标签:init.d 日志 enable lan rescue chkconfig http inpu 硬件
一、iptables规则备份和恢复[root@ma-1 ~]#service iptables save (保存规则) /etc/sysconfig/iptables (默认保存的位置) [root@ma-1 ~]# iptables -t nat -nvL (nat现有的规则) Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- * * 0.0.0.0/0192.168.133.130 tcp dpt:1122 to:192.168.100.100:22 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 6 packets, 456 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 6 packets, 456 bytes) pkts bytes target prot opt in out source destination 0 0 SNAT all -- * * 192.168.100.100 0.0.0.0/0to:192.168.133.130 [root@ma-1 ~]# iptables-save > /tmp/ipt.txt (用此命令可以将规则保存到想要的路径下) [root@ma-1 ~]# cat /tmp/ipt.txt # Generated by iptables-save v1.4.21 on Sun Jun 10 13:57:22 2018 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [6:456] :POSTROUTING ACCEPT [6:456] -A PREROUTING -d 192.168.133.130/32 -p tcp -m tcp --dport 1122 -j DNAT --to-destination 192.168.100.100:22 -A POSTROUTING -s 192.168.100.100/32 -j SNAT --to-source 192.168.133.130 COMMIT # Completed on Sun Jun 10 13:57:22 2018 # Generated by iptables-save v1.4.21 on Sun Jun 10 13:57:22 2018 *filter :INPUT ACCEPT [66:4912] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [48:5272] COMMIT # Completed on Sun Jun 10 13:57:22 2018 [root@ma-1 ~]# iptables -t nat -F (清空之前的规则) [root@ma-1 ~]# iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination [root@ma-1 ~]# iptables-restore < /tmp/ipt.txt (恢复之前保存的规则) [root@ma-1 ~]# iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- * * 0.0.0.0/0192.168.133.130 tcp dpt:1122 to:192.168.100.100:22 Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 SNAT all -- * * 192.168.100.100 0.0.0.0/0to:192.168.133.130
想要启动服务器是启动规则,就需要将规则存放在默认路径下
首先需要打开firewalled (前四步是转换启动firewalled) [root@ma-1 ~]# systemctl disable iptables Removed symlink /etc/systemd/system/basic.target.wants/iptables.service. [root@ma-1 ~]# systemctl stop iptables [root@ma-1 ~]# systemctl enable firewalld Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service. Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service. [root@ma-1 ~]# systemctl start firewalld [root@ma-1 ~]# firewall-cmd --get-zones (查看所有zone) block dmz drop external home internal public trusted work (firewalld默认有9个zone,而且默认zone为public) [root@ma-1 ~]# firewall-cmd --get-default-zone (查看默认zone) public 关于9个zone的解释 drop: (丢弃),任何接受的网络数据包都被丢弃,没有任何回复。仅能有发送出去的网络连接。 block: (限制)拒绝所有外部连接,允许内部发起的连接,任何接受的网络连接都被IPV4的icmp-host-prohibited信息和ipv6的icmp6-adm-prohibited信息所拒绝。 public: (公共)在公共区域内使用,不能相信网络内的其他计算机不会对你的计算造成危害,只能接受经过选取的连接。 external:(外部)特别是为路由器启用了伪装功能的外部网。你不能信任来自网络的其他计算,不嫩更相信他们不会对你的计算机造成危害,只能接受经过选择的连接。 dmz: (非军事区)用于你的非军事区内的电脑,此区域内可公开访问,可以有限地进入你的内部网络,仅仅接受经过选择的连接。 work: (工作)用于工作区。你可以基本相信网络内的其他电脑不会危害你的电脑。仅仅接受经过选择的连接。 home: (家庭)用于家庭网络。你可以基本相信网络内的其他计算机不会危害你的计算机。仅仅接受经过选择的连接。 internal:(内部)用于内部网络,你可以基本信任网络内的其他计算机不会威胁你的计算机,仅仅接受经过选择的连接。 trusted: (信任)可接受所有的网络连接
