centos

☆ 서비스 방법의 종류

 

※ standalone 방식 : 데몬이 항상 구동되어 있으면서 서비스 하는 방식

※ xinetd : 데몬이 항상 구동되어 있지 않고  xinetd 데몬이 서비스 요청이 있을 때만 서비스 하는 방식

 

(standalone 방식) 서비스 요청이 많을때 좋다.(EX: WEB, MAIL)

----- Client -----                ----- Server -----

 

http://DAUM     --------------->     httpd(80)

(현재) # service named restart (# /etc/init.d/named restart)

(부팅) # chkconfig named on (# ntsysv, /etc/rc#.d/S##named)

 

(xinetd 방식) 서비스 요청이 적을때 좋다.(EX: telnet, ftp)

# telnet Server -----------> xinetd -------> telnetd(23)

/etc/xinetd.conf

/etc/xinetd.d/*

/etc/services

 

(현재) #

(부팅) # cd /etc/xinetd.d (# chkconfig krb5-telnet on)

# vi krb5-telnet

# service xinetd restart

 

 

☆ xinetd 방식 서비스

 

(전제조건) telnet 서비스 open 방법

■ telnet 서비스 open

# chkconfig krb5-telnet on (# vi /etc/xinetd.d/krb5-telnet)

# service xinetd restart

■ root 사용자로 접속 허용

# vi /etc/securetty

....

pts/1

pts/2

....

pts/11

# telnet localhost

root 사용자로 로그인

# exit

 

[EX1] xinetd 방식의 실습

 

# telnet Server ---------------> xinetd -------> telnetd(23) /etc/xinetd.conf /etc/xinetd.d/* /etc/services

 

[TERM1] 첫번째 터미널

# pgrep -lf telnet (# ps -ef | grep telnet, # ps aux | grep telnet)

#

-> telnet 데몬이 떠 있지 않다.

 

# telnet localhost

root 사용자로 로그인

 

[TERM2] 두번째 터미널

# pgrep –lf telnet

8421 telnet localhost 8422 telnetd

 

[TERM3] 세번째 터미널

# telnet localhost

root 사용자로 로그인

 

[TERM2] 두번째 터미널

# pgrep -lf telnet

8421 telnet localhost 8422 telnetd 8467 telnet localhost 8468 telnetd

 

 

[EX2] xinetd 데몬에 대해서

 

■ xinetd = inetd + Access Control(tcp_wrapper)

 

# telnet Server --------> xinetd --------> telnetd(23) /etc/xinetd.conf /etc/xinetd.d/* /etc/services

 

# pgrep –lf xinetd

4579 xinetd -stayalive -pidfile /var/run/xinetd.pid

-> xinetd 데몬은 standalone 방식의 서비스이다.

-> 따라서, 항상 데몬이 떠 있어야 한다.

 

# vi /etc/xinetd.conf

# # This is the master xinetd configuration file. Settings in the # default section will be inherited by all service configurations # unless explicitly overridden in the service configuration. See # xinetd.conf in the man pages for a more detailed explanation of # these attributes.   defaults { # The next two items are intended to be a quick access place to # temporarily enable or disable services. # # enabled = # disabled =   # Define general logging characteristics. log_type = SYSLOG daemon info log_on_failure = HOST log_on_success = PID HOST DURATION EXIT   # Define access restriction defaults # # no_access = # only_from = # max_load = 0 cps = 50 10 instances = 50 per_source = 10   # Address and networking defaults # # bind = # mdns = yes v6only = no   # setup environmental attributes # # passenv = groups = yes umask = 002   # Generally, banners are not used. This sets up their global defaults # # banner = # banner_fail = # banner_success = }   includedir /etc/xinetd.d

-> /etc/xinetd.conf 파일은 /etc/xinetd.d 디렉토리를 포함하고 있다.

