Chapter 7. Services and Daemons

Статья последний раз была обновлена 04.03.2023

Chapter 7. Services and Daemons

Maintaining security on your system is extremely important, and one approach for this task is to manage access to system services carefully. Your system may need to provide open access to particular services (for example, httpd if you are running a web server). However, if you do not need to provide a service, you should turn it off to minimize your exposure to possible bug exploits.
This chapter covers the configuration of the services to be run when a system is started, and provides information on how to start, stop, and restart the services on the command line using the systemctl utility.

Keep the system secure

When you allow access for new services, always remember that both the firewall and SELinux need to be configured as well. One of the most common mistakes committed when configuring a new service is neglecting to implement the necessary firewall configuration and SELinux policies to allow access for it. Refer to the Fedora Security Guide (see Section 7.3, “Additional Resources”) for more information.

7.1. Configuring Services

To allow you to configure which services are started at boot time, Fedora is shipped with the systemctl command line tool.

Do not use the ntsysv and chkconfig utilities

Although it is still possible to use the ntsysv and chkconfig utilities to manage services that have init scripts installed in the /etc/rc.d/init.d/ directory, it is advised that you use the systemctl utility.

Enabling the irqbalance service

To ensure optimal performance on POWER architecture, it is recommended that the irqbalance service is enabled. In most cases, this service is installed and configured to run during the Fedora 16 installation. To verify that irqbalance is running, type the following at a shell prompt:
systemctl status irqbalance.service

7.1.1. Enabling the Service

To configure a service to be automatically started at boot time, use the systemctl command in the following form:
systemctl enable service_name.service
The service will be started the next time you boot the system. For information on how to start the service immediately, refer to Section 7.2.2, “Running the Service”.
Example 7.1. Enabling the httpd service
Imagine you want to run the Apache HTTP Server on your system. Provided that you have the httpd package installed, you can enable the httpd service by typing the following at a shell prompt as root:
~]# systemctl enable httpd.service

7.1.2. Disabling the Service

To disable starting a service at boot time, use the systemctl command in the following form:
systemctl disable service_name.service
The next time you boot the system, the service will not be started. For information on how to stop the service immediately, refer to Section 7.2.3, “Stopping the Service”.
Example 7.2. Disabling the telnet service
In order to secure the system, users are advised to disable insecure connection protocols such as Telnet. You can make sure that the telnet service is disabled by running the following command as root:
~]# systemctl disable telnet.service

Губарь Маргарита Александровна