systemd

Nowadays, most of the Linux distribution systems such as Fedora, Ubuntu, Arch Linux, Debian, openSUSE, and so on, have switched from init to systemd. systemd is the first process that gets started after system boot-up with PID 1. It controls and manages other processes that should be started after the system boot-up. It is also known as basic building block for an operating system. To learn about an init-based system, refer to the Wikipedia link at https://en.wikipedia.org/wiki/Init.

systemd units

systemd has several units, each containing a configuration file with information about a service, socket, device, mount point, swap file or partition, start-up target, and so on.

The following table explains some of unit files:

Unit type

File extension

Description

Service unit

.service

A system service

Device unit

.device

A device file recognized by kernel

Mount unit

.mount

A file system mount point

Timer unit

.timer

A systemd timer

Swap unit

.swap

A swap file

To list all the installed unit files in a system, run the systemctl command with the list-unit-files option:

$ systemctl list-unit-files | head -n 12
systemd units

To list unit files of a unit type, use the list-unit-files and --type options. Running the following command will show only a service unit available in the system:

$ systemctl list-unit-files --type=service | head -n 10
systemd units

Managing services

systemd manages all the available services in a system, from the time of Linux kernel boot up till the shutdown of the system. A service in a Linux system is an application that runs in the background or is waiting to be used. Service management files have the suffix .service in its file name.

In systemd-based Linux system, a user or an administrator can manage services using the systemctl command.

Status of a service

To list the current status of services and check whether it is running or not, use systemctl status:

For example, to see the status of my NetworkManager service, run the following command:

$ systemctl status -l NetworkManager.service 
Status of a service

We can see that the NetworkManager service is running and is in active state. It also provides detailed information associated with the current NetworkManager service.

Let's see status of another service called the sshd. The sshd service controls whether ssh connection is possible to a system or not:

$ systemctl status sshd.service
Status of a service

This shows that service sshd is inactive currently.

If no verbose output is required, then we can just use the is-active option to see a service status:

$ systemctl is-active sshd.service 
unknown
$ systemctl is-active NetworkManager.service
active

Here, active means a service is running and unknown means a service is not running.

Enabling and disabling services

When a system is booted, systemd automatically starts some of the services. A few of the services may not be running as well. To enable a service to run after a system is booted, use systemctl enable and to stop a service running by a system during boot time, use systemctl disable.

Executing the following command will allow systemd to run the sshd service after a system is booted up:

# systemctl enable sshd.service

Executing the following command will allow systemd to not run sshd.service when a system is booted up:

# systemctl disable sshd.service

To check whether a service is enabled or not, run the systemctl is-enabled command:

$ systemctl is-enabled sshd.service
disabled
$ systemctl is-enabled NetworkManager.service
enabled

It means that the sshd service is disabled currently during the system start-up, while the NetworkManager service is enabled during the start-up by systemd.

Start and stop a service

When a system is running, sometimes we may need some services running. For example, to do ssh in my current system from another system, the sshd service must be running.

For example, let's see what the current status of the sshd service is:

$ systemctl is-active sshd.service
unknown

The sshd service is not running currently. Let's try to do ssh in a system:

$ ssh foo@localhost  # Doing ssh to same machine  # Doing ssh to same machine
 ssh: connect to host localhost port 22: Connection refused

We can see that the ssh connection has been refused.

Now, let's start running the sshd service. We can start a service by using the systemctl start command as follows:

# systemctl start sshd.service 
$ systemctl is-active sshd.service
active

Now, the sshd service is running. Try doing ssh into the machine again:

$ ssh foo@localhost
Last login: Fri Sep 25 23:10:21 2015 from 192.168.1.101

Now, the login has been done successfully.

We can even restart a running service using the systemctl restart command. This is required when a service has been modified. Then, to enable the modified setting, we can just restart it.

#  systemctl restart sshd.service

The preceding command will restart the sshd service.

When ssh is no longer required, it's safe to stop running it. This avoids an anonymous access to a machine. To stop running a service, run the systemctl stop command:

# systemctl stop sshd.service
$ systemctl is-active sshd.service
unknown

Viewing system logs

To check whether a user is working on an individual or enterprise machine, viewing system logs is very important in order to trace a problem and get detailed information of activities happening in a system. Viewing system logs plays an important role in monitoring and ensuring network traffics are not vulnerable. On a systemd-based system, system logs are collected and managed by one of its component called journald. Its task is to collect a log of applications and kernel. Log files are available in the /var/log/journal/ directory.

To view a log collected by journald, the journalctl command is used:

# journalctl

Running the preceding command displays all system logs collected, starting from old and grows down to newer logs.

Viewing the latest log entries

To see the latest log entries and continuously printing new entries as appended to the journal, use the –f option:

$ journalctl -f
Viewing the latest log entries

To see the log entries captured since the last boot of a system, use the –b option:

$ journalctl -b
Viewing the latest log entries

Viewing logs of a particular time interval

We can also view logs of a particular time interval. For example, to view logs of the last 1 hour, we can run the following command:

$  journalctl --since "1 hour ago" --until now

To view log entries since July 1, 2015 until now, we can run the following command:

$ journalctl --since 2015-07-01

To view logs from Aug 7, 2015 at 7:23 PM to Aug 9, 2015 at 7 AM, we can run the following command:

$ journalctl --since "2015-08-07 19:23:00" --until "2015-08-09 7:00:00" 
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.225.209.250