Home | 简体中文 | 繁体中文 | 杂文 | 打赏(Donations) | 云栖社区 | OSChina 博客 | Facebook | Linkedin | 知乎专栏 | Github | Search | About

16.2. Services

16.2.1. systemctl

# systemctl stop postfix
# systemctl stop avahi-daemon
# systemctl disable postfix
# systemctl disable avahi-daemon rc.local

$ chmod +x /etc/rc.d/rc.local
$ systemctl enable rc-local
$ systemctl start rc-local
$ systemctl status rc-local is-enabled 查看当前服务的启用状态

[root@www.netkiller.cn ~]# systemctl is-enabled mongod
[root@www.netkiller.cn ~]# systemctl is-enabled spring
disabled 重载 systemd

systemctl daemon-reload			
# systemctl list-unit-files
UNIT FILE                                   STATE   
proc-sys-fs-binfmt_misc.automount           static  
dev-hugepages.mount                         static  
dev-mqueue.mount                            static  
proc-sys-fs-binfmt_misc.mount               static  
sys-fs-fuse-connections.mount               static  
sys-kernel-config.mount                     static  
sys-kernel-debug.mount                      static  
tmp.mount                                   disabled
brandbot.path                               disabled
systemd-ask-password-console.path           static  
systemd-ask-password-plymouth.path          static  
systemd-ask-password-wall.path              static  
session-1.scope                             static  
session-2.scope                             static  
session-3.scope                             static  
session-4.scope                             static  
auditd.service                              enabled 
autovt@.service                             disabled
avahi-daemon.service                        enabled 
blk-availability.service                    disabled
brandbot.service                            static  
console-getty.service                       disabled
console-shell.service                       disabled
cpupower.service                            disabled
crond.service                               enabled 
dbus-org.fedoraproject.FirewallD1.service   enabled 
dbus-org.freedesktop.Avahi.service          enabled 
dbus-org.freedesktop.hostname1.service      static  
dbus-org.freedesktop.locale1.service        static  
dbus-org.freedesktop.login1.service         static  
dbus-org.freedesktop.machine1.service       static  
dbus-org.freedesktop.NetworkManager.service enabled 
dbus-org.freedesktop.nm-dispatcher.service  enabled 
dbus-org.freedesktop.timedate1.service      static  
dbus.service                                static  
debug-shell.service                         disabled
dm-event.service                            disabled
dnsmasq.service                             disabled
dracut-cmdline.service                      static  
dracut-initqueue.service                    static  
dracut-mount.service                        static  
dracut-pre-mount.service                    static  
dracut-pre-pivot.service                    static  
dracut-pre-trigger.service                  static  
dracut-pre-udev.service                     static  
dracut-shutdown.service                     static  
ebtables.service                            disabled
emergency.service                           static  
firewalld.service                           enabled 
getty@.service                              enabled 
halt-local.service                          static  
initrd-cleanup.service                      static  
initrd-parse-etc.service                    static  
initrd-switch-root.service                  static  
initrd-udevadm-cleanup-db.service           static  
irqbalance.service                          enabled 
kdump.service                               enabled 
kmod-static-nodes.service                   static  
lvm2-lvmetad.service                        disabled
lvm2-monitor.service                        enabled 
lvm2-pvscan@.service                        static  
messagebus.service                          static  
microcode.service                           enabled 
NetworkManager-dispatcher.service           enabled 
NetworkManager-wait-online.service          disabled
NetworkManager.service                      enabled 
plymouth-halt.service                       disabled
plymouth-kexec.service                      disabled
plymouth-poweroff.service                   disabled
plymouth-quit-wait.service                  disabled
plymouth-quit.service                       disabled
plymouth-read-write.service                 disabled
plymouth-reboot.service                     disabled
plymouth-start.service                      disabled
plymouth-switch-root.service                static  
polkit.service                              static  
postfix.service                             enabled 
quotaon.service                             static  
rc-local.service                            static  
rdisc.service                               disabled
rescue.service                              static  
rhel-autorelabel-mark.service               static  
rhel-autorelabel.service                    static  
rhel-configure.service                      static  
rhel-dmesg.service                          disabled
rhel-domainname.service                     disabled
rhel-import-state.service                   static  
rhel-loadmodules.service                    static  
rhel-readonly.service                       static  
rsyslog.service                             enabled 
serial-getty@.service                       disabled
sshd-keygen.service                         static  
sshd.service                                enabled 
sshd@.service                               static  
systemd-ask-password-console.service        static  
systemd-ask-password-plymouth.service       static  
systemd-ask-password-wall.service           static  
systemd-backlight@.service                  static  
systemd-binfmt.service                      static  
