Systemd debian

From Teknologisk videncenter
Jump to: navigation, search
  • Scriptfiles in /lib/systemd/system - See exampels of servicefiles there - add your own new system service:
...:~$ sudo systemd-analyze verify YOUR_SERVICEFILE
...:~$ sudo systemctl daemon-reload
...:~$ sudo systemctl enable YOUR_SERVICEFILE
...:~$ sudo systemctl YOUR_SERICEFILE

Often used

# systemctl start [name.service]
# systemctl stop [name.service]
# systemctl restart [name.service]
# systemctl reload [name.service]
$ systemctl status [name.service]
# systemctl is-active [name.service]
$ systemctl list-units --type service --all
$ systemctl show [name.service]

Dependencies

systemctl list-dependencies

Security

# systemd-analyze security
UNIT                                     EXPOSURE PREDICATE HAPPY
ModemManager.service                          6.2 MEDIUM    😐
accounts-daemon.service                       9.6 UNSAFE    😨
apache2.service                               9.2 UNSAFE    😨
apport.service                                9.6 UNSAFE    😨
atd.service                                   9.6 UNSAFE    😨
cron.service                                  9.6 UNSAFE    😨
dbus.service                                  9.6 UNSAFE    😨
dm-event.service                              9.5 UNSAFE    😨
.....

# systemd-analyze security apache2
  NAME                                                        DESCRIPTION                                                             EXPOSURE
✗ PrivateNetwork=                                             Service has access to the host's network                                     0.5
✗ User=/DynamicUser=                                          Service runs as root user                                                    0.4
✗ CapabilityBoundingSet=~CAP_SET(UID|GID|PCAP)                Service may change UID/GID identities/capabilities                           0.3
✗ CapabilityBoundingSet=~CAP_SYS_ADMIN                        Service has administrator privileges                                         0.3
✗ CapabilityBoundingSet=~CAP_SYS_PTRACE                       Service has ptrace() debugging abilities                                     0.3
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                        0.3
✗ RestrictNamespaces=~CLONE_NEWUSER                           Service may create user namespaces                                           0.3
✗ RestrictAddressFamilies=~…                                  Service may allocate exotic sockets                                          0.3
✗ CapabilityBoundingSet=~CAP_(CHOWN|FSETID|SETFCAP)           Service may change file ownership/access mode/capabilities unrestricted      0.2
✗ CapabilityBoundingSet=~CAP_(DAC_*|FOWNER|IPC_OWNER)         Service may override UNIX file/IPC permission checks                         0.2

Writing your own systemd services

Links

Links

Retrieved from "http://mars.merhot.dk/w/index.php?title=Systemd_debian&oldid=41653"