Maintaining security of your Linux system is extremely important, and one of the tasks is to manage access to system services carefully. There are several different methods for managing access to system services. The easiest way to deny access to a service is to turn it off. Both the services managed by ‘xinetd’ and the services in the ‘/etc/rc.d/init.d’ hierarchy (also known as SysV services) can be configured to start or stop with the Service Configuration Tool. This Service Configuration Tool is a graphical tool for enabling and disabling services (including xinetd services). Functionality to start, stop, and restart services is also included.
Note: You must be running the X Window System and have root privileges to use the
There are 2 ways to run the Service Configuration tool:
1) Running from the command line – ‘system-config-services’ command 2) Running from the GUI - System -> Administration ->Services menu
To start the application on the desktop, go to the main menu on the panel and click on System -> Administration -> Services.
and also using the command line. But before checking the status of ‘httpd’ service, verify that the ‘httpd’ package is installed on your Oracle Linux 6 system.
Check to see if the httpd package is installed:
[root@examplehost /]# rpm -qa | grep httpd httpd-tools-2.2.15-15.0.1.el6_2.1.x86_64 httpd-2.2.15-15.0.1.el6_2.1.x86_64
[root@examplehost /]#
Check the status of ‘httpd’ service using the ‘service’ command: [root@examplehost /]# service httpd status httpd is stopped
[root@examplehost /]#
Run the ‘system-config-services’ command if you want to verify the status of a service using the GUI. Example screenshot below shows that the service is disabled.
Start the ‘httpd’ service using the command line as shown below. Ignore the warning about FQDN if you see it; just make sure the service has started.
[root@examplehost /]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using examplehost.com for ServerName
[ OK ]
[root@examplehost /]#
To verify or check the status of the ‘httpd’ service, you can run the following command:
[root@examplehost /]# service httpd status httpd (pid 5055) is running...
You can also verify the status of a service in the GUI by running the Service Configuration Tool.
Now that the httpd service (Apache web server) is running on the system, we can open the Firefox browser and go to http://localhost. You should expect to see the Apache home page if the service is running correctly.
The ‘chkconfig’ command can be used to check the status of service for various init runlevels. If you want to check the ‘httpd’ service status for different run levels then you can run the following ‘chkconfig’ command. In the example below, we see that the httpd service is initially off for all run levels. We then turn on this service using the ‘chkconfig httpd on’ command. Note that after turning on this ‘httpd’ service, this ‘httpd’ service is turned on for run levels 2, 3, 4 and 5 and it takes effect on the next reboot of the system. Similarly, you can run the ‘chkconfig httpd off’ command to turn off the ‘httpd’ service for run levels 2,3,4 and 5 but this takes effect upon the next reboot of the system.
[root@examplehost /]# chkconfig --list | grep httpd
httpd 0:off 1:off 2:off 3:off
4:off 5:off 6:off
[root@examplehost /]#
[root@examplehost /]# chkconfig httpd on [root@examplehost /]#
[root@examplehost /]# chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on
6:off
[root@examplehost /]#
Stop the ‘httpd’ service as shown below.
[root@examplehost /]# service httpd status httpd (pid 5055) is running...
[root@examplehost /]# service httpd stop
Stopping httpd: [ OK ]
[root@examplehost /]#
acpid Advanced Configuration and Power Interface event daemon atd Run commands scheduled by at command
auditd Linux auditing system daemon autofs Auto-mount file systems on demand bluetooth Trigger bluetoothd start-up
crond Service to run scheduled commands via crond daemon cups Common Unix printing system service
ip6tables IPv6 IPtables firewall service iptables IPv4 IPtables firewall service
kdump Helps loading kdump kernel into memory lvm2-monitor Monitors LVM2 disk volumes
network Bring up/down networking on a system
nfs This service provides the NFS server functionality
ntpd Ntpd is the Network Time Protocol daemon to synch time postfix Postfix mail transport agent service
rsyslog Rsyslog logging service
sshd Starts the OpenSSH server daemon
ypbind NIS daemon running on NIS clients to bind to NIS domain
Now that you have learned how to use the Service Configuration tool and the service/chkconfig commands, you can decide which services to enable and which ones to disable depending on your deployment requirements. The non-essential services in your deployment should be disabled to make the system more secure and also improve performance by reducing resource utilization of un-needed services.
Another command to configure runlevel services is the ‘ntsysv’ command. The ‘ntsysv’ utility is a command line application with a simple text user interface to configure which services are to be started in selected runlevels. You can run this utility by typing ‘ntsysv’ at a shell prompt as ‘root’ user.
The utility displays the list of available services (the services from the
/etc/rc.d/init.d/ directory) along with their current status and a description obtainable by pressing ‘F1’ key.
We will not be doing any lab on the ‘ntsysv’ utility as the preferred way is to use the ‘chkconfig’ utility as we used in the earlier labs. This concludes the services