Linux Services

 

Linux Services

 

chkconfig

The chkconfig command can be used to activate and deactivate services.

To get a list of services, and their runlevels...

chkconfig --list > chkconfig.txt

At the end of the list, you will see a section for the services managed by xinetd.

If you use "chkconfig --list" to query a service managed by xinetd, you will see whether the xinetd service is enabled (on) or disabled ( off). For example, the command "chkconfig --list finger" returns the following output:

finger on

As shown, finger is enabled as an xinetd service. If xinetd is running, finger is enabled.

If you use "chkconfig --list" to query a service in /etc/rc.d, you will see the service's settings for each runlevel. For example, the command "chkconfig --list sshd" returns the following output:

sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

chkconfig can also be used to configure a service to be started (or not) in a specific runlevel. For example, to turn nscd off in runlevels 3, 4, and 5, use the following command:

chkconfig --level 345 nscd off

Services managed by xinetd are immediately affected by chkconfig. For example, if xinetd is running, finger is disabled, and the command chkconfig finger on is executed, finger is immediately enabled without having to restart xinetd manually. Changes for other services do not take effect immediately after using chkconfig. You must stop or start the individual service with the command...

service daemon stop
For example...

service sshd stop
service sshd start
service sshd restart

 

ntsysv

The ntsysv utility provides a simple interface for activating or deactivating services. You can use ntsysv to turn an xinetd-managed service on or off. You can also use ntsysv to configure runlevels. By default, only the current runlevel is configured. To configure a different runlevel, specify one or more runlevels with the --level option. For example....

ntsysv --level 345

...configures runlevels 3, 4, and 5.

The ntsysv interface works like the text mode installation program. Use the up and down arrows to navigate up and down the list. The space bar selects/unselects services and is also used to "press" the Ok and Cancel buttons. To move between the list of services and the Ok and Cancel buttons, use the [Tab] key. An * signifies that a service is set to on. The [F1] key will pop up a short description of each service.

Services managed by xinetd are immediately affected by ntsysv. For all other services, changes do not take effect immediately. You must stop or start the individual service with the command service daemon stop. In the previous example, replace daemon with the name of the service you want to stop; for example, httpd. Replace stop with start or restart to start or restart the service.

 

Services Configuration Tool

The Services Configuration Tool is a graphical application developed by Red Hat to configure which SysV services in the /etc/rc.d/init.d directory are started at boot time (for runlevels 3, 4, and 5) and which xinetd services are enabled. It also allows you to start, stop, and restart SysV services as well as restart xinetd.

To start the Services Configuration Tool from the desktop, go to...

Panel | Main Menu Button | System Settings | Server Settings | Services
...or type the command "redhat-config-services" at a shell prompt (for example, in an XTerm or a GNOME terminal).

The Services Configuration Tool displays the current runlevel as well as the runlevel you are currently editing. To edit a different runlevel, select Edit Runlevel from the pulldown menu and select runlevel 3, 4, or 5.

The Services Configuration Tool lists the services from the /etc/rc.d/init.d directory as well as the services controlled by xinetd. Click on the name of the service from the list on the left-hand side of the application to display a brief description of that service as well as the status of the service. If the service is not an xinetd service, the status window shows whether or not the service is currently running. If the service is controlled by xinetd, the status window displays the phrase xinetd service.

To start, stop, or restart a service immediately, select the service from the list and click the appropriate button on the toolbar (or choose the action from the Actions pulldown menu). If the service is an xinetd service, the action buttons are disabled because they can not be started or stopped individually.

If you enable/disable an xinetd service by checking or unchecking the checkbox next to the service name, select File | Save Changes from the pulldown menu to restart xinetd and immediately enable/disable the xinetd service that you changed. xinetd is also configured to remember the setting. You can enable/disable more than one xinetd service at a time and save the changes when you are finished.

