systemctl
[root@localhost ~]# systemctl status atd.service #查詢服務狀態 ● atd.service - Job spooling tools Loaded: loaded (/usr/lib/systemd/system/atd.service; enabled; vendor preset: enabled) Active: active (running) since 一 2019-08-26 09:40:41 CST; 2 days ago #服務狀態是running Main PID: 49782 (atd) Tasks: 1 CGroup: /system.slice/atd.service └─49782 /usr/sbin/atd -f 8月 26 09:40:41 localhost.localdomain systemd[1]: Started Job spooling tools. 8月 26 10:36:00 localhost.localdomain atd[53278]: Starting job 3 (a00003018e745c) for user 'root' (0) 8月 26 10:54:42 localhost.localdomain atd[54730]: Starting job 4 (b00004018e7469) for user 'root' (0) [root@localhost ~]# systemctl stop atd.service #關閉服務 [root@localhost ~]# systemctl status atd.service ● atd.service - Job spooling tools Loaded: loaded (/usr/lib/systemd/system/atd.service; enabled; vendor preset: enabled) Active: inactive (dead) since 三 2019-08-28 11:01:56 CST; 10s ago #服務狀態為dead Process: 49782 ExecStart=/usr/sbin/atd -f $OPTS (code=exited, status=0/SUCCESS) Main PID: 49782 (code=exited, status=0/SUCCESS) 8月 26 09:40:41 localhost.localdomain systemd[1]: Started Job spooling tools. 8月 26 10:36:00 localhost.localdomain atd[53278]: Starting job 3 (a00003018e745c) for user 'root' (0) 8月 26 10:54:42 localhost.localdomain atd[54730]: Starting job 4 (b00004018e7469) for user 'root' (0) 8月 28 11:01:56 localhost.localdomain systemd[1]: Stopping Job spooling tools... 8月 28 11:01:56 localhost.localdomain systemd[1]: Stopped Job spooling tools. [root@localhost ~]# systemctl start atd.service [root@localhost ~]# systemctl status atd.service ● atd.service - Job spooling tools Loaded: loaded (/usr/lib/systemd/system/atd.service; enabled; vendor preset: enabled) Active: active (running) since 三 2019-08-28 11:02:26 CST; 8s ago Main PID: 92576 (atd) Tasks: 1 CGroup: /system.slice/atd.service └─92576 /usr/sbin/atd -f 8月 28 11:02:26 localhost.localdomain systemd[1]: Started Job spooling tools.
同時運行兩個相同但不同端口的服務。該如何做?
鳥哥書中,用vsftpd來做例子。首先更改vsfptd的端口為555.這里我偷懶,前面的例子沒有做。結果按照步驟來操作的時候,死活也弄不通,總是failed。。。。崩潰中,在看書,才發現,里面有一句,上一章我們將vsftpd的端口號改成555....好吧。。。去找前一章的相關例子
首先需要更改配置文件 /etc/vsftpd這個文件夾中 service服務在 /etc/systemd/system這個文件夾中
我們找到vsftpd.conf這個配置文件后,在后面加上了 listen_port=555這個端口號。但是我們restart提示,failed。。。。
[root@localhost ~]# systemctl restart vsftpd
Job for vsftpd.service failed because the control process exited with error code. See "systemctl status vsftpd.service" and "journalctl -xe" for details.
它讓你查看 journalctl -xe這個命令來查看失敗信息,如下(鳥哥文中,讓你用/var/log/messages 來定位)
6985]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
ubleshoot[109349]: SELinux is preventing /usr/sbin/vsftpd from name_bind access on the
n[109349]: SELinux is preventing /usr/sbin/vsftpd from name_bind access on the tcp_sock
***** Plugin bind_ports (92.2 confidence) suggests ********************* #這就是建議,能解決的概率是92.2,肯定就是這個了
If you want to allow /usr/sbin/vsftpd to bind to network port 555
Then you need to modify the port type.
Do
# semanage port -a -t PORT_TYPE -p tcp 555 #這里截取的時候截取不全,就不弄了,就是列了很多type類型
where PORT_TYPE is one of the following: certmaster_port_t, cluster_por
***** Plugin catchall_boolean (7.83 confidence) suggests ***************
If you want to allow nis to enabled
Then you must tell SELinux about this by enabling the 'nis_enabled' boolean
Do
setsebool -P nis_enabled 1
***** Plugin catchall (1.41 confidence) suggests ***********************
If you believe that vsftpd should be allowed name_bind access on the port 5
Then you should report this as a bug.
You can generate a local policy module to allow this access.
