¶ Maintaining Services
| Terminology |
Definition |
| Kernel |
All operating systems have a kernel, which is a low-level piece of code responsible for controlling the rest of the operating system |
| Daemon |
A program that runs in the background without the need for human intervention |
| PID |
A unique number assigned to each new process when it starts so that it can be identified by the system and users |
| Service |
A service, or daemon, is typically a non-interactive process that runs in the background to support an OS or application function, such as Plug-and-Play, the print spooler, and DHCP. In Windows, services can be viewed, configured, and started/stopped via the Services console, msconfig, and the Processes tab in Task Manager. |
| Daemon |
A program that runs in the background without the need for human intervention. |
| NTP |
Application protocol allowing machines to synchronize to the same time clock that runs over UDP port 123. |
| NFS |
Remote file access protocol used principally on UNIX and Linux networks. |
| CUPS |
A print management system for Linux that enables a computer to function as a print server. |
| Secure Shell (SSH) |
Application protocol supporting secure tunneling, remote terminal emulation, and file copy. SSH runs over TCP port 22. |
- System Initialization is the process that begins when the kernel first loads, and is carried out by the init, the daemon (The parent of all processes)
- The systemd software suite provides an initialization method for loading a system and replaces SysVinit.
- It has some improvements over SysVinit, such as:
- Additional Flexibility - with more configuration options
- A hierarchical structure allowing processes to start in parallel.
- systemd manager is the first process to start (PID1)
- system replaced many older ways to manage processes in the year 2015
- systemd uses many configuration files to manage services, timers, mount points, and other components.
- A unit refers to a resource that systemd knows how to manage via daemons and configuration files
- Unit files define how systemd manages the unit and are stored in /lib/systemd/system though there are configuration files stored in /etc/systemd/system that override the ones in lib
- There are many systemd unit files such as:
- .service
- .timer
- .mount
- .target
- Unit files include sections followed by directive+value statements. Two of its most common sections are:
- Unit - which typically manages the unit's relationship to other units and includes Wants= and Requires= directives
- Install - Which specifies the results of the enable and disable actions of the admin and includes WantedBy= and RequiredBy= directives
- Because systemd unit files manage services, mount points, devices and other system components and any failure could be catastrophic,
- Some things to look out for that could cause systemd errors are:
- Configuration or typographical errors
- Missing dependencies
- Resource Constraints.
- Unit files that end with the .service represent processes that systemd manages, and usually have dependency directives such as Requires= and After= some of these directives are:
- Before= When multiple units are specified, this unit will start before any unit listed in this field.
- After: When multiple units are specified, this unit will start after any unit listed in this field.
- Requires= Units listed will be started if possible, and the primary unit will fail if the units specified by Requires= fail to start.
- Wants= Units listed will be started if possible, but the primary unit will still launch even if the units specified by Wants= fail to start.
- Type= Configures the startup type for the service. Values include simple, exec, forking, oneshot, dbus, notify, and idle.
- User= Specifies the user under whose authority the service runs (usually root).
- ExecStart= Executes commands along a specified absolute path upon startup to start a service.
- ExecStop= Executes commands along a specified absolute path upon shutdown to stop a service.
- Systemd can also manage time-based events using files with the .timr suffix, some options are;
- OnBootSec (monotonic)- Time Spanning from a specific event
- OnCalendar (realtime)- Time referenced from the system clock
- Systemd can be used to replace time-based schedulers like cron
- systemd also handles mount points and can be used to automatically mount directories. They are defined with the .mount suffix. Some of their options are:
- What=The absolute path to storage to mount.
- Where=The absolute path to mount point directory.
- Type= Defines the filesystem type.
- Options: Any additional required options for the mount action
- systemd targets represent system startup configurations; one of the primary configurations here is whether a system launches a GUI at boot or just a command line. Some of the most common targets are:
- default The target to which the system boots by default.
- multi-user.target starts, enables the services and the system to the CLI.
- graphical. targetsconnects, the enable services and the system to the GUI.
- network-online Starts the specified network services, and delays the target until network service is established.
¶ systemctl commands
- systemctl is the command that is used to manage startup options for systemd. Here are some of its options:
- start Starts the service or daemon (not persistent).
- stop Stops the service or daemon (not persistent).
- restart Restarts the service or daemon.
- reload Restarts the service or daemon but without dropping existing connections.
- enable Sets the service or daemon to start at boot (persistent).
- disable Sets the service or daemon not to start at boot (persistent).
- status Displays the current status of the service or daemon.
- mask Prevents a service from being started by any other service.
- unmask Reverses the mask setting, allowing a service to be started by any other service.
