Services

This guide covers the management of system services in Linux, focusing on systemd, the most common init system.

🔄 Service Management Basics

Systemctl Commands

# View service status
systemctl status service_name      # Check service status
systemctl is-active service_name   # Check if service is running
systemctl is-enabled service_name  # Check if service starts at boot

# Control services
systemctl start service_name       # Start a service
systemctl stop service_name        # Stop a service
systemctl restart service_name     # Restart a service
systemctl reload service_name      # Reload configuration
systemctl enable service_name      # Enable service at boot
systemctl disable service_name     # Disable service at boot

Common Service Operations

# View all services
systemctl list-units --type=service           # List running services
systemctl list-units --type=service --all     # List all services
systemctl list-unit-files --type=service      # List service files

# View service logs
journalctl -u service_name                    # View service logs
journalctl -u service_name -f                 # Follow service logs
journalctl -u service_name --since today      # Today's logs

📝 Service Configuration

Service Unit Files

# Location of service files
/etc/systemd/system/              # Custom service files
/usr/lib/systemd/system/          # Package-provided services

# View service configuration
systemctl cat service_name        # View service unit file
systemctl show service_name       # View all service properties

Creating Custom Services

# Example service file: /etc/systemd/system/myapp.service
[Unit]
Description=My Custom Application
After=network.target

[Service]
Type=simple
User=myapp
WorkingDirectory=/opt/myapp
ExecStart=/usr/bin/myapp
Restart=always

[Install]
WantedBy=multi-user.target

Reload System Configuration

systemctl daemon-reload           # Reload systemd configuration
systemctl reset-failed           # Clear failed service status

🔍 Service Monitoring

System Journal

# View system logs
journalctl                       # View all logs
journalctl -f                    # Follow new logs
journalctl -n 50                # Last 50 log entries
journalctl --disk-usage         # Check journal size

# Filter logs
journalctl -p err               # Error messages only
journalctl --since "1 hour ago" # Recent logs
journalctl --until "2023-12-31" # Logs until date

Resource Usage

# Monitor service resources
systemd-cgtop                   # Show resource usage
systemctl status service_name   # View process info
ps aux | grep service_name     # List related processes

🛠️ Service Troubleshooting

Common Issues

# Failed service
systemctl status service_name   # Check error messages
journalctl -u service_name -n 50 # View recent logs

# Dependencies
systemctl list-dependencies service_name # Check dependencies

# Resource issues
systemctl show service_name | grep Memory # Check memory limits
systemctl show service_name | grep CPU    # Check CPU limits

Debug Mode

# Enable debug logging
systemctl edit service_name
# Add:
[Service]
Environment=DEBUG=1

# Apply changes
systemctl daemon-reload
systemctl restart service_name

💡 Best Practices

Service Management
- Always check status after changes
- Use reload instead of restart when possible
- Keep service files organized
- Document custom services
Monitoring
- Set up log rotation
- Monitor resource usage
- Configure alerts for failures
- Regular status checks
Security
- Run services with minimal privileges
- Use secure file permissions
- Implement rate limiting
- Regular security audits

🔒 Security Considerations

Service Hardening

# Restrict service permissions
[Service]
PrivateTmp=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes

Access Control

# Set file permissions
chmod 644 /etc/systemd/system/myapp.service
chown root:root /etc/systemd/system/myapp.service

# Configure firewall
firewall-cmd --add-service=myapp
firewall-cmd --runtime-to-permanent

📊 Common Services Reference

Web Servers

# Apache
systemctl status apache2    # Debian/Ubuntu
systemctl status httpd      # RHEL/CentOS

# Nginx
systemctl status nginx

Databases

# MySQL/MariaDB
systemctl status mysql      # Debian/Ubuntu
systemctl status mariadb    # RHEL/CentOS

# PostgreSQL
systemctl status postgresql

Network Services

# SSH
systemctl status sshd

# Network Manager
systemctl status NetworkManager

# Firewall
systemctl status firewalld  # RHEL/CentOS
systemctl status ufw        # Ubuntu

Timezone

Show currently set timezone

timedatectl

Search timezones

timedatectl list-timezones | grep Asia | grep Tashkent

Set timezone

timedatectl set-timezone Asia/Tashkent

Firewall

To show firewall status

sudo firewall-cmd --zone=public --list-all

Set firewall port to public

sudo firewall-cmd --zone=public --permanent --add-port=5001/tcp

Reload firewall

sudo firewall-cmd --reload

See firewall public rules

sudo firewall-cmd --zone=public --list-all

PreviousSecurity NextScript

Last updated 1 year ago

Was this helpful?