For example, assume you check rsync to enable it in runlevel 3 and then save the changes. The rsync service is immediately enabled. The next time xinetd is started, rsync is still enabled.

When you save changes to xinetd services, xinetd is restarted, and the changes take place immediately. When you save changes to other services, the runlevel is reconfigured, but the changes do not take effect immediately.

To enable a non- xinetd service to start at boot time for the currently selected runlevel, check the checkbox beside the name of the service in the list. After configuring the runlevel, apply the changes by selecting File | Save Changes from the pulldown menu. The runlevel configuration is changed, but the runlevel is not restarted; thus, the changes do not take place immediately.

For example, assume you are configuring runlevel 3. If you change the value for the sshd service from checked to unchecked and then select Save Changes, the runlevel 3 configuration changes so that sshd is not started at boot time. However, runlevel 3 is not reinitialized, so sshd is still running. Select one of following options at this point:

Stop the sshd service Stop the service by selecting it from the list and clicking the Stop button. A message will be displayed stating that the service was stopped successfully.
Reinitialize the runlevel Reinitialize the runlevel by going to a shell prompt and typing the command telinit 3 (where 3 is the runlevel number). This option is recommended if you change the Start at Boot value of more than one service and want to activate the changes immediately.
Do nothing else You do not have to stop the sshd service. You can wait until the system is rebooted for the service to stop. The next time the system is booted, the runlevel will be initialized without the sshd service running.

 

TCP Wrappers

Many UNIX system administrators are accustomed to using TCP wrappers to manage access to certain network services. Any network services managed by xinetd (as well as any program with built-in support for libwrap) can use TCP wrappers to manage access. xinetd can use the /etc/hosts.allow and /etc/hosts.deny files to configure access to system services. As the names imply, hosts.allow contains a list of rules that allow clients to access the network services controlled by xinetd, and hosts.deny contains rules to deny access. The hosts.allow file takes precedence over the hosts.deny file. Permissions to grant or deny access can be based on individual IP address (or hostnames) or on a pattern of clients.

 

xinetd

To control access to Internet services, use xinetd, which is a secure replacement for inetd. The xinetd daemon conserves system resources, provides access control and logging, and can be used to start special-purpose servers. xinetd can be used to provide access only to particular hosts, to deny access to particular hosts, to provide access to a service at certain times, to limit the rate of incoming connections and/or the load created by connections, and more

xinetd runs constantly and listens on all of the ports for the services it manages. When a connection request arrives for one of its managed services, xinetd starts up the appropriate server for that service.

The configuration file for xinetd is /etc/xinetd.conf, but the file only contains a few defaults and an instruction to include the /etc/xinetd.d directory. To enable or disable an xinetd service, edit its configuration file in the /etc/xinetd.d directory. If the disable attribute is set to yes, the service is disabled. If the disable attribute is set to no, the service is enabled. You can edit any of the xinetd configuration files or change its enabled status using the Services Configuration Tool, ntsysv, or chkconfig. For a list of network services controlled by xinetd, review the contents of the /etc/xinetd.d directory with the command ls /etc/xinetd.d.

 

Runlevels

Before you can configure access to services, understand Linux runlevels, which are states defined by the services listed in the directory /etc/rc.d/rc<x>.d, where <x> is the number of the runlevel.

Red Hat Linux uses the following runlevels:

0 Halt
1 Single-user mode
2 Not used (user-definable)
3 Full multi-user mode
4 Not used (user-definable)
5 Full multi-user mode (with an X-based login screen)
6 Reboot

If you use a text login screen, you are operating in runlevel 3. If you use a graphical login screen, you are operating in runlevel 5.

The default runlevel can be changed by modifying the /etc/inittab file, which contains a line near the top of the file similar to the following:

id:5:initdefault:

Change the number in this line to the desired runlevel. The change will not take effect until you reboot the system.

To change the runlevel immediately, use the command telinit followed by the runlevel number. You must be root to use this command.


 

Home