
To stop a service, use
ps to acquire its PID, then stop
the PID using the
kill command. To modify the stop/start of a
service in a particular run time level, edit the
ls -d /etc/rc* rc rc1.d/ rc3.d/ rc5.d/ rc.d/ rc.sysinit rc0.d/ rc2.d/ rc4.d/ rc6.d/ rc.local
Each directory corresponds with the same numbered run time level. To
start a service for run time level 5, add a link in the
/etc/rc5.d/ directory to the corresponding start script in
with a number refers to the order in which that service is started or
stopped when the system is starting up or shutting down.
These last methods are recommended only for experienced users. On rare occasions it is necessary to modify these files to change default behavior. Generally, an administrator never has to directly touch these files.
 xinetd-Based Services
Many services run as sub-services managed by the
xinetd service. FTP servers, backup servers,
rsync, and a host of others. To enable or disable these services, use the
chkconfig command as with
init based services.
A default configuration of
xinetd services is:
/sbin/chkconfig --list ... xinetd based services: amanda: off amandaidx: off amidxtape: off apgd: off chargen-dgram: off chargen-stream: off csync2: off cups-lpd: off cvs: off daytime-dgram: off daytime-stream: off discard-dgram: off discard-stream: off echo-dgram: off echo-stream: off eklogin: off ekrb5-telnet: off gssftp: off klogin: off krb5-telnet: off kshell: off ktalk: off rsync: off tcpmux-server: off time-dgram: off time-stream: off
For example, to turn on the
xinetd service for
rsync, use the following command:
/sbin/chkconfig rsync on
Then reload the service's configuration with the command
su -c 'service xinetd reload'.
/sbin/chkconfig --list command you now see
/sbin/chkconfig --list | grep rsync rsync: on
To customize the configuration of an
xinetd service, edit the file for that service in the
/etc/xinetd.d directory. For more information on the syntax of these configuration files, refer to the
man page for
 Common Services
Some services commonly found on Fedora installations.
|Amanda BackupPC||Backup software|
|abrt||Automatic Bug-Reporting Tool.|
|acpid||Advanced Configuration and Power Interface daemon which controls and allows interfacing to power management and certain input devices..|
|amd||Runs the automount daemon for remote filesystem mounting such as nfs.|
|anacron and crond||Runs certain programs at specified times.|
|apmd||Monitors laptop battery power and shuts down if power gets too low.|
|atd||at scheduler. Automatically runs programs/scripts that meet certain criteria.|
|auditd||System audit daemon|
|autofs||Used to automatically mount filesystems listed in fstab.|
|avahi-daemon, avahi-dnsconfd||Supports Apple's Zeroconf protocol.|
|bluetooth||Provides Bluetooth functionality.|
|btseed, bttrack||Bittorrent related utils.|
|cfenvd, cfexecd, cfservd||Part of the cfengine services. cfengine is a system configuration an anomaly detection.|
|cpuspeed||System sensor and CPU speed adjustment.|
|dbmail, Postfix, Sendmail, spamassassin, dovecot||Email services and spam protection.|
|dc_client, dc_server||Caching services|
|denyhosts||Log watcher that bans hosts with too many failed login attempts.|
|dhcdbd||Allow systems to use a DHCP server to obtain an IP address.|
|dund||Bluetooth dial-up networking|
|firstboot||Used after installation for post-installation configuration. You should turn this off after these configurations are complete.|
|gpm||Mouse support on the console|
|haldaemon||Hardware detection layer|
|hidd||Bluetooth HID daemon|
|hplip||HP Linux Imaging and Printing|
|httpd||Apache web server|
|ip6tables and iptable||Firewall|
|irda||Provides infrared device services.|
|irqbalance||Distributes hardware interrupts across processors on a multi-processor system.|
|isdn||Provides ISDN functionality.|
|jexec||This is provided as a helper to directly run java JAR applications. This is will be included if you installed Sun Java. It is not necessary and can be disabled.|
|kdump||kexec based crash dumping mechanism for Linux.|
|kudzu||Looks for new hardware at boot. Runs only at boot time.|
|lirc||Linux infrared support|
|lisa||Network discovery and protocols|
|lm_sensors||Support for hardware sensors such as CPU temp.|
|lpd||local printer services|
|lvm2-monitor||This is a monitoring application for your LVM (Logical Volume Management) system. This is recommended if you use LVM, however if you use manually partition your drives it can be disabled.|
|mdmonitor||Software RAID support. Turn off if you are not using it.|
|mdmpd||Multipath device support|
|messagebus||App to app communications|
|multipathd||failover and multipath support|
|microcode_ctl||Support for IA32 (Intel PII and newer) microcode|
|mysqld, Postgresql, Oracle||Database servers|
|named||Bind DNS server|
|netfs||Mounts NFS, SMB and other remote filesystems.|
|netplugd||Linux networking related services|
|network||Brings up the network.|
|nfs, nfslock||Provides NFS services.|
|nscd||Name service cache daemon|
|ntpd||Syncs your computer clock with time servers.|
|openais||Clustering, failover, checkpointing and related API.|
|pand||BlueZ Bluetooth PAN daemon|
|pcmcia||Provides pcmcia support. May be safely stopped if you are not using a laptop.|
|pcscd||Smart card support|
|portmap||Support for port mapping and RPC.|
|psacct||Monitors system activity and provides audit trail of user actions.|
|pxe||Provides pxe support. (Preboot execution environment)|
|raduisd||Provides radius VPN support.|
|random||Kernel random number generator.|
|rdisc||Network discovery daemon|
|readahead_early, readahead_later||Used in speeding up boot time.|
|restorecond||Sets default SELinux context on new files.|
|rpcgssd, rpcidmap, rpcsvcgssd||Network file-sharing support|
|rsync||rsync run as a service. Synchronises files mostly between remote systems.|
|saslauthd||SASL authentication server|
|sgi_fam||File alteration monitor|
|smartd||Watches hard-drives for problems.|
|snmpd, snmtrapd||Linux SNMP support|
|syslog||System logging service|
|sysstat||Starts special system logging services.|
|tux||Tux web server|
|winbind||Maps Windows domain databases to UNIX|
|wpa_supplicant||WPA (Wi-Fi Protected Access) supplicant for Linux|
|xend, xendomains, VMware, libvirtd||Provides a virtual machine.|
|xfs||X Font Server|
|yum-updatesd||Automatic yum updates|