# cd /etc/xinetd.d

# ls

chargen-dgram discard-stream gssftp ntalk time-stream chargen-stream echo-dgram klogin rsync daytime-dgram echo-stream krb5-telnet talk daytime-stream eklogin kshell tcpmux-server discard-dgram ekrb5-telnet ktalk time-dgram

 

# cat krb5-telnet

# default: off # description: The kerberized telnet server accepts normal telnet sessions, \ # but can also use Kerberos 5 authentication. service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/kerberos/sbin/telnetd log_on_failure += USERID disable = no }

 

# cd /etc/xinetd.d

# vi krb5-telnet

/disable

no -> yes

 

# service xinetd restart

# telnet localhost

Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused telnet: Unable to connect to remote host: Connection refused

 

# vi krb5-telnet

/disable

yes -> no

 

# service xinetd restart

# telnet localhost

Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'.   linux249.com (Linux release 2.6.18-238.19.1.el5 #1 SMP Fri Jul 15 07:32:29 EDT 2011) (2)   login: root Password: (root 사용자의 암호 입력) Last login: Fri Jul 29 10:43:39 from localhost.localdomain

 

# exit

#

 

[EX3] xinetd/standalone 서비스 방식의 목록 확인

 

(부팅시에 서비스 ON/OFF 시키는 툴들)

(TUI) # ntsysv (# setup)

(GUI) # system-config-services (# serviceconf)

(TUI) # chkconfig --list (# chkconfig krb5-telnet on)

 

■ xinetd 방식 서비스

# chkconfig --list

NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off avahi-dnsconfd 0:off 1:off 2:off 3:off 4:off 5:off 6:off bluetooth 0:off 1:off 2:on 3:on 4:on 5:on 6:off capi 0:off 1:off 2:off 3:off 4:off 5:off 6:off conman 0:off 1:off 2:off 3:off 4:off 5:off 6:off cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off dc_client 0:off 1:off 2:off 3:off 4:off 5:off 6:off dc_server 0:off 1:off 2:off 3:off 4:off 5:off 6:off dnsmasq 0:off 1:off 2:off 3:off 4:off 5:off 6:off dovecot 0:off 1:off 2:on 3:on 4:on 5:on 6:off dund 0:off 1:off 2:off 3:off 4:off 5:off 6:off firstboot 0:off 1:off 2:off 3:on 4:off 5:on 6:off gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off hidd 0:off 1:off 2:on 3:on 4:on 5:on 6:off hplip 0:off 1:off 2:on 3:on 4:on 5:on 6:off httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off ibmasm 0:off 1:off 2:off 3:off 4:off 5:off 6:off innd 0:off 1:off 2:off 3:off 4:off 5:off 6:off ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off irda 0:off 1:off 2:off 3:off 4:off 5:off 6:off irqbalance 0:off 1:off 2:on 3:on 4:on 5:on 6:off iscsi 0:off 1:off 2:off 3:on 4:on 5:on 6:off iscsid 0:off 1:off 2:off 3:on 4:on 5:on 6:off isdn 0:off 1:off 2:on 3:on 4:on 5:on 6:off kdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off kudzu 0:off 1:off 2:on 3:on 4:on 5:on 6:off lisa 0:off 1:off 2:off 3:off 4:off 5:off 6:off lm_sensors 0:off 1:off 2:on 3:on 4:on 5:on 6:off lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off mcstrans 0:off 1:off 2:on 3:on 4:on 5:on 6:off mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off mdmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off multipathd 0:off 1:off 2:off 3:off 4:off 5:off 6:off named 0:off 1:off 2:off 3:off 4:off 5:off 6:off netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off nscd 0:off 1:off 2:off 3:off 4:off 5:off 6:off ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off oddjobd 0:off 1:off 2:off 3:off 4:off 5:off 6:off pand 0:off 1:off 2:off 3:off 4:off 5:off 6:off pcscd 0:off 1:off 2:on 3:on 4:on 5:on 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off readahead_early 0:off 1:off 2:on 3:on 4:on 5:on 6:off readahead_later 0:off 1:off 2:off 3:off 4:off 5:on 6:off restorecond 0:off 1:off 2:on 3:on 4:on 5:on 6:off rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcsvcgssd 0:off 1:off 2:off 3:off 4:off 5:off 6:off rwhod 0:off 1:off 2:off 3:off 4:off 5:off 6:off saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off smb 0:off 1:off 2:off 3:off 4:off 5:off 6:off spamassassin 0:off 1:off 2:off 3:off 4:off 5:off 6:off squid 0:off 1:off 2:off 3:off 4:off 5:off 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off tcsd 0:off 1:off 2:off 3:off 4:off 5:off 6:off tux 0:off 1:off 2:off 3:off 4:off 5:off 6:off vmware-tools 0:off 1:off 2:on 3:on 4:off 5:on 6:off vncserver 0:off 1:off 2:off 3:off 4:off 5:off 6:off vsftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off wdaemon 0:off 1:off 2:off 3:off 4:off 5:off 6:off winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off wpa_supplicant 0:off 1:off 2:off 3:off 4:off 5:off 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off yum-updatesd 0:off 1:off 2:on 3:on 4:on 5:on 6:off   xinetd based services: chargen-dgram: off chargen-stream: off daytime-dgram: off daytime-stream: off discard-dgram: off discard-stream: off echo-dgram: off echo-stream: off eklogin: off ekrb5-telnet: off gssftp: off klogin: off krb5-telnet: on kshell: off ktalk: off ntalk: on rsync: on talk: off tcpmux-server: off time-dgram: off time-stream: off