[root@ma-1 ~]# firewall-cmd --get-default-zone (查看默认的zone) public [root@ma-1 ~]# firewall-cmd --set-default-zone=work (设定默认zone) success) [root@ma-1 ~]# firewall-cmd --get-default-zone (已更改默认的zone) work [root@ma-1 ~]# firewall-cmd --get-zone-of-interface=ens33 (查看指定网卡的zone) work [root@ma-1 ~]# firewall-cmd --get-zone-of-interface=ens37 (查询到没有指定的zone,就要进行设置) no zone [root@ma-1 ~]# firewall-cmd --get-zone-of-interface=lo no zone [root@ma-1 ~]# cd /etc/sysconfig/network-scripts/ [root@ma-1 network-scripts]# ls ifcfg-ens33ifdown ifdown-ippp ifdown-postifdown-sit ifdown-tunnel ifup-bnep ifup-ipv6 ifup-plusb ifup-routes ifup-TeamPort init.ipv6-global ifcfg-ens33:1 ifdown-bnep ifdown-ipv6 ifdown-ppp ifdown-Team ifup ifup-eth ifup-isdn ifup-post ifup-sit ifup-tunnelnetwork-functions ifcfg-lo ifdown-eth ifdown-isdn ifdown-routes ifdown-TeamPort ifup-aliases ifup-ippp ifup-plip ifup-pppifup-Teamifup-wireless network-functions-ipv6 [root@ma-1 network-scripts]# cp ifcfg-ens33 ifcfg-ens37 [root@ma-1 network-scripts]# ls ifcfg-ens33ifdown ifdown-ipv6 ifdown-routesifdown-tunnel ifup-eth ifup-plip ifup-routesifup-tunnelnetwork-functions-ipv6 ifcfg-ens33:1 ifdown-bnep ifdown-isdn ifdown-sit ifup ifup-ippp ifup-plusb ifup-sit ifup-wireless ifcfg-ens37ifdown-eth ifdown-post ifdown-Team ifup-aliases ifup-ipv6 ifup-post ifup-Team init.ipv6-global ifcfg-lo ifdown-ippp ifdown-ppp ifdown-TeamPort ifup-bnep ifup-isdn ifup-pppifup-TeamPort network-functions [root@ma-1 network-scripts]# vi ifcfg-ens37 [root@ma-1 network-scripts]# systemctl restart network.service [root@ma-1 network-scripts]# systemctl restart firewalld [root@ma-1 network-scripts]# firewall-cmd --get-zone-of-interface=ens37 work [root@ma-1 network-scripts]# cd ~ [root@ma-1 ~]# firewall-cmd --zone=dmz --add-interface=ens37 (给指定网卡设置zone ) The interface is under control of NetworkManager, setting zone to 'dmz'. success [root@ma-1 ~]# firewall-cmd --get-zone-of-interface=ens37 dmz [root@ma-1 ~]# firewall-cmd --zone=public --change-interface=ens37 (针对网卡更改zone) The interface is under control of NetworkManager, setting zone to 'public'. success [root@ma-1 ~]# firewall-cmd --get-zone-of-interface=ens37 public [root@ma-1 ~]# firewall-cmd --zone=public --remove-interface=ens37 (针对网卡删除zone ) The interface is under control of NetworkManager, setting zone to default. success [root@ma-1 ~]# firewall-cmd --get-zone-of-interface=ens37 (删除zone之后,会显示原有默认的zone) work [root@ma-1 ~]# firewall-cmd --get-active-zones (查看系统所有网卡所在的zone) work interfaces: ens33 ens37 [root@ma-1 ~]# firewall-cmd --zone=dmz --add-interface=lo success [root@ma-1 ~]# firewall-cmd --get-active-zones dmz interfaces: lo work interfaces: ens33 ens37
[root@ma-1 ~]# firewall-cmd --get-services (查看所有的servies) RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nrpe ntp open*** ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server [root@ma-1 ~]# firewall-cmd --get-default-zone (查看当前的zone) work [root@ma-1 ~]# firewall-cmd --list-services (查看当前的zone下的service) ssh dhcpv6-client [root@ma-1 ~]# firewall-cmd --zone=public --list-services (查看public的zone下的service) ssh dhcpv6-client [root@ma-1 ~]# firewall-cmd --zone=trusted --list-services [root@ma-1 ~]# firewall-cmd --zone=public --add-service=http (把http增加到public zone下面) success [root@ma-1 ~]# firewall-cmd --zone=public --list-services ssh dhcpv6-client http [root@ma-1 ~]# firewall-cmd --zone=public --add-service=https (把https增加到public zone下面) success [root@ma-1 ~]# firewall-cmd --zone=public --list-services (添加的这些重新启动就会消失,需要修改配置文件) ssh dhcpv6-client http https [root@ma-1 ~]# firewall-cmd --zone=public --add-service=http --permanent (更改配置文件) success [root@ma-1 ~]# ls /etc/firewalld/zones (/etc/firewalld/zones是配置文件的路径) public.xml public.xml.old (有两个,是因为在未保存之前的会自动生成一个备份文件) [root@ma-1 ~]# cat /etc/firewalld/zones/public.xml.old (最开始未保存配置文件的) <?