So you have installed your system and it works the way that you want; I am guessing that while the system works the way you want you don’t have too many concerns. An out-of-the-box install though is likely to have services running that you may not want or need. If you don’t need them to be running then stopping the services and disabling it’s automatic startup will make your system more secure and free resources that you can use elsewhere. We will look at both CentOS 6 running the init based service management and CentOS 7 with systemd based service management. With all of this we aim to guide you towards your LPIC-3 303 exam from the LPI.
Each objective is available to view online. However if you prefer to have all the content in one place and study from an eBook then the objective ‘LPIC 3 Linux Security 326.1 Host Hardening’ is now available to download for just £0.99.
Managing Linux Services
Managing Linux Services in CentOS 6 starts with using the command chkconfig to list services:
[root@centos6 ~]# chkconfig --list auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off blk-availability 0:off 1:on 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off ...
My system is a server to I am more interested in seeing services that are configured to auto-start in runlevel 3. We can use grep to help here:
[root@centos6 ~]# chkconfig --list | grep -F '3:on' auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off blk-availability 0:off 1:on 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off ...
From the output you can start to analyze the need for the service. The postfix SMTP service is running and configured for auto-start, we may feel we do not need this and can disable the auto-start and stop the service.
[root@centos6 ~]# chkconfig --del postfix [root@centos6 ~]# chkconfig --list postfix service postfix supports chkconfig, but is not referenced in any runlevel (run 'chkconfig --add postfix')
The –del option to chkconfig removes the links that are used to start the service. Now when we try to list the service it shows that the links atre deleted from the runlevels. We can recreate them with the –add option if required later. This stops the service from starting on a system boot; however, it will still be running. We can check this with the service command:
[root@centos6 ~]# service --status-all | grep running auditd (pid 1052) is running... crond (pid 1253) is running... master (pid 1239) is running... rsyslogd (pid 1074) is running... openssh-daemon (pid 1158) is running...
The Postfix SMTP service shows as master from the output, the name of the process. We can check this individually:
[root@centos6 ~]# service postfix status master (pid 1239) is running...
Note the use of –status-all and status. When checking the status of an individual service we use a subcommand and not an option
To stop the service we will use the service command again:
[root@centos6 ~]# service postfix stop Shutting down postfix: [ OK ]
This, of course, was just a demonstration on how you can use the chkconfig command and service to monitor services and their startup configuration . At the least we should use chkconfig to list are services and research the services that auto-start.
CentOS 7, like many modern distributions, uses systemd as the system and startup manager. This simplifies service management for us as we only need to concern ourselves with the single command, systemctl. No longer do we need chkconfig and service for service control; in addition, the commands are the same across families. No longer do we have a different set of commands with Debian based OSs and Red Hat based OSs.
To list all unit files, which includes more that just systemd based services, we can issue the following command:
$ systemctl list-units
We can run the query as a standard user.
To list JUST service units we can modify the query:
$ systemctl list-units --type service
We can further filter this to query those services that are running:
$ systemctl list-units --type service --state running
Already we are benefitting from systemd just with the power of the queries that that we can execute.
From the output I can see that the atd is running. The is a scheduling deamon similar to cron but for one-off jobs. Personally, I rarely use this so we can drill further down into this service:
$ systemctl status atd ● atd.service - Deferred execution scheduler Loaded: loaded (/lib/systemd/system/atd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2018-05-01 18:00:36 BST; 1 weeks 0 days ago Docs: man:atd(8) Main PID: 1199 (atd) Tasks: 1 Memory: 252.0K CPU: 6ms CGroup: /system.slice/atd.service └─1199 /usr/sbin/atd -f
The status now gives much more information. We can see that it is both running and enabled for auto-start. We also see the PID or PIDs used by the service and the service description. This service description often means that we do not need to research the service elsewhere.
To stop the service we can issue the command as root:
$ sudo systemctl stop atd
To disable the service from auto-start we issue this command
$ sudo systemctl disable atd Synchronizing state of atd.service with SysV init with /lib/systemd/systemd-sysv-install... Executing /lib/systemd/systemd-sysv-install disable atd insserv: warning: current start runlevel(s) (empty) of script `atd' overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `atd' overrides LSB defaults (0 1 6).
Finally, we can stop the service from being accidentally started by masking it. A masked service can only bet started once it has been unmasked:
$ sudo systemctl mask atd Created symlink from /etc/systemd/system/atd.service to /dev/null.
The video follows where we put his into practice and see managing Linux services