systemd-fsck-root.service                   static  
systemd-fsck@.service                       static  
systemd-halt.service                        static  
systemd-hibernate.service                   static  
systemd-hostnamed.service                   static  
systemd-hybrid-sleep.service                static  
systemd-initctl.service                     static  
systemd-journal-flush.service               static  
systemd-journald.service                    static  
systemd-kexec.service                       static  
systemd-localed.service                     static  
systemd-logind.service                      static  
systemd-machined.service                    static  
systemd-modules-load.service                static  
systemd-nspawn@.service                     disabled
systemd-poweroff.service                    static  
systemd-quotacheck.service                  static  
systemd-random-seed.service                 static  
systemd-readahead-collect.service           enabled 
systemd-readahead-done.service              static  
systemd-readahead-drop.service              enabled 
systemd-readahead-replay.service            enabled 
systemd-reboot.service                      static  
systemd-remount-fs.service                  static  
systemd-shutdownd.service                   static  
systemd-suspend.service                     static  
systemd-sysctl.service                      static  
systemd-timedated.service                   static  
systemd-tmpfiles-clean.service              static  
systemd-tmpfiles-setup-dev.service          static  
systemd-tmpfiles-setup.service              static  
systemd-udev-settle.service                 static  
systemd-udev-trigger.service                static  
systemd-udevd.service                       static  
systemd-update-utmp-runlevel.service        static  
systemd-update-utmp.service                 static  
systemd-user-sessions.service               static  
systemd-vconsole-setup.service              static  
teamd@.service                              static  
tuned.service                               enabled 
wpa_supplicant.service                      disabled
-.slice                                     static  
machine.slice                               static  
system.slice                                static  
user.slice                                  static  
avahi-daemon.socket                         enabled 
dbus.socket                                 static  
dm-event.socket                             enabled 
lvm2-lvmetad.socket                         enabled 
sshd.socket                                 disabled
syslog.socket                               static  
systemd-initctl.socket                      static  
systemd-journald.socket                     static  
systemd-shutdownd.socket                    static  
systemd-udevd-control.socket                static  
systemd-udevd-kernel.socket                 static  
basic.target                                static  
bluetooth.target                            static  
cryptsetup.target                           static  
ctrl-alt-del.target                         disabled
default.target                              enabled 
emergency.target                            static  
final.target                                static  
getty.target                                static  
graphical.target                            disabled
halt.target                                 disabled
hibernate.target                            static  
hybrid-sleep.target                         static  
initrd-fs.target                            static  
initrd-root-fs.target                       static  
initrd-switch-root.target                   static  
initrd.target                               static  
kexec.target                                disabled
local-fs-pre.target                         static  
local-fs.target                             static  
multi-user.target                           enabled 
network-online.target                       static  
network.target                              static  
nss-lookup.target                           static  
nss-user-lookup.target                      static  
paths.target                                static  
poweroff.target                             disabled
printer.target                              static  
reboot.target                               disabled
remote-fs-pre.target                        static  
remote-fs.target                            enabled 
rescue.target                               disabled
rpcbind.target                              static  
runlevel0.target                            disabled
runlevel1.target                            disabled
runlevel2.target                            disabled
runlevel3.target                            disabled
runlevel4.target                            disabled
runlevel5.target                            disabled
runlevel6.target                            disabled
shutdown.target                             static  
sigpwr.target                               static  
sleep.target                                static  
slices.target                               static  
smartcard.target                            static  
sockets.target                              static  
sound.target                                static  
suspend.target                              static  
swap.target                                 static  
sysinit.target                              static  
system-update.target                        static  
time-sync.target                            static  
timers.target                               static  
umount.target                               static  
systemd-readahead-done.timer                static  
systemd-tmpfiles-clean.timer                static  