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="ssh"/> <service name="dhcpv6-client"/> </zone> [root@ma-1 ~]# cat /etc/firewalld/zones/public.xml (保存配置文件之后的,出现http) <?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="ssh"/> <service name="dhcpv6-client"/> <service name="http"/> </zone> [root@ma-1 ~]# ls /usr/lib/firewalld/zones/ (zone的配置文件模板) block.xml dmz.xml drop.xml external.xml home.xml internal.xml public.xml trusted.xml work.xml [root@ma-1 ~]# ls /usr/lib/firewalld/services/ (services的配置文件模板) amanda-client.xmldhcpv6.xml https.xml ldaps.xmlopen***.xml pulseaudio.xml smtps.xml tor-socks.xml ......(中间省略) dhcpv6-client.xmlhigh-availability.xmlkshell.xmlntp.xml ptp.xml smtp-submission.xml tinc.xml
[root@ma-1 ~]# cp /usr/lib/firewalld/services/ftp.xml /etc/firewalld/services [root@ma-1 ~]# vi /etc/firewalld/services/ftp.xml (把21改为1121) <?xml version="1.0" encoding="utf-8"?> <service> <short>FTP</short> <description>FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.</description> <port protocol="tcp" port="1121"/> <module name="nf_conntrack_ftp"/> </service> [root@ma-1 ~]# cp /usr/lib/firewalld/zones/work.xml /etc/firewalld/zones/ [root@ma-1 ~]# vi /etc/firewalld/zones/work.xml (增加一行,<service name="ftp"/>) <?xml version="1.0" encoding="utf-8"?> <zone> <short>Work</short> <description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="ssh"/> <service name="dhcpv6-client"/> <service name="ftp"/> </zone> [root@ma-1 ~]# firewall-cmd --reload (重新加载此服务) success [root@ma-1 ~]# firewall-cmd --zone=work --list-services ssh dhcpv6-client ftp
[root@ma-1 ~]# cat /etc/crontab SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root # For details see man 4 crontabs # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed * * * * * user-name command to be executed 分钟(0-59) 小时(0-23) 日期(1-31) 月份(1-12) 星期(0-6,0代表星期天) 命令 第1列表示分钟1~59 每分钟用*或者 */1表示 第2列表示小时1~23(0表示0点) 第3列表示日期1~31 第4列表示月份1~12(*/2表示被2整除的数字) 第5列标识号星期0~6(0表示星期天) 第6列用户名称 (在不添加的情况下默认为root) 第7列要运行的命令
crond服务操作命令 /sbin/service crond start (启动服务) /sbin/service crond stop (关闭服务) /sbin/service crond restart (重启服务) /sbin/service crond reload (重新载入配置) crontab -l 查看当前用户的cron配置 crontab -e 编辑当前用户的cron配置 crontab -r 删除当前用户的cron配置 crontab -u 设定某个用户的cron服务,一般root用户在执行这个命令的时候需要此参数 crontab -u root -l root查看自己的cron设置 crontab -u fred -r root想删除fred的cron设置 crontab -u root -e 在编辑cron服务时,编辑的内容有一些格式和约定 crontab -l 列出当前的crontab任务 crontab -d 删除当前的crontab任务 crontab filename 以filename做为crontab的任务列表文件并载入 [root@ma-1 ~]# ps aux | grep cron (查看cron是否运行) root 589 0.0 0.1 126276 1620 ?Ss 13:37 0:00 /usr/sbin/crond -n root 2983 0.0 0.0 112720 984 pts/0S+ 16:13 0:00 grep --color=auto cron 命令:0 4 1 jan * /etc/init.d/smb restart (一月一号的4点重启smb)
chkconfig命令用于检查,设置系统的各种服务
