Administration Guide Draft/Daemons

From FedoraProject

< Administration Guide Draft(Difference between revisions)
Jump to: navigation, search
(I added jexec)
(I added lvm2-monitor)
 
Line 244: Line 244:
 
|-
 
|-
 
| lpd || local printer services
 
| lpd || local printer services
 +
|-
 +
| lvm2-monitor || This is a monitoring application for your LVM (Logical Volume Management) system. This is recommended if you use LVM, however if you use manually partition your drives it can be disabled.
 
|-
 
|-
 
| mcstran || SELinux related
 
| mcstran || SELinux related

Latest revision as of 00:53, 30 November 2011


Contents

[edit] Services and Daemons

[edit] Introduction

Services (daemons) are programs that perform useful functions on a system but are not normally started by the user. For example, MySQL runs normally as a service; it is not started every time another service needs to connect to the database. Instead, it is normally always running once configured, unless manually shut down.

Services can be started at other times than at system boot. They may be turned on,off, or restarted without restarting the machine as well as being set to run only at certain run levels.

Run levels are various states the machine can exist in. There are two main run levels most Linux users see. Run level 5 is usually the default for most systems, and presents a full graphical environment. The other is run level 3, which is typically used on servers that don't run a graphical environment, or for trouble shooting and low level system driver installation. Run level 0 is a system halt. Run level 6 is a system reboot. To change run levels, use the init command.

[edit] Services and Security

Turn off any service not being used. Leaving a service running that is not used leaves a potential system vulnerability for no benefit. For example, Bluetooth in Fedora is enabled by default. If the system isn't actively connecting to a Bluetooth device, there is no reason to keep the service running. Until recently an ISDN service ran by default. If the system does not use ISDN to connect to the Internet, there is no reason to have it installed and always running. There are several ways to find out what a running system's purpose is. [[The GUI service menus often ]have descriptions.?? On the command line, the command man <service name> produces documentation about most services. The general rule is to leave it running unless it is known what the services does.

[edit] Configuring Services

  1. In KDE (presumes the kde-admin tools are installed): Click on the Fedora icon in the toolbar on the default desktop, then navigate to Administration > Server Settings > Services.
  2. In Gnome, in the toolbar click on System > Server Settings > Services.
  3. Give the root password when prompted.

In the KDE services application, clicking on a service produces a description of that service and its status. Services without a check mark are not started at run (boot) time. To prevent a service from running on system start up, uncheck the box next to it.

  • To enable a service at start up, check the box.
  • To stop a service select it, then click on the Stop button.

In the GNOME services application, the On Demand Services tab is for services that are loaded when a client program calls them. For example, the backup system Amanda only runs when an Amanda client talks to the system.

To save the new configuration, click on the Save button. Failing to save changes means the services do not change start up behavior. Clicking on the Revert button erases all the changes.

Services can be configured to start/not start from the command line using chkconfig. The basic usage of chkconfig is to check the list of services and what run level they start in:

/sbin/chkconfig --list
NetworkManager  0:off   1:off   2:on    3:on    4:on    5:on    6:off
NetworkManagerDispatcher        0:off   1:off   2:off   3:off   4:off   5:off   6:off
acpid           0:off   1:off   2:off   3:off   4:off   5:off   6:off
anacron         0:off   1:off   2:on    3:on    4:on    5:on    6:off
apmd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
atd             0:off   1:off   2:off   3:on    4:on    5:on    6:off
auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
autofs          0:off   1:off   2:off   3:on    4:on    5:on    6:off
avahi-daemon    0:off   1:off   2:off   3:on    4:on    5:on    6:off
...
  1. Open a terminal window (Applications > Accessories > Terminal)
  2. To disable a service such as sendmail:
    su -c 'chkconfig --level 2345 sendmail off'
    This stops sendmail from being started in run levels 2,3,4, and 5.
  3. To turn sendmail on for run levels 3 and 5:
    su -c 'chkconfig --level 35 sendmail on'

A full list of chkconfig options is available on the manual page:

man chkconfig

To manually stop, restart, or start a service that wasn't already running, use the service command. This example starts the sendmail service:

su -c 'service sendmail restart'

In the screen capture you see an example of stopping a service that failed. In this case because the service was already stopped. You will also see an example of starting NFS. Notice that not just NFS started. 3 other services started automatically when NFS started. Many services are like this.

There is one final way to edit services.

Important.png
It is highly recommended to use chkconfig or the GUI tools to modify services, as well as using the service command.

To stop a service, use ps to acquire its PID, then stop the PID using the kill command. To modify the stop/start of a service in a particular run time level, edit the /etc/rc files:

ls -d /etc/rc*
rc          rc1.d/      rc3.d/      rc5.d/      rc.d/       rc.sysinit
rc0.d/      rc2.d/      rc4.d/      rc6.d/      rc.local

Each directory corresponds with the same numbered run time level. To start a service for run time level 5, add a link in the /etc/rc5.d/ directory to the corresponding start script in /etc/init.d. The S and K prefix with a number refers to the order in which that service is started or stopped when the system is starting up or shutting down.

These last methods are recommended only for experienced users. On rare occasions it is necessary to modify these files to change default behavior. Generally, an administrator never has to directly touch these files.

[edit] xinetd-Based Services

Many services run as sub-services managed by the xinetd service. FTP servers, backup servers, rsync, and a host of others. To enable or disable these services, use the chkconfig command as with init based services.