210 unit files listed. 列出启动失败的服务

# systemctl --failed
● spring.service loaded failed failed Spring Boot Application

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

1 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'. list-units

$ systemctl list-units --type=target
basic.target          loaded active active Basic System
cryptsetup.target     loaded active active Encrypted Volumes
getty.target          loaded active active Login Prompts
local-fs-pre.target   loaded active active Local File Systems (Pre)
local-fs.target       loaded active active Local File Systems
multi-user.target     loaded active active Multi-User System
network-online.target loaded active active Network is Online
network.target        loaded active active Network
paths.target          loaded active active Paths
slices.target         loaded active active Slices
sockets.target        loaded active active Sockets
swap.target           loaded active active Swap
sysinit.target        loaded active active System Initialization
timers.target         loaded active active Timers

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

14 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
$ systemctl list-units | more
UNIT                                             LOAD   ACTIVE SUB       DESCRIPTION
proc-sys-fs-binfmt_misc.automount                loaded active running   Arbitrary Executable File Formats File System Automount Point
sys-devices-platform-serial8250-tty-ttyS0.device loaded active plugged   /sys/devices/platform/serial8250/tty/ttyS0
sys-devices-platform-serial8250-tty-ttyS1.device loaded active plugged   /sys/devices/platform/serial8250/tty/ttyS1
sys-devices-platform-serial8250-tty-ttyS2.device loaded active plugged   /sys/devices/platform/serial8250/tty/ttyS2
sys-devices-platform-serial8250-tty-ttyS3.device loaded active plugged   /sys/devices/platform/serial8250/tty/ttyS3
sys-devices-vbd\x2d51728-block-xvdb-xvdb1.device loaded active plugged   /sys/devices/vbd-51728/block/xvdb/xvdb1
sys-devices-vbd\x2d51728-block-xvdb.device       loaded active plugged   /sys/devices/vbd-51728/block/xvdb
sys-devices-vbd\x2d768-block-xvda-xvda1.device   loaded active plugged   /sys/devices/vbd-768/block/xvda/xvda1
sys-devices-vbd\x2d768-block-xvda.device         loaded active plugged   /sys/devices/vbd-768/block/xvda
sys-devices-vif\x2d0-net-eth0.device             loaded active plugged   /sys/devices/vif-0/net/eth0
sys-devices-vif\x2d1-net-eth1.device             loaded active plugged   /sys/devices/vif-1/net/eth1
sys-devices-virtual-net-tun0.device              loaded active plugged   /sys/devices/virtual/net/tun0
sys-module-configfs.device                       loaded active plugged   /sys/module/configfs
sys-subsystem-net-devices-eth0.device            loaded active plugged   /sys/subsystem/net/devices/eth0
sys-subsystem-net-devices-eth1.device            loaded active plugged   /sys/subsystem/net/devices/eth1
sys-subsystem-net-devices-tun0.device            loaded active plugged   /sys/subsystem/net/devices/tun0
-.mount                                          loaded active mounted   /
dev-hugepages.mount                              loaded active mounted   Huge Pages File System
dev-mqueue.mount                                 loaded active mounted   POSIX Message Queue File System
opt.mount                                        loaded active mounted   /opt
proc-sys-fs-binfmt_misc.mount                    loaded active mounted   Arbitrary Executable File Formats File System
proc-xen.mount                                   loaded active mounted   /proc/xen
run-user-0.mount                                 loaded active mounted   /run/user/0
sys-kernel-config.mount                          loaded active mounted   Configuration File System
sys-kernel-debug.mount                           loaded active mounted   Debug File System
brandbot.path                                    loaded active waiting   Flexible branding
systemd-ask-password-plymouth.path               loaded active waiting   Forward Password Requests to Plymouth Directory Watch
systemd-ask-password-wall.path                   loaded active waiting   Forward Password Requests to Wall Directory Watch
session-231.scope                                loaded active running   Session 231 of user root
session-571.scope                                loaded active running   Session 571 of user root
aegis.service                                    loaded active running   LSB: aegis update.
agentwatch.service                               loaded active running   SYSV: Starts and stops guest agent
cloudmonitor.service                             loaded active running   LSB: @app.long.name@
crond.service                                    loaded active running   Command Scheduler
dbus.service                                     loaded active running   D-Bus System Message Bus
exim.service                                     loaded active running   Exim Mail Transport Agent
getty@tty1.service                               loaded active running   Getty on tty1
gitlab-runsvdir.service                          loaded active running   GitLab Runit supervision process
iptables.service                                 loaded active exited    IPv4 firewall with iptables
jexec.service                                    loaded active exited    LSB: Supports the direct execution of binary formats.
kmod-static-nodes.service                        loaded active exited    Create list of required static device nodes for the current kernel
lvm2-lvmetad.service                             loaded active running   LVM2 metadata daemon
lvm2-monitor.service                             loaded active exited    Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling
mysqld.service                                   loaded active running   MySQL Server
network.service                                  loaded active exited    LSB: Bring up/down networking
nscd.service                                     loaded active running   Name Service Cache Daemon
ntpd.service                                     loaded active running   Network Time Service
openvpn@server.service                           loaded active running   OpenVPN Robust And Highly Flexible Tunneling Application On server
rhel-dmesg.service                               loaded active exited    Dump dmesg to /var/log/dmesg
rhel-import-state.service                        loaded active exited    Import network configuration from initramfs
rhel-readonly.service                            loaded active exited    Configure read-only root support
rsyslog.service                                  loaded active running   System Logging Service