[root@ma-1 ~]# chkconfig --list (查看服务列表) 注:该输出结果只显示 SysV 服务,并不包含 原生 systemd 服务。SysV 配置数据 可能被原生 systemd 配置覆盖。 要列出 systemd 服务,请执行 'systemctl list-unit-files'。 查看在具体 target 启用的服务请执行 'systemctl list-dependencies [target]'。 netconsole 0:关 1:关 2:关 3:关 4:关 5:关 6:关 network 0:关 1:关 2:开 3:开 4:开 5:开 6:关 [root@ma-1 ~]# chkconfig --level 3 network off (关掉network服务的3级别) [root@ma-1 ~]# chkconfig --list 注:该输出结果只显示 SysV 服务,并不包含 原生 systemd 服务。SysV 配置数据 可能被原生 systemd 配置覆盖。 要列出 systemd 服务,请执行 'systemctl list-unit-files'。 查看在具体 target 启用的服务请执行 'systemctl list-dependencies [target]'。 netconsole 0:关 1:关 2:关 3:关 4:关 5:关 6:关 network 0:关 1:关 2:开 3:关 4:开 5:开 6:关 [root@ma-1 ~]# chkconfig --level 35 network off (关掉network服务的3和5级别) [root@ma-1 ~]# chkconfig --list 注:该输出结果只显示 SysV 服务,并不包含 原生 systemd 服务。SysV 配置数据 可能被原生 systemd 配置覆盖。 要列出 systemd 服务,请执行 'systemctl list-unit-files'。 查看在具体 target 启用的服务请执行 'systemctl list-dependencies [target]'。 netconsole 0:关 1:关 2:关 3:关 4:关 5:关 6:关 network 0:关 1:关 2:开 3:关 4:开 5:关 6:关 [root@ma-1 ~]# chkconfig --level 345 network on (打开network服务的3、4、5级别) [root@ma-1 ~]# chkconfig --list 注:该输出结果只显示 SysV 服务,并不包含 原生 systemd 服务。SysV 配置数据 可能被原生 systemd 配置覆盖。 要列出 systemd 服务,请执行 'systemctl list-unit-files'。 查看在具体 target 启用的服务请执行 'systemctl list-dependencies [target]'。 netconsole 0:关 1:关 2:关 3:关 4:关 5:关 6:关 network 0:关 1:关 2:开 3:开 4:开 5:开 6:关
[root@ma-1 ~]# cd /etc/init.d [root@ma-1 init.d]# ls functions netconsole network README [root@ma-1 init.d]# cp network ma (创建一个自定义脚本) [root@ma-1 init.d]# ll 总用量 48 -rw-r--r--. 1 root root 17500 5月 3 2017 functions -rwxr-xr-x 1 root root 7293 6月 10 16:40 ma -rwxr-xr-x. 1 root root 4334 5月 3 2017 netconsole -rwxr-xr-x. 1 root root 7293 5月 3 2017 network -rw-r--r--. 1 root root 1160 8月 5 2017 README [root@ma-1 init.d]# chkconfig --list (查看还未添加到服务列表) 注:该输出结果只显示 SysV 服务,并不包含 原生 systemd 服务。SysV 配置数据 可能被原生 systemd 配置覆盖。 要列出 systemd 服务,请执行 'systemctl list-unit-files'。 查看在具体 target 启用的服务请执行 'systemctl list-dependencies [target]'。 netconsole 0:关 1:关 2:关 3:关 4:关 5:关 6:关 network 0:关 1:关 2:开 3:开 4:开 5:开 6:关 [root@ma-1 init.d]# chkconfig --add ma (增加该服务到服务列表) [root@ma-1 init.d]# chkconfig --list 注:该输出结果只显示 SysV 服务,并不包含 原生 systemd 服务。SysV 配置数据 可能被原生 systemd 配置覆盖。 要列出 systemd 服务,请执行 'systemctl list-unit-files'。 查看在具体 target 启用的服务请执行 'systemctl list-dependencies [target]'。 ma 0:关 1:关 2:开 3:开 4:开 5:开 6:关 netconsole 0:关 1:关 2:关 3:关 4:关 5:关 6:关 network 0:关 1:关 2:开 3:开 4:开 5:开 6:关 [root@ma-1 init.d]# chkconfig --del ma (删除该服务) [root@ma-1 init.d]# chkconfig --list 注:该输出结果只显示 SysV 服务,并不包含 原生 systemd 服务。SysV 配置数据 可能被原生 systemd 配置覆盖。 要列出 systemd 服务,请执行 'systemctl list-unit-files'。 查看在具体 target 启用的服务请执行 'systemctl list-dependencies [target]'。 netconsole 0:关 1:关 2:关 3:关 4:关 5:关 6:关 network 0:关 1:关 2:开 3:开 4:开 5:开 6:关
[root@ma-1 ~]# systemctl list-unit-files (查看所有服务) UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static dev-hugepages.mount static ......(中间省略) chrony-dn***v@.timer disabled fstrim.timer disabled systemd-readahead-done.timer indirect systemd-tmpfiles-clean.timer static 231 unit files listed. lines 201-234/234 (END) [root@ma-1 ~]# systemctl list-units --all --type=service (查看文件类型为service的服务;加--all会将所有和service有关的都列出来) UNIT LOAD ACTIVE SUB DESCRIPTION auditd.serviceloadedactive running Security Auditing Service ......