 

# chkconfig krb5-telnet on

# chkconfig --list krb5-telnet

krb5-telnet on

 

# cat /etc/xinetd.d/krb5-telnet | grep disable

disable = no

 

# chkconfig krb5-telnet on

-> # vi /etc/xinetd.d/krb5-telnet

disable = no

# service xinetd restart

 

# service xinetd restart

Stopping xinetd: [ OK ] Starting xinetd: [ OK ]

 

# chkconfig krb5-telnet off

# chkconfig —list krb5-telnet

krb5-telnet off

 

# cat /etc/xinetd.d/krb5-telnet | grep disable

disable = yes

 

# service xinetd restart

Stopping xinetd: [ OK ] Starting xinetd: [ OK ]

 

(정리) xinetd 방식의 서비스 ON/OFF(EX: krb5-telnet)

(GUI) # system-config-services (# serviceconf)

(TUI) # ntsysv (# setup)

# chkconfig <service> on|off

 

# vi /etc/xinetd.d/krb5-telnet = # chkconfig krb5-telnet on/off

disable = no

# service xinetd restart # service xinetd restart

 

 

■ standalone 방식 서비스

# cd /etc/rc5.d

# ls *sshd*

S55sshd@

 

# chkconfig sshd off (# chkconfig —level 235 sshd off)

# chkconfig --list sshd

sshd 0:off 1:off 2:off 3:off 4:off 5:off 6:off

 

# ls *sshd*

K25sshd@

 

# service sshd stop

 

# chkconfig sshd on

# chkconfig —list sshd

sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

 

# ls *sshd*

S55sshd@

 

# service sshd start

 

 

(정리) xinetd/standalone 서비스 제어

■ xinetd 서비스

# chkconfig krb5-telnet on ----> # vi /etc/xinetd.d/krb5-telnet(disable=no)

# service xinetd restart

 

■ standalone 서비스

# chkconfig sshd on ----> # mv /etc/rc5.d/K25sshd /etc/rc5.d/S55sshd

# service sshd restart ----> # /etc/init.d/sshd restart

 

 

 

☆ standalone 방식 서비스

[EX1] WEB 서비스 실습

# pgrep –lf httpd

#

-> httpd 데몬이 떠 있지 않다.

 

# service httpd restart

Stopping httpd: [FAILED] Starting httpd: [ OK ]

 

# pgrep –lf httpd

9288 /usr/sbin/httpd 9290 /usr/sbin/httpd 9291 /usr/sbin/httpd 9292 /usr/sbin/httpd 9293 /usr/sbin/httpd 9294 /usr/sbin/httpd 9295 /usr/sbin/httpd 9296 /usr/sbin/httpd 9297 /usr/sbin/httpd

 

# firefox & (# firefox http://172.16.9.XXX)

-> http://172.16.9.XXX

 

# service httpd stop

Stopping httpd: [ OK ]

-> firefox에서 서비스가 되지 않는다.

 

# pgrep –lf httpd

#

 

 

(정리) 서비스 제어

(ㄱ) 서비스 제어 툴

(TUI) # ntsysv (# setup)

(GUI) # system-config-services (# serviceconf)

(TUI) # chkconfig httpd on

 

(ㄴ) 서비스 제어

(standalone 방식)

(부팅) # chkconfig httpd on -----> /etc/rc5.d/S85httpd

(현재) # service httpd restart

(xinetd 방식)

# chkconfig krb5-telnet on -----> /etc/xinetd.d/krb5-telnet (disable yes -> no)