16.2.2. service

# service nginx
Usage: nginx {start|stop|restart|condrestart|try-restart|force-reload|upgrade|reload|status|help|configtest}

# service nginx stop
# service nginx start
# service nginx restart
[ ] NetworkManager   自动在多种网络连接中进行转换,如果你的电脑有Wireless WiFi 和 Ethernet多种网络连接类型的话,可以选择开启。
[ ] acpid            (Advanced Configuration and Power Interface)是为替代传统的APM电源管理标准而推出的新型电源管理标准。通常笔记本电脑需要启动电源进行管理。
[*] anacron          自动化运行任务守护进程
[*] atd              自动化运行任务守护进程
[ ] auditd           审核信息,将消息写入控制台以及 audit_warn 电子邮件别名。用于存放内核生成的系统审查记录,这些记录会被一些程序使用。特别是对于SELinux用户来说。
[ ] autofs           自动挂载/卸载文件系统服务,可以自动挂载想访问但还未挂载的文件系统,自动卸载长期不访问的文件系统,自动安装管理进程automount,与NFS 相关,依赖于NIS
[ ] avahi-daemon     Zeroconf service discovery守护进程,Avahi是zeroconf协议的实现。它可以在没有DNS服务的局域网里发现基于zeroconf协议的设备和服务。它跟mDNS一样。除非你有兼容的设备或使用 zeroconf 协议的服务,否则就可以关闭。
[ ] avahi-dnsconfd   /etc/avahi/dnsconf.action脚本守护进程
[ ] bluetooth        蓝牙
[ ] conman           控制台管理
[ ] cpuspeed         监测系统空闲百分比,降低或加快CPU时钟速度和电压
[*] crond            一个传统的UNIX程序crontab,可以周期地运行用户调度的任务。
[ ] cups             通用UNIX打印守护进程,(Common UNIX Printing System)公共UNIX打印支持,为Linux提供打印功能。 安装打印机时需要的服务。
[ ] dnsmasq          Dns cache server守护进程
[ ] dund             蓝牙拨号网络
[ ] firstboot        安装完之后的用户配置向导,用于第一次设置系统
[ ] gpm              为文本模式下的Linux程序提供鼠标支持、拷贝、粘贴操作、弹出式菜单
[ ] haldaemon        硬件监控系统
[ ] hidd             蓝牙H.I.D.服务器
[ ] httpd            Apache服务器
[ ] ip6tables        防火墙守护进程
[*] iptables         防火墙守护进程
[ ] irda             红外端口守护进程
[*] irqbalance       多系统处理器环境下的系统中断请求进行负载平衡,单CPU无用
[ ] kudzu            硬件自动检测程序,如不增加新硬件,可以关闭
[ ] lvm2-monitor     LVM2 mirror devices守护进程
[ ] mcstrans         SELinux Context Translation System Daemon
[ ] mdmonitor        RAID相关设备的守护程序
[ ] mdmpd            RAID相关设备的守护程序
[*] messagebus       事件监控服务,在必要时向所有用户发送广播信息
[ ] microcode_ctl    可编码以及发送新微代码到内核以更新Intel IA32系列处理器守护进程
[ ] multipathd       Manage device-mapper multipath devices
[ ] netconsole       Initializes network console logging
[ ] netfs            安装和卸载NFS、SAMBA和NCP网络文件系统
[ ] netplugd         服务监控网络界面,根据信号关闭或启动它,用于手提电脑
[*] network          激活已配置网络接口的脚本程序
[ ] nfs              网络文件系统守护进程
[ ] nfslock          NFS文件锁定功能
[ ] nscd             密码与群查找服务
[ ] ntpd             网络时间同步
[ ] oddjobd
[ ] pand             蓝牙个人区域网络
[ ] pcscd            智能卡支持
[ ] portmap          用来支持RPC连接,RPC被用于NFS以及NIS 等服务
[ ] psacct           进程审计守护进程
[ ] rawdevices		 rawdevices	to block devices。Oracle数据库使用
[ ] rdisc            discovers routers守护进程
[ ] readahead_early  开机内存载入优化
[ ] readahead_later  开机内存载入优化
[ ] restorecond      SELinux相关联
[ ] rpcgssd          manages RPCSEC GSS contexts for the NFSv4 server
[ ] rpcidmapd        rpcidmapd for NFSv4 that maps user names to UID and GID nu
[ ] rpcsvcgssd       rpcsvcgssd manages RPCSEC GSS contexts for the NFSv4 server
[ ] saslauthd        使用SASL的认证守护进程
[*] sendmail         邮件服务器sendmail守护进程
[*] smartd           监控硬盘故障
[*] sshd             OpenSSH服务器守护进程
[*] syslog           系统日志
[ ] winbind          用于Samba服务器
[ ] wpa_supplicant   无线设备支持
[ ] xfs              X Window字型服务器守护进程,为本地和远程X服务器提供字型集
[ ] ypbind           为NIS客户机激活ypbind服务进程
[ ] yum-updatesd	 RPM操作系统自动升级和软件包管理守护进程 chkconfig