(中间省略) vgauthd.service loadedactive running VGAuth Service for open-vm-tools vmtoolsd.service loadedactive running Service for virtual machines hosted on VMware LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB= The low-level unit activation state, values depend on unit type. 86 loaded units listed. To show all installed unit files use 'systemctl list-unit-files'. lines 61-94/94 (END) [root@ma-1 ~]# systemctl list-units --type=service (不加--all,会列出少数的service) UNIT LOAD ACTIVE SUB DESCRIPTION auditd.service loaded active running Security Auditing Service chronyd.serviceloaded active running NTP client/server ......(中间省略) LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB= The low-level unit activation state, values depend on unit type. 36 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. lines 11-44/44 (END)
systemctl enable crond.service (让服务开机启动) systemctl disable crond (不让开机启动) systemctl status crond (查看状态) systemctl stop crond (停止服务) systemctl start crond (启动服务) systemctl restart crond (重启服务) systemctl is-enabled crond (检查服务是否开机启动)
[root@ma-1 ~]# systemctl is-enabled crond (检查服务是否开机启动) enabled [root@ma-1 ~]# systemctl disable crond Removed symlink /etc/systemd/system/multi-user.target.wants/crond.service. [root@ma-1 ~]# systemctl is-enabled crond disabled [root@ma-1 ~]# systemctl enable crond Created symlink from /etc/systemd/system/multi-user.target.wants/crond.service to /usr/lib/systemd/system/crond.service. [root@ma-1 ~]# systemctl is-enabled crond enabled [root@ma-1 ~]# cat /etc/systemd/system/multi-user.target.wants/crond.service (查看配置文件) [Unit] Description=Command Scheduler After=auditd.service systemd-user-sessions.service time-sync.target [Service] EnvironmentFile=/etc/sysconfig/crond ExecStart=/usr/sbin/crond -n $CRONDARGS ExecReload=/bin/kill -HUP $MAINPID KillMode=process [Install] WantedBy=multi-user.target [root@ma-1 ~]# ll !$ (可以查看,并且是软链接,原目录是:/usr/lib/systemd/system/crond.service. [root@ma-1 ~]# systemctl is-enabled crond ) ll /etc/systemd/system/multi-user.target.wants/crond.service lrwxrwxrwx 1 root root 37 6月 10 17:08 /etc/systemd/system/multi-user.target.wants/crond.service -> /usr/lib/systemd/system/crond.service [root@ma-1 ~]# systemctl disable crond Removed symlink /etc/systemd/system/multi-user.target.wants/crond.service. [root@ma-1 ~]# ll /etc/systemd/system/multi-user.target.wants/ (当开机不启动时,就无法查看该目录)crond.service ls: 无法访问/etc/systemd/system/multi-user.target.wants/crond.service: 没有那个文件或目录
[root@ma-1 ~]# ls /usr/lib/systemd/system/ (查看enable状态下原目录的内容,系统所有unit,分为以下类型) arp-ethers.service initrd-switch-root.service rhel-autorelabel.service systemd-hwdb-update.service ......(中间省略) initrd-root-fs.target rhel-autorelabel-mark.service systemd-hostnamed.service [root@ma-1 ~]# cd !$ cd /usr/lib/systemd/system/ [root@ma-1 system]# ll runlevel* lrwxrwxrwx. 1 root root 15 6月 1 22:38 runlevel0.target -> poweroff.target lrwxrwxrwx. 1 root root 13 6月 1 22:38 runlevel1.target -> rescue.target lrwxrwxrwx. 1 root root 17 6月 1 22:38 runlevel2.target -> multi-user.target lrwxrwxrwx. 1 root root 17 6月 1 22:38 runlevel3.target -> multi-user.target lrwxrwxrwx. 1 root root 17 6月 1 22:38 runlevel4.target -> multi-user.target lrwxrwxrwx. 1 root root 16 6月 1 22:38 runlevel5.target -> graphical.target lrwxrwxrwx. 1 root root 13 6月 1 22:38 runlevel6.target -> reboot.target service 系统服务 target 多个unit组成的组 device 硬件设备 mount 文件系统挂载点 automount 自动挂载点 path 文件或路径 scope 不是由systemd启动的外部进程 slice 进程组 snapshot systemd 快照 socket 进程间通信套接字 swap swap文件 timer 定时器
