13,420
edits
Changes
no edit summary
Many students may think that the following topic is small and "not a big deal". Those students may say, '''"How hard is running and stopping services?"'''
The process may not be hard, but knowing how to stop, start, restart and check the status of services is absolutely critical to a Linux server. '''Aside from learning to trouble-shoot problems''' by checking the status of running services, '''understanding how to manage services is critical to help protect a Linux server from penetration''' (this term is referred to as "'''Hardening a system'''"). Sometimes it is "what we don't know" that can harm us. One key element in hardening a computer system is to disable non essential networkng services to allow IDSs ('''Intrusion Detection Systems''') to focus on a narrower range of policy violations. A Debian-based penetration testing distribution called '''Kali ''' (formerly referred to as '''"BackTrax"''') allows sysadmins and security professionals to identify vulnerabilities in their computer systems, and thus improve (harden) their systems against penetration. Learning to monitor the status, enable and disable networking services underlies the '''Backtrax''' motto:<br><br>'''''"The quieter you are, then more you will hear..."'''''<br><br>
=== Part 1: How do we Manage System Services? ===
<li>Note the services that are currently running.</li>
<li>Use the command <b><code><span style="color:#3366CC;font-size:1.2em;">service iptables stop</span></code></b> to stop the service named '''iptables'''</li>
<li>Run a command to verify that the '''iptables''' service has stopped.</libr> <libr>A newer method of managing services '''NOTE:''' Although the service command seems to work, it is by using <u>'''systemddeprecated'''</u> (i.e. "out-dated:). It has been replaced by using the ability [http://zenit.senecac.on.ca/wiki/index.php/Init_vs_systemd#systemd_Command_Usage systemctl] command. This is a command based upon a newer method of starting and managing system services called systemd (which replaces init - the "initialization table"). This method allows services to manage dependent run more independently of each other, so that a service in parallel and allow one service to may be stopped without disrupting the other dependent servicesto be stopped as well.<br><br>The most popular systemctl commands are shown below (file extension '''. Here service''' is a link that briefly explains how optional to use include in command):<ul><li>'''systemctl list-units''''systemd'' --all''' (as opposed get a listing of all running units. Can pipe to grep to tradition method: list service you are interested in)</li><li>'''systemctl stop name.service'init''(stop a service) and the </li><li>'''systemctlstart name.service''' command: [http:(start a service)<//zenitli><li>'''systemctl restart name.senecac.on.caservice''' (restart a service)</wikili></index.php/Init_vs_systemd init vs systemd]ul></li>
<li>If you reboot now - the iptables service will be turned back on. We don't want it on though, it causes students headaches. To turn it off permanently we need to use the '''chkconfig''' command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">chkconfig iptables off</span></code></b></li>
<li>Use the '''systemctl''' command (from the link above - showing examples) to verify that the '''iptables''' service is off ('''hint:''' issue command, and pipe to grep "'''iptables'''").