Documentation for a newer release is available. View Latest

서비스와 데몬

indexterm:[services configuration] Maintaining security on your system is extremely important, and one approach for this task is to manage access to system services carefully. Your system may need to provide open access to particular services (for example, `httpd` if you are running a web server). However, if you do not need to provide a service, you should turn it off to minimize your exposure to possible bug exploits.

This chapter covers the configuration of the services to be run when a system is started, and provides information on how to start, stop, and restart the services on the command line using the systemctl utility.

시스템 보안을 유지합니다

When you allow access for new services, always remember that both the firewall and SELinux need to be configured as well. One of the most common mistakes committed when configuring a new service is neglecting to implement the necessary firewall configuration and SELinux policies to allow access for it. For more information, refer to the Fedora Rawhide Security Guide.

서비스 구성하기

To allow you to configure which services are started at boot time, Fedora is shipped with the systemctl command line tool.

ntsysv와 chkconfig 유틸리티를 사용하지 마세요

Although it is still possible to use the ntsysv and chkconfig utilities to manage services that have init scripts installed in the /etc/rc.d/init.d/ directory, it is advised that you use the systemctl utility.
irqbalance 서비스 활성화하기

To ensure optimal performance on POWER architecture, it is recommended that the irqbalance service is enabled. In most cases, this service is installed and configured to run during the Fedora Rawhide installation. To verify that irqbalance is running, type the following at a shell prompt:

systemctl status irqbalance.service

서비스 시작하기

To configure a service to be automatically started at boot time, use the systemctl command in the following form:

systemctl enable service_name.service

The service will be started the next time you boot the system. For information on how to start the service immediately, refer to Running the Service.

Example 1. httpd 서비스 활성화하기

Imagine you want to run the Apache HTTP Server on your system. Provided that you have the httpd package installed, you can enable the httpd service by typing the following at a shell prompt as root:

~]# systemctl enable httpd.service

서비스 비활성화하기

부트 시에 서비스 시작하기를 비활성화 하려면, 다음 형식에서 systemctl 명령을 사용하세요:

systemctl disable service_name.service

The next time you boot the system, the service will not be started. For information on how to stop the service immediately, refer to Stopping the Service.

Example 2. 텔넷 서비스 비활성화하기

In order to secure the system, users are advised to disable insecure connection protocols such as Telnet. You can make sure that the telnet service is disabled by running the following command as root:

~]# systemctl disable telnet.service

서비스 동작 중

The systemctl utility also allows you to determine the status of a particular service, as well as to start, stop, or restart a service.

서비스 유틸리티를 사용하지 마세요

Although it is still possible to use the service utility to manage services that have init scripts installed in the /etc/rc.d/init.d/ directory, it is advised that you use the systemctl utility.

서비스 상태 점검하기

To determine the status of a particular service, use the systemctl command in the following form:

systemctl status service_name.service

This command provides detailed information on the service’s status. However, if you merely need to verify that a service is running, you can use the systemctl command in the following form instead:

systemctl is-active service_name.service
Example 3. httpd 서비스 상태를 점검하기

Enabling the httpd service illustrated how to enable starting the httpd service at boot time. Imagine that the system has been restarted and you need to verify that the service is really running. You can do so by typing the following at a shell prompt:

~]$ systemctl is-active httpd.service
활성화

당신은 또한 동작 중인 다음 명령에 의해 서비스에 대한 상세한 정보를 표시 할 수 있습니다:

~]$ systemctl status httpd.service
httpd.service - LSB: start and stop Apache HTTP Server
          Loaded: loaded (/etc/rc.d/init.d/httpd)
          Active: active (running) since Mon, 23 May 2011 21:38:57 +0200; 27s ago
         Process: 2997 ExecStart=/etc/rc.d/init.d/httpd start (code=exited, status=0/SUCCESS)
        Main PID: 3002 (httpd)
          CGroup: name=systemd:/system/httpd.service
                  ├ 3002 /usr/sbin/httpd
                  ├ 3004 /usr/sbin/httpd
                  ├ 3005 /usr/sbin/httpd
                  ├ 3006 /usr/sbin/httpd
                  ├ 3007 /usr/sbin/httpd
                  ├ 3008 /usr/sbin/httpd
                  ├ 3009 /usr/sbin/httpd
                  ├ 3010 /usr/sbin/httpd
                  └ 3011 /usr/sbin/httpd

모든 동적 시스템 서비스의 목록을 표시하려면, 다음 명령을 사용하세요:

systemctl list-units --type=service

This command provides a tabular output with each line consisting of the following columns:

  • UNITsystemd 단위 이름. 이와 같은 경우에, 서비스 이름.

  • LOAD — Information whether the systemd unit was properly loaded.

  • ACTIVE — 고-수준 단위 활성화 상태.

  • SUB — 저-수준 단위 활성화 상태.

  • JOB — 단위를 위한 중지된 작업.

  • DESCRIPTION — 단위의 간략한 설명.

Example 4. 모든 활성화 서비스 나열하기

당신은 사용하는 다음 명령에 의해 활성화 서비스를 나열 할 수 있습니다:

~]$ systemctl list-units --type=service
UNIT                      LOAD   ACTIVE SUB     JOB DESCRIPTION
abrt-ccpp.service         loaded active exited      LSB: Installs coredump handler which saves segfault data
abrt-oops.service         loaded active running     LSB: Watches system log for oops messages, creates ABRT dump directories for each oops
abrtd.service             loaded active running     ABRT Automated Bug Reporting Tool
accounts-daemon.service   loaded active running     Accounts Service
atd.service               loaded active running     Job spooling tools
[잘린 출력]

위의 예제에서, abrtd 서비스는 적재, 활성화, 그리고 동작 중이고 이는 모든 중지 작업을 가지지 않습니다.

서비스 실행 중

서비스를 실행하려면, 다음 형식에서 systemctl 명령을 사용하세요:

systemctl start service_name.service

이는 현재 세션에서 서비스를 시작합니다. 부트 시에 시작되도록 서비스를 구성하려면, 서비스 활성화하기를 참고하세요.

Example 5. httpd 서비스 동작 중

Enabling the httpd service illustrated how to run the httpd service at boot time. You can start the service immediately by typing the following at a shell prompt as root:

~]# systemctl start httpd.service

서비스 중지

서비스를 멈추려면, 다음 형식에서 systemctl 명령을 사용하세요:

systemctl stop service_name.service

이는 현재 세션에서 서비스를 중지합니다. 부트 시에 서비스 시작하기를 비활성화 하려면, 서비스 활성화하기를 참고하세요.

Example 6. 텔넷 서비스 중지하기

Disabling the telnet service illustrated how to disable starting the telnet service at boot time. You can stop the service immediately by running the following command as root:

~]# systemctl stop telnet.service

서비스 재시작하기

서비스를 재시작하려면, 다음 형식에서 systemctl 명령을 사용하세요:

systemctl restart service_name.service
Example 7. sshd 서비스 재시작하기

영향을 미치는 /etc/ssh/sshd_config 구성 파일에서 모든 변경을 위해, 이는 sshd 서비스를 재시작해야 합니다. 당신은 `root`으로 쉘 입력기에서 다음과 같은 입력에 의해 실행 할 수 있습니다:

~]# systemctl restart sshd.service

추가 자원

설치된 문서

  • systemctl(1) — systemctl 유틸리티를 위한 설명서 부분.

관련 서적

Fedora Rawhide Security Guide

A guide to securing Fedora. It contains valuable information on how to set up the firewall, as well as the configuration of SELinux.

Want to help? Learn how to contribute to Fedora Docs