chkconfig acpid off
[root@development ~]# chkconfig --add mysqld 		[在服务清单中添加mysql服务]
[root@development ~]# chkconfig mysqld on			[设置mysql服务开机启动]
[root@development ~]# chkconfig --list mysqld		[设置mysql启动级别]
mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off
chkconfig --level 3 mysqld on
chkconfig --level 3 mysqld off

16.2.3. xinetd.d

# yum -y install xinetd tftpd

# yum install -y tftp-server tftp


# vim /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /tftpboot
        disable                 = yes
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4

disable = yes 改为 disable = no

mkdir /tftpboot
/etc/init.d/xinetd restart atftp-server
# yum install -y atftp-server atftp


# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer protocol. The tftp protocol is often used to boot diskless workstations, download configuration files to network-aware printers, and to start the installation process for some operating systems.
service tftp
    disable         = no
    socket_type     = dgram
    protocol        = udp
    wait            = yes
    user            = root
    server          = /usr/sbin/in.tftpd
    server_args     = /tftpboot
    per_source      = 11
    cps             = 100 2
    flags           = IPv4

atftp-server 是一个可以不依赖xinetd的tftp服务器 rsync

# vim /etc/xinetd.d/rsync
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
#       allows crc checksumming etc.
service rsync
        disable = no
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/bin/rsync
        server_args     = --daemon
        log_on_failure  += USERID
} rshd


# cat  /etc/xinetd.d/rsh
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
#	consequently, for the rsh(1) program.  The server provides \
#	remote execution facilities with authentication based on \
#	privileged port numbers from trusted hosts.
service shell
	socket_type		= stream
	wait			= no
	user			= root
	log_on_success		+= USERID
	log_on_failure 		+= USERID
	server			= /usr/sbin/in.rshd
	disable			= no


# cat /etc/hosts.allow
# hosts.allow	This file describes the names of the hosts which are
#		allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
in.rshd : your.example.com
# cat /etc/hosts.deny
# hosts.deny	This file describes the names of the hosts which are
#		*not* allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
all : all


# cat ~/.rhosts
your.example.com user	user

16.2.4. rpcinfo

# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp    697  status
    100024    1   tcp    700  status
    100011    1   udp    864  rquotad
    100011    2   udp    864  rquotad
    100011    1   tcp    867  rquotad
    100011    2   tcp    867  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100021    1   udp  32778  nlockmgr
    100021    3   udp  32778  nlockmgr
    100021    4   udp  32778  nlockmgr
    100021    1   tcp  35837  nlockmgr
    100021    3   tcp  35837  nlockmgr
    100021    4   tcp  35837  nlockmgr
    100005    1   udp    880  mountd
    100005    1   tcp    883  mountd
    100005    2   udp    880  mountd
    100005    2   tcp    883  mountd
    100005    3   udp    880  mountd
    100005    3   tcp    883  mountd

16.2.5. SELINUX




setenforce 0
lokkit --selinux=disabled