Paul L. Snyder on Tue, 11 Mar 2003 22:17:16 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] "services" under Linux


[I wrote this earlier in the day, before most of the other responses, and
then my mail provider started eating my outgoing mail again.  Some of the
content has already been mentioned in this thread, but I'm resending it
anyway.]

On Tue, 11 Mar 2003, Wayne Dawson wrote:
> I get the following list of "services" in the gui "Services" 
> tool:  anacron, atd, autofs, crond, cyrus-imapd, gpm, ip6tables, ipchains, 
> iptables, keytable, kudzu, mdmonitor, microcode_ctl, netfs, network, 
> nfslock, protmap, privoxy, random, syslog, wine, xinetd>
> 
> At the command prompt, I typed "ps -ef | less".  Some "services" are 
> listed, and some are not.
> Those in the list that are listed (or have very similar names):  atd, 
> crond, imapd, gpm, portmap, privoxy, syslogd, xinetd
> Those that are *not* listed:  anacron, autofs, ip6tables, ipchains, 
> iptables, keytable, kudzu, mdmonitor, microcode_ctl, netfs, network, 
> nfslock, random, wine
> 
> Apparently a "service" is not precisely defined in terms of the software 
> architecture, but simply means some software that in one way or another 
> resides on the system for the purpose of providing a service (or services) 
> to other software that may need it (or them).

"Service" is a RedHat-ism, and refers, in their lingo, to anything set to
run from /etc/init.d, whether a daemon (e.g., gpm, the console mouse
server) or a one-time startup procedure (e.g., kudzu, the Red Hat
hardware detection and configuration program).  Don't confuse this with
/etc/services, which is completely different.

Redhat provides a shell script called, in fact, "service", that lives in
the /sbin directory.  It's more or less an alias with some minor logic
wrapped it.  Thus, e.g., you can issue a

     # service postfix stop

and have exactly the same effect as

     # /etc/init.d/postfix stop

If you view /sbin/service, you'll see that it sets a SERVICEDIR envvar to
/etc/init.d. 

> 
> > Running `setup` as root in RH
> >simply gives you the option to enable/disable the script to be run from
> >init.d.
> 
> Ok, that appears to be the same list as in the gui "Services".
> 
> I'm familiar with the /etc/rc.d/init.d directory, and somewhat familiar 
> with how those scripts work (running "/etc/rc.d/init.d/httpd restart", for 
> example).  Are "services" defined in terms of /etc/rc.d?
> 
> > However, the script will not run until you initialize it
> >yourself by giving a command like:
> >
> >/etc/init.d/foo start
> >
> >> ...where to look to find out for sure what these various services do?
> >
> >The man pages are a good place to start. Type `man daemonname` or
> >similar.
> 
> Many of them don't seem to have man pages.  For example when I type "man 
> keytable", there's "No manual entry for keytable".  I get similar results 
> for mdmonitor, netfs, network, nfslock.  However, I've found something on 
> them from Google.

Try checking to see which of these have rpm packages associated with them.
Let's try mdmonitor.  There's a script in init.d, /etc/init.d/mdmonitor.
We'll find out who owns it on my Red Hat 8 system:

     % rpm -qf /etc/init.d/mdmonitor
     mdadm-1.0.0-6

That doesn't tell me much.  What's mdadm?

     % rpm -qi mdadm
     <snip>
	 Description:
     mdadm is used to create, manage, and monitor Linux MD (software RAID)
     devices.  As such, it provides similar functionality to the raidtools
     package.  However, mdadm is a single program, and it can perform
     almost all functions without a configuration file, though a
     configuration file can be used to help with some common tasks.

Okay, sounds like if you're not using software RAID, it would be more than
safe to deactivate the mdmonitor "service", or even remove its RPMs.  To
get more information, I'll get a list of the files in this package:

     % rpm -ql mdadm

This reveals that there are man pages for md, mdadm.conf, and mdadm, as
well as a sample configuration file in the /usr/share/doc/mdadm-1.0.0
directory.

> >> And which ones I can turn off?
> >
> >Well, that's entirely up to you. :-D
> 
> What I mean by this is which ones I can turn off and still retain the 
> functionality that I need.  For example, when I start running apache, I 
> will clearly need httpd running.  I want to turn things off that I'm not 
> using, for security purposes.  But most of these services are things that I 
> have found running even though I don't know exactly what they do.

One thing to check is which of these are actually listening on a TCP or UDP
port.  Try:

     # lsof -i

These are the first daemons to remove, if you don't need them.  You
mentioned cyrus-imapd.  You only need this if you're actually running an
IMAP mail server - you don't need it if you just want to read mail locally
or from another server.  Figure out what they are and prune ruthlessly.

Hope this helps,
pls

Attachment: pgpI7BUGdxXNq.pgp
Description: PGP signature