The chkconfig command
chkconfig provides a command-line tool for maintaining the /etc/rc[0-6].d directory hierarchy. This is a big aid to the system administrators who would otherwise have to directly manipulate the numerous symbolic links in those directories.
The tool manipulates services in the following manner:
- Add a new service for management-chkconfig will ensure that the symbolic links are in the proper directories.
- Remove services from management-The symbolic links are removed.
- List the current startup information for services-chkconfig gives a very readable status of what services will run in which runlevels. This is convenient for the system administrator, who would otherwise have to scrutinize symbolic links to determine what will run.
- Change the startup information for services-chkconfig can add symbolic links to start or stop services for particular run levels.
- Check if a particular service is to be run at a certain runlevel-This feature differs from the previous listings in that no output is provided. Instead, chkconfig returns TRUE or FALSE for use in a batch shell script.
Following are a few lines from the output of chkconfig showing which services are schedulted to be run at each of the runlevels:
# chkconfig --list postgresql 0:off 1:off 2:off 3:off 4:off 5:off 6:off squid 0:off 1:off 2:off 3:off 4:off 5:off 6:off vmware 0:off 1:off 2:off 3:off 4:off 5:off 6:off rclocal 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off random 0:off 1:off 2:on 3:on 4:on 5:on 6:off pcmcia 0:off 1:off 2:on 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off
The following shows a few of the symbolic links in the /etc/rc.d/rc3.d/ directory (runlevel 3). It is evident that the format from chkconfig is much more convient and informative than listing all the directories.
K15postgresql -> ../init.d/postgresql* K25squid -> ../init.d/squid* K08vmware -> ../init.d/vmware* S05rclocal -> ../init.d/rclocal* S10network -> ../init.d/network* S12syslog -> ../init.d/syslog* S20random -> ../init.d/random* S24pcmcia -> ../init.d/pcmcia* S56rawdevices -> ../init.d/rawdevices*
The service command
The service command can affect the running of a process or report on the process's status. The service function essentially runs the process through the init.d scripts found in the /etc/init.d/ directory. According to convention, these scripts take the following options:
- start-Force a start of the process, regardless of the current runlevel.
- stop-Force a stop of the process and clean up as appropriate.
- restart-Stop and then start the process.
- condrestart-Process-dependent, but usually the same as restart.
- status-Process dependently print some information about the process. For example, in the case of iptables, the current rules are listed.
With the --status-all option, the tool lists the status of every service that is in the /etc/rc.d/init.d/ directory. In addition to whether the service is running, other pertinent information is displayed. Following is a shortened display of currently running processes:
# service --status-all anacron is stopped apmd is stopped atd is stopped Configured Mount Points: ------------------------ Active Mount Points: -------------------- crond is stopped gpm is stopped httpd is stopped sshd (pid 638) is running... syslogd (pid 528) is running... klogd (pid 532) is running... tux is stopped winbindd is stopped xfs (pid 817) is running... xinetd is stopped
In this tutorial:
- UNIX and Linux Security
- Network and development tools
- UNIX/Linux as a poor target
- Open source issues
- Detecting hardware changes
- Disk partitioning
- Prepare for the eventual attack
- Controlling the Configuration
- Kernel configurations
- Kernel modules
- proc file system
- Operating UNIX Safely
- Uncommon services
- Processes controlling processes
- The chkconfig command
- Controlling users
- Chroot
- Encryption and certificates
- Hardening UNIX
- Packet filtering with iptables