A default configuration of xinetd services is:

/sbin/chkconfig --list
...
xinetd based services:
amanda:         off
amandaidx:      off
amidxtape:      off
apgd:           off
chargen-dgram:  off
chargen-stream: off
csync2:         off
cups-lpd:       off
cvs:            off
daytime-dgram:  off
daytime-stream: off
discard-dgram:  off
discard-stream: off
echo-dgram:     off
echo-stream:    off
eklogin:        off
ekrb5-telnet:   off
gssftp:         off
klogin:         off
krb5-telnet:    off
kshell:         off
ktalk:          off
rsync:          off
tcpmux-server:  off
time-dgram:     off
time-stream:    off

For example, to turn on the xinetd service for rsync, use the following command:

/sbin/chkconfig rsync on

Then reload the service's configuration with the command su -c 'service xinetd reload'.

Re-issueing the /sbin/chkconfig --list command you now see

/sbin/chkconfig --list | grep rsync
rsync:          on

To customize the configuration of an xinetd service, edit the file for that service in the /etc/xinetd.d directory. For more information on the syntax of these configuration files, refer to the man page for xinetd.conf(5).

[edit] Common Services

Some services commonly found on Fedora installations.

Service Description
Amanda BackupPC Backup software
abrt Automatic Bug-Reporting Tool.
acpid Advanced Configuration and Power Interface daemon which controls and allows interfacing to power management and certain input devices..
amd Runs the automount daemon for remote filesystem mounting such as nfs.
anacron and crond Runs certain programs at specified times.
apmd Monitors laptop battery power and shuts down if power gets too low.
atd at scheduler. Automatically runs programs/scripts that meet certain criteria.
auditd System audit daemon
autofs Used to automatically mount filesystems listed in fstab.
avahi-daemon, avahi-dnsconfd Supports Apple's Zeroconf protocol.
bluetooth Provides Bluetooth functionality.
btseed, bttrack Bittorrent related utils.
cfenvd, cfexecd, cfservd Part of the cfengine services. cfengine is a system configuration an anomaly detection.
cman Cluster manager
cpuspeed System sensor and CPU speed adjustment.
cups Printing support
dbmail, Postfix, Sendmail, spamassassin, dovecot Email services and spam protection.
dc_client, dc_server Caching services
denyhosts Log watcher that bans hosts with too many failed login attempts.
dhcdbd Allow systems to use a DHCP server to obtain an IP address.
dund Bluetooth dial-up networking
firstboot Used after installation for post-installation configuration. You should turn this off after these configurations are complete.
gpm Mouse support on the console
haldaemon Hardware detection layer
hidd Bluetooth HID daemon
hplip HP Linux Imaging and Printing
httpd Apache web server
ip6tables and iptable Firewall
ipsec IPsec encryption/authentication
irda Provides infrared device services.
irqbalance Distributes hardware interrupts across processors on a multi-processor system.
isdn Provides ISDN functionality.
jexec This is provided as a helper to directly run java JAR applications. This is will be included if you installed Sun Java. It is not necessary and can be disabled.
kdump kexec based crash dumping mechanism for Linux.
kudzu Looks for new hardware at boot. Runs only at boot time.
ldap LDAP server
lirc Linux infrared support
lisa Network discovery and protocols
lm_sensors Support for hardware sensors such as CPU temp.
lpd local printer services
lvm2-monitor This is a monitoring application for your LVM (Logical Volume Management) system. This is recommended if you use LVM, however if you use manually partition your drives it can be disabled.
mcstran SELinux related
mdmonitor Software RAID support. Turn off if you are not using it.
mdmpd Multipath device support
messagebus App to app communications
multipathd failover and multipath support
microcode_ctl Support for IA32 (Intel PII and newer) microcode
mysqld, Postgresql, Oracle Database servers
named Bind DNS server
netfs Mounts NFS, SMB and other remote filesystems.
netplugd Linux networking related services
network Brings up the network.
nfs, nfslock Provides NFS services.
nscd Name service cache daemon
ntpd Syncs your computer clock with time servers.
openais Clustering, failover, checkpointing and related API.
pand BlueZ Bluetooth PAN daemon
pcmcia Provides pcmcia support. May be safely stopped if you are not using a laptop.
pcscd Smart card support
portmap Support for port mapping and RPC.
psacct Monitors system activity and provides audit trail of user actions.
pxe Provides pxe support. (Preboot execution environment)
raduisd Provides radius VPN support.
random Kernel random number generator.
rdisc Network discovery daemon
readahead_early, readahead_later Used in speeding up boot time.
restorecond Sets default SELinux context on new files.
rpcgssd, rpcidmap, rpcsvcgssd Network file-sharing support
rsync rsync run as a service. Synchronises files mostly between remote systems.
saslauthd SASL authentication server
sgi_fam File alteration monitor
smartd Watches hard-drives for problems.
smb Samba server
snmpd, snmtrapd Linux SNMP support
squid Proxy server
sshd SSH server
syslog System logging service
sysstat Starts special system logging services.
tux Tux web server
vncserver VNC server
vsftpd FTP server
winbind Maps Windows domain databases to UNIX
wpa_supplicant WPA (Wi-Fi Protected Access) supplicant for Linux
xend, xendomains, VMware, libvirtd Provides a virtual machine.
xfs X Font Server
ypbind YP/NIS support
yum-updatesd Automatic yum updates