Linux Fundamentals - Service and Process Management

#readwise # Linux Fundamentals - Service and Process Management ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article1.be68295a7e40.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Linux Fundamentals - URL: https://academy.hackthebox.com/module/18/section/73 ## Highlights In general, there are two types of services: internal, the relevant services that are required at system startup, which for example, perform hardware-related tasks, and services that are installed by the user, which usually include all server services. Such services run in the background without any user interaction. These are also called daemons and are identified by the letter 'd' at the end of the program name, for example, `sshd` or `systemd`. --- Most Linux distributions have now switched to `systemd`. This daemon is an Init process started first and thus has the process ID (PID) 1. This daemon monitors and takes care of the orderly starting and stopping of other services. All processes have an assigned PID that can be viewed under `/proc/` with the corresponding number. --- ### `systemctl` we can start the service with the following command. ... `systemctl start ssh` --- After we have started the service, we can now check if it runs without errors. ... `systemctl status ssh` --- To add OpenSSH to the `SysV` script to tell the system to run this service after startup, we can link it with the following command: ... `systemctl enable ssh` ... Once we reboot the system, the OpenSSH server will automatically run. We can check this with a tool called `ps`. ... `ps -aux | grep ssh` --- We can also use `systemctl` to list all services. ... `systemctl list-units --type=service` --- It is quite possible that the services do not start due to an error. To see the problem, we can use the tool `journalctl` to view the logs. ...` journalctl -u ssh.service --no-pager` --- ### Kill a Process A process can be in the following states: - Running - Waiting (waiting for an event or system resource) - Stopped - Zombie (stopped but still has an entry in the process table). --- Processes can be controlled using `kill`, `pkill`, `pgrep`, and `killall`. --- To interact with a process, we must send a signal to it. We can view all signals with the following command: ... `kill -l` ... The most commonly used are: - 1 - `SIGHUP` - This is sent to a process when the terminal that controls it is closed. - 2 - `SIGINT` - Sent when a user presses `[Ctrl] + C` in the controlling terminal to interrupt a process. - 3 - `SIGQUIT` - Sent when a user presses `[Ctrl] + D` to quit. - 9 - `SIGKILL` - Immediately kill a process with no clean-up operations. - 15 - `SIGTERM` - Program termination. - 19 - `SIGSTOP` - Stop the program. It cannot be handled anymore. - 20 - `SIGTSTP` - Sent when a user presses `[Ctrl] + Z` to request for a service to suspend. The user can handle it afterward. For example, if a program were to freeze, we could force to kill it with the following command: `kill 9 <PID>` --- ### Background a Process Sometimes it will be necessary to put the scan or process we just started in the background to continue using the current session to interact with the system or start other processes. As we have already seen, we can do this with the shortcut `[Ctrl + Z]`. As mentioned above, we send the `SIGTSTP` signal to the kernel, which suspends the process. ... Now all background processes can be displayed with the following command: `jobs`. ... The `[Ctrl] + Z` shortcut suspends the processes, and they will not be executed further. To keep it running in the background, we have to enter the command `bg` to put the process in the background. ... Another option is to automatically set the process with an AND sign (&) at the end of the command. --- ### Foreground a Process we can use the `jobs` command to list all background processes. Backgrounded processes do not require user interaction, and we can use the same shell session without waiting until the process finishes first. Once the scan or process finishes its work, we will get notified by the terminal that the process is finished. --- If we want to get the background process into the foreground and interact with it again, we can use the `fg <ID>` command. --- ### Execute Multiple Commands There are three possibilities to run several commands, one after the other. These are separated by: - Semicolon (;) - Double ampersand characters (&&) - Pipes (|) --- The difference between them lies in the previous processes' treatment and depends on whether the previous process was completed successfully or with errors. The semicolon (;) is a command separator and executes the commands by ignoring previous commands' results and errors. ... However, it looks different if we use the double AND characters (&&) to run the commands one after the other. If there is an error in one of the commands, the following ones will not be executed anymore, and the whole process will be stopped. ... Pipes (|) depend not only on the correct and error-free operation of the previous processes but also on the previous processes' results. ---