User:Swapnil durgade/Service management under Linux

From Wikibooks, open books for an open world
Jump to navigation Jump to search

3 types of services

Service started by init[edit | edit source]

1. Configured in /etc/inittab
2. Typically non-TCP/IP services,
        e.g. dial-in Modems, X windows system, serial ports
3. Provide respawn capability
4. Changes to inittab can be activated with init q

Services launched by System V startup scripts[edit | edit source]

1. Process are started by System V init script method
2. Program Name often end in 'd'
3. Script takes start, stop, restart etc. arguments
4. two ways to start services
       a. /etc/init.d/ldp start
       b. service ldp start
5. To start service automatically in a runlevel, we need a start and kill symbolic link in appropriate run level /etc/rc.d/rc[0-6].d

Service launched by xinetd[edit | edit source]

1. unlike inetd xinetd does not require that the services in its configuration file be listed in /etc/services

2. It can do access control on all services based on:

  a. address of remote host
  b. time of access
  c. name of remote host
  d. domain name of remote host

3. It can prevent denial-of-access attacks by

a. placing limits on the number of servers for each service (avoids process table overflows)
b. placing an upper bound on the number of processes it will fork
c. placing limits on the size of log files it creates
d. placing limits on the number of connection a single host can initiate
e. place limits on the rate of incoming connections
f. discontinue services if the load exceeds specified limit

Controlling access with 'hosts.allow' and 'hosts.deny'[edit | edit source]

ACCESS CONTROL FILES

The access control software consults two files. The search stops at the first match:
1· Access will be granted when a (daemon,client) pair matches an entry in the /etc/hosts.allow file.
2· Otherwise, access will be denied when a (daemon,client) pair matches an entry in the /etc/hosts.deny file.
3· Otherwise, access will be granted.
A  Non-existing  access  control  file is treated as if it were an empty file. 
   Thus, access control can be turned off by providing no access control files.

'chkconfig' to manager services[edit | edit source]

Dones not modify current state of System V services

Changes to services managed my xinetd comes into effict immediatly

Can also manage xinetd services

Usage Example

1.  chkconfig --list                                     :lists all services in all runlevels
2.  chkconfig <service> list                             :lists <service> on/off status in all runlevels
2.  chkconfig <service> on                               :enables service in runlevel 2,3,4 , and 5
3.  chkconfig <service> off                              :disables service in runlevel 2,3,4 , and 5
4.  chkconfig <service> add                              :ensures either a kill or start symbolic link is setup for every runlevel
5.  chkconfig <service> del                              :removes service from chkconfig management
6.  chkconfig --level <levels> <service> <on|off|reset>  :turn service on/off in specified levels

-Swapnil (Wednesday, December 15, 2005) Email- swapnil_durgade@yahoo.com