- edit Temporarily modifies the configuration without directly editing the startup configuration.
- You can check the status of a service using systemctl status service. This will allow you to see if there are any issues with a particular service.
- systemd-analyze provides
- Displays boot-up time statistics, including time for each service.
- Lists the order of running units.
- Checks the unit files for syntax and structure correctness.
- Displays debugging information.
- systemd-analyze
- time Displays time spent in each boot phase.
- filesystems Displays the system's filesystem(s).
- architectures Displays supported architectures and the system's own architecture.
- One of the most useful systemd-analyze subcommands is blame - it displays the running units in order of initialization time from longest to shortest
- systemd-resolved provides name resolution services for applications that must access network resources.
- System service configuration files store the settings necessary to manage the system. When the service is launched, it reads that configuration file, so if you make any changes to it you will need to restart the service for the changes to be applied.
- SSH's configuration file is stored in /etc/ssh/sshd_config. Some common settings are:
- Default port number is 22/tcp
- Disable root authentication over SSH
- Configure a banner message that warns users of proper use.
- Configure key-based authentication for greater security and convenience.
- There are multiple ways for the system to read time, one of them is the hardware clock which is the system's time from BIOS. You can manage these settings with hwwclock
- Next is the Linux Kernel software. The kernel synchronizes the system time with the hardware clock on startup
- Though sometimes it is important in many environments that all devices on the network be synced to the same time, and that is where NTP comes in. The services that Linux uses to sync over NTP are ntpd and Chrony.
- The ntpd daemon synchronizes time against one or more specified time servers and can be configured with /etc/ntp.conf with the syntax of server
- The chrony service is more flexible and consistent than ntpd. Two commands make up the chrony service chronyd and chronyc, chrony is configured with/etc/chrony.conf file
- PTP is similar to NTP but is much more accurate, and its configuration file is ptp3l.conf
- As a system administrator, you might want to automate as many tasks as you can. This is where task scheduling comes into play. You can do things like:
- Back up important system or user data nightly.
- Manage log files, including rotating, archiving, and compressing the logs weekly.
- Update the operating system and applications daily or weekly.
- Download configuration files from a central source using the wget or curl commands nightly.
- Synchronize files or other data between servers at remote locations and headquarters nightly.
- cron is the primary task scheduler for Linux. It references the configuration file /etc/crontab or a per-user configuration file at /var/spool/cron/crontabs
- The cron daemon checks various system and users' crontab files for any scheduled tasks.
- There are 5 time fields in each crontab file, and they represent minutes, hours, day of the month, month of the year, and day of the week. They are always placed in that order.
- If you need the command to run in a particular minute, specify the first field with a value from 0-59.
- If you need the command to run in a particular hour, specify the second field with a value from 0-23.
- If you need a command to run on a particular day of the month, specify the third field with a value from 1-31.
- If you need a command to run in a particular month of the year, specify the fourth field with a value from 1-12.
- If you need a command to run on a particular day of the week, specify the fifth field with a value from 0-6.
- It is best to use the crontab command to edit the cron file as it has benefits that a regular text editor does not have, like restarting cron when you exit.
- The at command runs a command or script once at a specified time, and is not repetitive, and has many modifiers such as:
- noon Specifies 12:00 p.m.
- teatime specifies 4:00 p.m.
- midnight Specifies 12:00 a.m.
- now + 3 minutes Specifies the time three minutes from now.
- now + 1 hour Specifies the time one hour from now.
- Another way to schedule tasks in Linux is with anacron though it works slightly differently. Such as if the system is down when cron is meant to run a task it is simply skipeed where as with anacron it is run when the system comes back on. Here are some of the other differences:
- The cron daemon assumes that the Linux operating system will remain up and running 24 hours a day, seven days a week. If a system is not powered on when a scheduled cron job should run, it is skipped.
- The anacron service compensates for times when the system is powered off. If a job is scheduled in anacron while the system is powered off, the missed job will automatically run when the system comes back up.
- The anacron daemon uses the /etc/anacrontab and has the following fields:
- Period: The period field specifies the recurrence interval in days. For example:
- 1 means the task recurs daily.
- 7 means the task recurs weekly.
- 30 means the task recurs every 30 days.
- @monthly means the task recurs once per calendar month.
- Delay: The delay field specifies the time (in minutes) that the anacron daemon should wait before executing a missed job after the system starts back up.
- Job-identifier: The job-identifier field specifies a name used for the job's timestamp file. The identifier must be unique for each anacron job. The timestamp file is created in the /var/spool/anacron directory and contains a single line with a timestamp that indicates the last time the particular job was run.
