Nowadays, most of the Linux distribution systems such as Fedora, Ubuntu, Arch Linux, Debian, openSUSE, and so on, have switched from init
to systemd. systemd is the first process that gets started after system boot-up with PID 1. It controls and manages other processes that should be started after the system boot-up. It is also known as basic building block for an operating system. To learn about an init-based system, refer to the Wikipedia link at https://en.wikipedia.org/wiki/Init.
systemd has several units, each containing a configuration file with information about a service, socket, device, mount point, swap file or partition, start-up target, and so on.
The following table explains some of unit files:
Unit type |
File extension |
Description |
---|---|---|
Service unit |
|
A system service |
Device unit |
|
A device file recognized by kernel |
Mount unit |
|
A file system mount point |
Timer unit |
|
A systemd timer |
Swap unit |
|
A swap file |
To list all the installed unit files in a system, run the systemctl
command with the list-unit-files
option:
$ systemctl list-unit-files | head -n 12
To list unit files of a unit type, use the list-unit-files
and --type
options. Running the following command will show only a service unit available in the system:
$ systemctl list-unit-files --type=service | head -n 10
systemd manages all the available services in a system, from the time of Linux kernel boot up till the shutdown of the system. A service in a Linux system is an application that runs in the background or is waiting to be used. Service management files have the suffix .service
in its file name.
In systemd-based Linux system, a user or an administrator can manage services using the systemctl
command.
To list the current status of services and check whether it is running or not, use systemctl status
:
For example, to see the status of my NetworkManager
service, run the following command:
$ systemctl status -l NetworkManager.service
We can see that the NetworkManager
service is running and is in active state. It also provides detailed information associated with the current NetworkManager
service.
Let's see status of another service called the sshd
. The sshd
service controls whether ssh
connection is possible to a system or not:
$ systemctl status sshd.service
This shows that service sshd
is inactive currently.
If no verbose output is required, then we can just use the is-active
option to see a service status:
$ systemctl is-active sshd.service unknown $ systemctl is-active NetworkManager.service active
Here, active
means a service is running and unknown
means a service is not running.
When a system is booted, systemd automatically starts some of the services. A few of the services may not be running as well. To enable a service to run after a system is booted, use systemctl enable
and to stop a service running by a system during boot time, use systemctl disable
.
Executing the following command will allow systemd to run the sshd
service after a system is booted up:
# systemctl enable sshd.service
Executing the following command will allow systemd to not run sshd.service
when a system is booted up:
# systemctl disable sshd.service
To check whether a service is enabled or not, run the systemctl is-enabled
command:
$ systemctl is-enabled sshd.service disabled $ systemctl is-enabled NetworkManager.service enabled
It means that the sshd
service is disabled currently during the system start-up, while the NetworkManager
service is enabled during the start-up by systemd
.
When a system is running, sometimes we may need some services running. For example, to do ssh
in my current system from another system, the sshd
service must be running.
For example, let's see what the current status of the sshd
service is:
$ systemctl is-active sshd.service unknown
The sshd
service is not running currently. Let's try to do ssh
in a system:
$ ssh foo@localhost # Doing ssh to same machine # Doing ssh to same machine ssh: connect to host localhost port 22: Connection refused
We can see that the ssh
connection has been refused.
Now, let's start running the sshd
service. We can start a service by using the systemctl start
command as follows:
# systemctl start sshd.service $ systemctl is-active sshd.service active
Now, the sshd
service is running. Try doing ssh
into the machine again:
$ ssh foo@localhost Last login: Fri Sep 25 23:10:21 2015 from 192.168.1.101
Now, the login has been done successfully.
We can even restart a running service using the systemctl restart
command. This is required when a service has been modified. Then, to enable the modified setting, we can just restart it.
# systemctl restart sshd.service
The preceding command will restart the sshd
service.
When ssh
is no longer required, it's safe to stop running it. This avoids an anonymous access to a machine. To stop running a service, run the systemctl stop
command:
# systemctl stop sshd.service $ systemctl is-active sshd.service unknown
To check whether a user is working on an individual or enterprise machine, viewing system logs is very important in order to trace a problem and get detailed information of activities happening in a system. Viewing system logs plays an important role in monitoring and ensuring network traffics are not vulnerable. On a systemd-based system, system logs are collected and managed by one of its component called journald
. Its task is to collect a log of applications and kernel. Log files are available in the /var/log/journal/
directory.
To view a log collected by journald
, the journalctl
command is used:
# journalctl
Running the preceding command displays all system logs collected, starting from old and grows down to newer logs.
To see the latest log entries and continuously printing new entries as appended to the journal, use the –f
option:
$ journalctl -f
To see the log entries captured since the last boot of a system, use the –b
option:
$ journalctl -b
We can also view logs of a particular time interval. For example, to view logs of the last 1 hour, we can run the following command:
$ journalctl --since "1 hour ago" --until now
To view log entries since July 1, 2015 until now, we can run the following command:
$ journalctl --since 2015-07-01
To view logs from Aug 7, 2015 at 7:23 PM to Aug 9, 2015 at 7 AM, we can run the following command:
$ journalctl --since "2015-08-07 19:23:00" --until "2015-08-09 7:00:00"
18.225.209.250