Managing your services and processes in Linux
As an administrator it is essential that you correctly manage your services and processes which are running on your server, not only to maintain server integrity so that software doesn’t crash, but also to properly manage security.
Ask yourself, if a hacker was able to gain access to your server and run a remote shell in the background, would you be able to indentify it or would you even realize that it has happened to you? Systems administrators should always be aware of what is happening on their servers, it is a part of the job requirement.
What’s the difference between a service and process?
Let’s start out by discussing first what the difference between a service and a process is. In Linux a service is just another name for a daemon, which is a client / server application that runs in the background. A service is continuously listening for incoming requests and sends a response based on the request given. A process is simply an application or a script which can be running in the foreground or the background.
To start out you can check what services you currently have running by typing:
Service is a command which allows you start, stop or restart services running in the background. In this tutorial we will use the apache service httpd as an example.
To start the apache service type:
Service httpd start
Services can also be found in the /etc/init.d/ directory and can be controlled in the same manner.
Indentifying an unknown service
Apache is a web server which by default runs on port 80 using the service name httpd. Let’s say for the sake of an example we don’t know what httpd is so we want to find out what port it is running on and what data is being sent and received from this service. The first thing we can do to determine what port httpd is running on is to use the netstat command.
Enter the following command to indentify what ports each service is using.
You will notice a series columns containing information such as the protocol, local address, PID and state. Take note of the local address in the column containing httpd “0.0.0.0:80”, using this we can identify that httpd is running on port 80.
Next we want to indentify what is being sent and received from port 80 and we know that httpd is using the TCP protocol, so we can use a packet sniffer called tcpdump to view the raw information being sent from port 80.
Enter the following command in your terminal to sniff the data being sent and received from port 80:
tcpdump port 80 –w dump.txt
Next open up Firefox and browse to your default apache web page by typing in http://127.0.0.1 for the local address of the web server.
If you were able to display the default apache web page, go back to your tcpdump and hit ctrl + c to stop it from running. Now we can take a look at what is being sent and received from this process.
The first thing you will see when you open up dump.txt is the request to display HTML information from the client.
GET / / HTTP/1.1
User-Agent: Mozilla/5.0 Firefox/5.0
Accept-Encoding: gzip, deflate
Below that you will find the servers response.
HTTP/1.1 200 OK
Date: Wed, 29 Jun 2011 14:46:12 GMT
Server: Apache/2.2.13 (Fedora)
Then shortly after the response is the HTML for the web page to be displayed.
So we now know exactly what httpd is sending and receiving to be able to indentify if the service is harmless or malicious.
Linux has two commands which come to mind for managing processes, ps and top. These two commands can be used for displaying process information which can be used to stop unknown processes from running in the background. In this tutorial I will be covering top.
Top is almost like the Windows equivalent to the task manager, it displays a list of information on each process and frequently updates in order to continuously monitor information about each running process. To run the top application simply type in “top” from your terminal.
Top will bring up a list of information about each process including how much CPU and memory each process is using and also the PID or process identifier which we will be using to kill a process. Using top you can indentify a service or process which you don’t want to be running in the background such as our example given before of httpd. Identify what PID httpd or apache is using and use the following command to kill that process or service:
Kill 1234 (1234 in this case being the PID of the running process)
Be careful not to kill and processes which may be important or critical to the running of Linux, I am not responsible for any damage to your server if you decide to kill the wrong process.
Like us on Facebook
This week Top Posts
- Top Things To Do After Installing Ubuntu 13.10 'Saucy Salamander' : Ubuntu 13.10 Saucy Salamander will be released on coming October 17th with many new salient featur...0 comments |
- How To Show Username On Panel In Ubuntu 13.04/13.10 : By default usernames are not displayed on panel in Ubuntu 13.04 and 13.10, In this simple tutorial w...0 comments |
- cowsay And fortune Combined Together : Hi linux geeks! In this article I will teach you a nice trick you can perform in the terminal with ...0 comments |
- How To Upgrade From Ubuntu 13.04 Raring To Ubuntu 13.10 Saucy Salamander : Ubuntu 13.10 Saucy will be released on October 17th. Hope it will come with lot of improvements and ...0 comments |
- Install lamp with 1 command in Ubuntu 12.10, 13.04 Raring Ringtail & LinuxMint13 : Updated: 10/09/2012 :LAMP (Linux, Apache, MySQL and PHP) is an open source Web development platform ...0 comments |
- Install and Configure Samba share in Ubuntu 13.10 'Saucy Salamander' , 13.04| Howto : Updated 05-04-2013: One of the most asked features for Samba is a graphical user interface to help w...0 comments |
- cowsay And fortune Combined Together
- How To Show Username On Panel In Ubuntu 13.04/13.10
- Setup DNS Server On openSUSE 13.1
- TeamViewer 9 Final Has Been Released!
- Twelve Vulnerabilities Have Been Fixed In Ubuntu 12.04, Time To Update
- OpenLDAP Installation and Configuration in Ubuntu 12.10/13.04/13.10 And Debian 6/7
- Configure Your Browser To Use Tor On Ubuntu/Debian/Linux Mint
- Setup A Full Featured ITIL Management System Using Integria IMS On CentOS 6
- Install LibreOffice 4.1.3 in Elementary OS ‘Luna’
- How To Install Simple Scan in Crunchbang ‘Waldorf’
This work by unixmen.com is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Copyright © 2008-2013 Unixmen.com .