[root@ma-1 system]# systemctl list-units (列出正在运行的unit) UNIT LOAD ACTIVE SUB DESCRIPTION proc-sys-fs-binfmt_misc.automount .......(中间省略) 97 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. lines 72-105/105 (END) [root@ma-1 system]# systemctl list-units --all (列出所有,包括失败的或者inactive的) UNIT LOAD ACTIVE SUB DESCRIPTION proc-sys-fs-binfmt_misc.automount .......(中间省略) 190 loaded units listed. To show all installed unit files use 'systemctl list-unit-files'. lines 165-198/198 (END) [root@ma-1 system]# systemctl list-units --all --state=inactive (列出inactive的unit) UNIT LOAD ACTIVE SUB DESCRIPTION proc-sys-fs-binfmt_misc.mount loadedinactive dead Arbitrary Executable File Formats File System sys-fs-fuse-connections.mount loadedinactive dead FUSE Control File System .......(中间省略) 67 loaded units listed. To show all installed unit files use 'systemctl list-unit-files'. lines 42-75/75 (END) [root@ma-1 system]# systemctl list-units --type=service (列出状态为active的service) UNIT LOAD ACTIVE SUB DESCRIPTION auditd.service loaded active running Security Auditing Service chronyd.serviceloaded active running NTP client/server .......(中间省略) 36 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. lines 11-44/44 (END) [root@ma-1 system]# systemctl is-active crond.service (查看某个服务是否为active) active
target是由unit组成的,方便于管理
[root@ma-1 system]# systemctl list-unit-files --type=target (查看所有unit) UNIT FILE STATE basic.target static bluetooth.target static .......(中间省略) umount.target static 57 unit files listed. lines 27-60/60 (END) [root@ma-1 system]# systemctl list-dependencies multi-user.target (查看指定target下面有哪些unit) multi-user.target ● ├─auditd.service ● ├─brandbot.path ● ├─chronyd.service ● ├─dbus.service ● ├─firewalld.service ● ├─irqbalance.service ● ├─kdump.service ● ├─network.service ● ├─NetworkManager.service [root@ma-1 system]# systemctl get-default (查看系统默认的target) multi-user.target [root@ma-1 system]# systemctl set-default multi-user.target (指定系统默认的target) Removed symlink /etc/systemd/system/default.target. Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/multi-user.target. [root@ma-1 system]# cat /usr/lib/systemd/system/sshd.service [Unit] Description=OpenSSH server daemon Documentation=man:sshd(8) man:sshd_config(5) After=network.target sshd-keygen.service Wants=sshd-keygen.service [Service] Type=notify EnvironmentFile=/etc/sysconfig/sshd ExecStart=/usr/sbin/sshd -D $OPTIONS ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure RestartSec=42s [Install] (看[install]部分确定unit属于哪个target) WantedBy=multi-user.target
http://www.jb51.net/article/100457.htm
https://www.jianshu.com/p/3009a9b7d024?from=timeline
https://www.zsythink.net/archives/tag/iptables/
标签:init.d 日志 enable lan rescue chkconfig http inpu 硬件
原文地址:http://blog.51cto.com/13750987/2129758
