Services Configuration Tool

The Services Configuration Tool is a graphical application developed by Red Hat, Inc to configure which SysV services in the /etc/rc.d/init.d directory are started at boot time (for runlevels 3, 4, and 5) and which xinetd services are enabled. It also allows you to start, stop, and restart SysV services as well as restart xinetd.

To start the Services Configuration Tool from the desktop, go to the Main Menu Button (on the Panel) => System Settings => Server Settings => Services or type the command system -config-services at a shell prompt (for example, in an XTerm or a GNOME terminal).

Figure 19.1. Services Configuration Tool

The Services Configuration Tool displays the current runlevel as well as the runlevel you are currently editing. To edit a different runlevel, select Edit Runlevel from the pulldown menu and select runlevel 3, 4, or 5. Refer to Section 19.1, “Runlevels” for a description of runlevels.

The Services Configuration Tool lists the services from the /etc/rc.d/init.d directory as well as the services controlled by xinetd. Click on the name of the service from the list on the left-hand side of the application to display a brief description of that service as well as the status of the service. If the service is not an xinetd service, the status window shows whether the service is currently running. If the service is controlled by xinetd, the status window displays the phrase xinetd service.

To start, stop, or restart a service immediately, select the service from the list and click the appropriate button on the toolbar (or choose the action from the Actions pulldown menu). If the service is an xinetd service, the action buttons are disabled because they can not be started or stopped

If you enable/disable an xinetd service by checking or unchecking the checkbox next to the service name, you must select File => Save Changes from the pulldown menu to restart xinetd and immediately enable/disable the xinetd service that you changed. xinetd is also configured to

remember the setting. You can enable/disable multiple xinetd services at a time and save the changes when you are finished.

For example, assume you check rsync to enable it in runlevel 3 and then save the changes. The rsync service is immediately enabled. The next time xinetd is started, rsync is still enabled.

Warning

When you save changes to xinetd services, xinetd is restarted, and the changes take place immediately. When you save changes to other services, the runlevel is reconfigured, but the changes do not take effect immediately.

To enable a non-xinetd service to start at boot time for the currently selected runlevel, check the checkbox beside the name of the service in the list. After configuring the runlevel, apply the changes by selecting File => Save Changes from the pulldown menu. The runlevel configuration is changed, but the runlevel is not restarted; thus, the changes do not take place immediately.

For example, assume you are configuring runlevel 3. If you change the value for the httpd service from checked to unchecked and then select Save Changes, the runlevel 3 configuration changes so that httpd is not started at boot time. However, runlevel 3 is not reinitialized, so httpd is still running. Select one of following options at this point:

1. Stop the httpd service — Stop the service by selecting it from the list and clicking the Stop button. A message appears stating that the service was stopped successfully.

2. Reinitialize the runlevel — Reinitialize the runlevel by going to a shell prompt and typing the command telinit 3 (where 3 is the runlevel number). This option is recommended if you change the Start at Boot value of multiple services and want to activate the changes immediately.

3. Do nothing else — You do not have to stop the httpd service. You can wait until the system is rebooted for the service to stop. The next time the system is booted, the runlevel is initialized without the httpd service running.

To add a service to a runlevel, select the runlevel from the Edit Runlevel pulldown menu, and then select Actions => Add Service. To delete a service from a runlevel, select the runlevel from the Edit Runlevel pulldown menu, select the service to be deleted from the list on the left, and select Actions

=> Delete Service.

19.4. ntsysv

The ntsysv utility provides a simple interface for activating or deactivating services. You can use ntsysv to turn an xinetd-managed service on or off. You can also use ntsysv to configure runlevels.

By default, only the current runlevel is configured. To configure a different runlevel, specify one or more runlevels with the --level option. For example, the command ntsysv --level 34 5 configures runlevels 3, 4, and 5.

The ntsysv interface works like the text mode installation program. Use the up and down arrows to navigate up and down the list. The space bar selects/unselects services and is also used to "press" the Ok and Cancel buttons. To move between the list of services and the Ok and Cancel buttons, use the

T ab key. A * signifies that a service is set to on. Pressing the F1 key displays a short description of the selected service.

Warning

Services managed by xinetd are immediately affected by ntsysv. For all other services, changes do not take effect immediately. You must stop or start the individual service with the command service daemon stop. In the previous example, replace daemon with the name of the service you want to stop; for example, httpd. Replace stop with start or restart to start or restart the service.

19.5. chkconfig

The chkconfig command can also be used to activate and deactivate services. The chkconfig --list command displays a list of system services and whether they are started (on) or stopped (off) in runlevels 0-6. At the end of the list is a section for the services managed by xinetd.

If the chkconfig --list command is used to query a service managed by xinetd, it displays

whether the xinetd service is enabled (on) or disabled (off). For example, the command chkconfig --list finger returns the following output:

finger on

As shown, finger is enabled as an xinetd service. If xinetd is running, finger is enabled.

If you use chkconfig --list to query a service in /etc/rc.d, service's settings for each runlevel are displayed. For example, the command chkconfig --list httpd returns the following output:

httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

chkconfig can also be used to configure a service to be started (or not) in a specific runlevel. For example, to turn nscd off in runlevels 3, 4, and 5, use the following command:

chkconfig --level 345 nscd off

Warning

Services managed by xinetd are immediately affected by chkconfig. For example, if xinetd is running, finger is disabled, and the command chkconfig finger on is executed, finger is immediately enabled without having to restart xinetd manually. Changes for other services do not take effect immediately after using chkconfig. You must stop or start the individual service with the command service daemon stop. In the previous example, replace daemon with the name of the service you want to stop; for example, httpd. Replace stop with start or restart to start or restart the service.

19.6. Additional Resources

19.6.1. Installed Documentation

The man pages for ntsysv, chkconfig, xinetd, and xinetd.conf.

m an 5 hosts_access — The man page for the format of host access control files (in section 5 of the man pages).

19.6.2. Useful Websites

http://www.xinetd.org — The xinetd webpage. It contains a more detailed list of features and sample configuration files.

19.6.3. Related Books

Reference Guide , Red Hat, Inc — This companion manual contains detailed information about how TCP wrappers and xinetd allow or deny access as well as how to configure network access using them. It also provides instructions for creating iptables firewall rules.

Security Guide Red Hat, Inc — This manual discusses securing services with TCP wrappers and xinetd such as logging denied connection attempts.

Chapter 20. OpenSSH

OpenSSH is a free, open source implementation of the SSH (S ecure SH ell) protocols. It replaces telnet, ftp, rlogin, rsh, and rcp with secure, encrypted network connectivity tools. OpenSSH supports versions 1.3, 1.5, and 2 of the SSH protocol. Since OpenSSH version 2.9, the default protocol is version 2, which uses RSA keys as the default.