TINAELLIS\Cybersecurity

Welcome to my blog!

---

Home Projects .py TI Linux DFED Networks Community

Server Basics

Back

Services and Daemons

Process	Description
Services	Must always be ready for use and have little direct user interaction (Web servers, LDAP, SMTP, DHCP, etc)
User Application	Started and stopped by user with heavy user interaction (Word, Adobe Suite, etc)
Daemons	System daemon - the process that controls processes that are not initiated by a user. If a process is a service (daemon), the name typically ends with a d. Web server - httpd FTP server - ftpd Mail Server - smtpd System Service - systemd
init	Init around since the beginning of UNIX, starts processes sequentially - can contribute to slow boot times
systemd	Loads processes in parallel - results in faster load time (than init).
PID	Process ID - Gives you some idea of when the process was loaded. Every process is assigned an id number when its started (every time one is assigned it’s incremented)
Service Order	1. Linux OS Kernel Process 2. Instructions & Data 3. Systemd (or init) Process 4. Instructions & Data
ps	See the processes you are running
ps -aux	Shows all of the running processes. Problem is that this shows too much information, remedy is to use ps tree:
pstree	Allows you to see how the services were started and which service started it.
yum install psmisc	Use to install ps tree. Note it is part of misc package.

systemctl

Viewing services with systemctl.

Command	Description
systemctl	See list of services being managed by systemd. Shows both active services and everything systemd could possibly control, including services disabled or shutdown.
systemctl list-units --type=service | grep running | more	See list of system d units that are of type=service (so just services) excludes disk and other devices . Pipe through grep to see currently running services.
yum install openssh-server	Install sshd daemon
systemctl start serviceName	To start a service
systemctl start serviceName.service	To specify the name of the configuration file. But not required. Leave the .service off and systemctl will still find the correct file
systemctl stop serviceName	Stops the service
systemctl status serviceName	Service status (If it is active/running, PID, Last few lines of services log file)
yum remove serviceName	Uninstall service. Example: yum remove openssh-server
systemctl restart serviceName	Restarting service. Most of the time when you make changes to a daemon configuration file, you need to restart it to read the changes
systemctl reload serviceName	Alternative to restarting the service. Tells the service to reread its configuration commands.
systemctl enable serviceName	Enables the Service - Configures a service to start automatically when the system starts. Starting a service doesn't configure it to start at boot, it will only run until the system shuts down
systemctl enable serviceName --now	Enable doesn’t start the service - you can start it by using --now
systemctl disable serviceName	Disables service.

systemctl

How systemd uses .service files to manage services. The system uses this information to determine which services to start and at what time.

Service	Description
Unit File	Special configuration file that each service must have
Unit	Each thing systemd controls is called a unit. Content of the unit file will vary depending on type.
ls /lib/systemd/system | more	Shows a list of unit files
Unit Service File	Divided into 3 main sections: Unit Section Service Section Install Section Each section will have specific parameters used to configure the service read by systemd.
systemctl show ServiceName	To see all of the parameters used by a service
systemctl start sshd	Running the start command initiates the search process. Looks in the following directories for the unit file, starting with the /etc/ directory and so on. It stops searching once the file is found. /etc/systemd/system /run/systemd/system usr/lib/sysemd/system
Enabled Services - start automatically at boot	systemd keeps track of the services you want to start automatically by creating a symbolic link (a shortcut) to each services .services unit file in the following directory: /etc/systemd/system/multi-user.target.wants systemd knows which directory to put the symbolic link in by looking at what is specified in the WantedBy parameter in the Install section of the .services unit file.
Symbolic Links	These are like shortcuts in windows. Syntax for symbolic link in Linux: linkName -> actualFileName

Firewalls

Command	Description
yum install firewalld systemctl enable firewalld	Install firewall package
systemctl status firewalld firewall-cmd --state	Checking current status and settings Checking whether firewalld is running
firewall-cmd --get-zones	Displaying all available zones
firewall-cmd --get-default-zone	Displaying the default zone (probably public). Default zone versus Active zone. The default zone will be active when system boots. The Active zone is the currently active zone for interface. This will be the default zone unless you explicitly change it.
firewall-cmd --get-active-zone	Displaying active zone (probably public)
--get-active-zone or --get-default-zones	Two special zones (default, and active). Default - when we start the firewall daemon what zone is it setto use. Active - if you travel and want to change this

By default, firewalld comes with the following zones:

• public: This is default zone, and it should be used for public environments where you do not trust other computers on the network. Only predefined connections (i.e. ports / services) are accepted.
• work: For work environments. Usually, other computers are trusted on the same network. Only predefined connections are accepted.
• home: For home use. The same applies as in the ‘work’ zone. Depending on your situation, the connections at work may be more secure than on your home network.
• internal: For use with private networks. Computers on this network are usually trusted. Only predefined connections are accepted.
• trusted: All connections are accepted.
drop: All incoming connections are rejected however outgoing connections are possible.
• block: Like drop except incoming connections are denied with a message. This message varies by the type of incoming connection. For IPv4, the message is icmp-host-prohibited and for IPv6 icmp6-adm-prohibited. Outgoing connections are possible.
• external: This is used when your firewall is external to your DMZ or internal network, and works as a gateway with NAT masquerading. In this case you don’t trust other computers on the external network and only preconfigured connections are accepted.
• dmz: The computer is in the demilitarized zone. It should be isolated from the internal network so only specific connections should be accepted.

Firewalls

Firewall Adding and Removing Services, Permanent vs. Runtime Configuration Changes

Command	Description
firewall-cmd	Check status, change rules, etc
firewall-cmd --state	Check if firewall is running
firewall-cmd --get-zones	Out of the box, here are the different zones that have files associated with them.
firewall-cmd --get-services	Data files associate a protocol name with a port number, shows out of box services we can allow
firewall-cmd --list-services	In my current setting, what is being allowed through
firewall-cmd --list-all	List all
firewall-cmd --list-all-zones	Show everything that is configured for every zone
firewall-cmd --remove-service=http	Remove http from services / changed runtime configuration
firewall-cmd --reload	Reread config file
firewall-cmd --remove-service=http --permanent	Remove Service. Take this thing out of your configuration file. Doesn’t change runtime configuration, have to do this separately:
firewall-cmd --remove-service=http	Remove http from services / changed runtime configuration
firewall-cmd --add-service=http --permanent	Add Service - Changes configuration file
firewall-cmd --add-service=http	Add Service - Changes runtime
To add or remove a service and change runtime	Run the firewall command with –permanent. Then run reload.