- Command: The command field specifies the command or script anacron should run.
A lot of Linux Web Servers are deployed with the LAMP Stack:
L: Linux operating system
A: Apache webserver
M: MySQL or MariaDB database
P: PHP web programming language
# Edit the configuration file with
sudo nano /etc/httpd/conf/httpd.conf
# Make the following changes
Listen localhost:80
DocumentRoot "/var/www/html"
# Allow port 80 through the firewall
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --reload
# Create a simple hello world webpage
sudo nano /var/www/html/index.html
chown apache:apache /var/www/html/index.html
# Start the Apache HTTPD service
systemctl enable httpd
systemctl start httpd
# Enable the NFS Service
systemctl enable nfs-server
systemctl start nfs-server
# Select directories that you would like shared
/LinuxNas/School 192.168.10.0/24(rw,sync) # Shared on the 192.168.10.0/24 subnet and users will have read write access
/LinuxNas/media *(ro,sync) # Shared with any and users will have read only access
# Display shared directories on the remote file server
showmount -e LinuxNFSServer
You may need to configure Linux to access folders shared on Windows, or allow Windows to connect to resources on your Linux Machine. Samba allows for
File sharing
Printer sharing
Network browsing for shared folders
Authentication to Windows Active Directory
# View folders on server1 that the current user has access to
smbclient -L //server01 -U%
# View what Samba Shares are available on your current machine
smbclient -L //localhost
# Connect to a share named 'media' on 'server1' as 'user01'
smbclient //server01/media -U% user01
- CUPS is a print management system for Linux that enables a computer to function as a print server. While there is a web-based configuration utility that makes changes to the /etc/cups/cupsd.conf and /etc/cups/cups-files.conf files
# Enable the CUPS service and start
systemctl enable cups
systemctl start cups
- The lpr command submits files for printing, allowing you to print files from the command line. Here are some of its options.
- -E Forces encryption when connecting to the server.
- -P {destination} Sends the print job to the destination printer specified.
- -# {copies} Sets the number of copies to print, from 1 to 100.
- -T {name} Sets the job name.
- -l Specifies that the print file is already formatted and should be sent to the destination without being filtered.
- -o {option} Sets a job option, such as printing in landscape mode, scaling the printed output, printing double-sided, and more. Job options vary depending on the printer.
- -p Prints the specified files with a shaded header that includes the date, time, job name, and page number.
- -r Specifies that the printed files should be deleted after printing.
- The date command is used to print the time and data in a specified format, and it pulls its information from the /etc/localtime file. By default it outputs with the following format
- {day of week} {month} {day} {24 hour time ##:##:##}
- There are many different modifiers that you can place on the data command to alter its format. Here are some of those options:
- %A Displays the full weekday name.
- %B Displays the full month name.
- %F Displays the date in YYYY-MM-DD format.
- %H Displays the hour in 24-hour format.
- %I Displays the hour in 12-hour format.
- %j Displays the day of the year.
- %S Displays seconds.
- %V Displays the week of the year.
- %x Displays the date representation based on the location.
- %X Displays the time representation based on the location.
- %Y Displays the year.
- The timedatactl command is used to set the system data and time information. The syntax is timedatectl {options} {subcommand} and here are some of its options:
- Subcommands:
-status Shows the current settings.
- restart Synchronizes the local (system) clock based on the hardware clock when setting the hardware clock.
- list-timezones Displays available time zones.
- set-timezone {timezone} Configures a specific time zone.
- set-time {HH:MM:SS} Sets the system clock to the specified time.
- Arguments:
- -H Executes the operation on the remote host specified by IP address or hostname.
- --no-ask-password Prevents the user from being asked to authenticate when performing a privileged task.
- --adjust-system-clock Synchronizes the system clock with the real-time clock.
- -M {local container} Executes the operation on a local container.
¶ The localectl command
- The localectl command displays and configures the system locale and keyboard layout settings. The syntax of localectl is localectl {options} {subcommand}, and here are its options:
- Subcommands;
- status Displays the current locale and keyboard layout. This is the same as issuing localectl by itself.
- set-locale Sets the system locale to the locale provided.
- list-locales Lists all available locales on the system.
- set-keymap Sets the keyboard layout to the provided layout.
- list-keymaps Lists all available keyboard layouts on the system.
- Arguments
- -H {remote-host} Executes the operation on the remote host specified by IP address or hostname.
- --no-ask-password Prevents the user from being asked to authenticate when performing a privileged task.
- --no-pager Prevents the output from being piped into a paging utility.
- --no-convert Prevents a keymap change for the console from also being applied to the X display server and vice versa.