鳥哥的/messages定位
[root@localhost system]# grep sealert /var/log/messages #首先通過messages找到編號,就是后面那一堆1ce60b58-bcbf-498f-ad42-8512d83f0e61 Aug 28 15:09:32 localhost setroubleshoot: SELinux is preventing /usr/sbin/vsftpd from name_bind access on the tcp_socket port 555. For complete SELinux messages run: sealert -l 1ce60b58-bcbf-498f-ad42-8512d83f0e61 Aug 28 15:13:49 localhost setroubleshoot: SELinux is preventing /usr/sbin/vsftpd from name_bind access on the tcp_socket port 555. For complete SELinux messages run: sealert -l 1ce60b58-bcbf-498f-ad42-8512d83f0e61 Aug 28 15:19:49 localhost setroubleshoot: SELinux is preventing /usr/sbin/vsftpd from name_bind access on the tcp_socket port 555. For complete SELinux messages run: sealert -l 1ce60b58-bcbf-498f-ad42-8512d83f0e61 Aug 28 15:23:37 localhost setroubleshoot: SELinux is preventing /usr/sbin/vsftpd from name_bind access on the tcp_socket port 555. For complete SELinux messages run: sealert -l 1ce60b58-bcbf-498f-ad42-8512d83f0e61 Aug 28 15:25:02 localhost setroubleshoot: SELinux is preventing /usr/sbin/vsftpd from name_bind access on the tcp_socket port 555. For complete SELinux messages run: sealert -l 1ce60b58-bcbf-498f-ad42-8512d83f0e61 Aug 28 15:25:30 localhost setroubleshoot: SELinux is preventing /usr/sbin/vsftpd from name_bind access on the tcp_socket port 555. For complete SELinux messages run: sealert -l 1ce60b58-bcbf-498f-ad42-8512d83f0e61
[root@localhost system]# sealert -l 1ce60b58-bcbf-498f-ad42-8512d83f0e61 #然后通過這個編號,再來sealert -l一下,就能看到詳細信息了,如下圖。是不是跟剛才那個 journalctl -xe 的結果是類似的?不過這個中文,那個英文。 SELinux is preventing /usr/sbin/vsftpd from name_bind access on the tcp_socket port 555. ***** 插件 bind_ports (92.2 置信度) 建議 ****************************************** If you want to allow /usr/sbin/vsftpd to bind to network port 555 Then you need to modify the port type. Do # semanage port -a -t PORT_TYPE -p tcp 555 其中 PORT_TYPE 是以下之一:certmaster_port_t, cluster_port_t, ephemeral_port_t, ftp_data_port_t, ftp_port_t, hadoop_datanode_port_t, hplip_port_t, isns_port_t, port_t, postgrey_port_t, unreserved_port_t。#這里就是上一張圖缺失的類型列表 ***** 插件 catchall_boolean (7.83 置信度) 建議 ************************************ If you want to allow nis to enabled Then 必須啟用 'nis_enabled' 布爾值告知 SELinux 此情況。 Do setsebool -P nis_enabled 1 ***** 插件 catchall (1.41 置信度) 建議 ******************************************** If you believe that vsftpd should be allowed name_bind access on the port 555 tcp_socket by default. Then 應該將這個情況作為 bug 報告。 可以生成本地策略模塊以允許此訪問。 Do allow this access for now by executing: # ausearch -c 'vsftpd' --raw | audit2allow -M my-vsftpd # semodule -i my-vsftpd.pp 更多信息: 源環境 (Context) system_u:system_r:ftpd_t:s0-s0:c0.c1023 目標環境 system_u:object_r:hi_reserved_port_t:s0 目標對象 port 555 [ tcp_socket ] 源 vsftpd 源路徑 /usr/sbin/vsftpd 端口 555 主機 localhost.localdomain 源 RPM 軟件包 目標 RPM 軟件包 策略 RPM selinux-policy-3.13.1-229.el7.noarch Selinux 已啟用 True 策略類型 targeted 強制模式 Enforcing 主機名 localhost.localdomain 平台 Linux localhost.localdomain 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 警報計數 6 第一個 2019-08-28 15:09:30 CST 最后一個 2019-08-28 15:25:26 CST 本地 ID 1ce60b58-bcbf-498f-ad42-8512d83f0e61 原始核查信息 type=AVC msg=audit(1566977126.934:14578): avc: denied { name_bind } for pid=109344 comm="vsftpd" src=555 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hi_reserved_port_t:s0 tclass=tcp_socket permissive=0 Hash: vsftpd,ftpd_t,hi_reserved_port_t,tcp_socket,name_bind
接着我們根據他的提示來修改就OK了
semanage port -a -t ftp_port_t -p tcp 555 然后在重啟一下,netstat -tlnp一下就看到了
[root@localhost ~]# netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 8138/X
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 8598/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 7675/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 94257/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 8037/master
tcp6 0 0 :::555 :::* LISTEN 109849/vsftpd #這里,看到了么?端口已經改成了555
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::6000 :::* LISTEN 8138/X
tcp6 0 0 :::22 :::* LISTEN 7675/sshd
tcp6 0 0 ::1:631 :::* LISTEN 94257/cupsd
tcp6 0 0 ::1:25 :::* LISTEN 8037/master
剩下的,就是兩個端口同時運行的問題了。復制conf,復制service,然后重啟,開機啟動,就OK了
[root@localhost system]# cp vsftpd.conf vsftpd2.conf
然后vim ,在vsftpd中,將端口號,注釋掉。就是使用默認端口。復制service
首先要進入目錄,然后cp
[root@localhost system]# cd /etc/systemd/system
[root@localhost system]# cp /usr/lib/systemd/system/vsftpd.service vsftpd2.service
然后更改vsftpd2.servcie的配置,
[Unit]
Description=Vsftpd second ftp daemon #更改一下這個,描述改一下,便於識別
After=network.target
[Service]
Type=forking
ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd2.conf #將2號配置文件寫入到servcie中
[Install]
WantedBy=multi-user.target
到這里基本上具體的工作就完成了。剩下的就是重載,重啟,開機啟動,查看
[root@localhost system]# systemctl daemon-reload #重載
[root@localhost system]# systemctl list-unit-files --all | grep vsftpd #查看vsftpd的相關服務信息
vsftpd.service enabled
vsftpd2.service enabled #默認是disabled,這里是我重新copy的,已經enable,所以現實是enabled
vsftpd@.service disabled
vsftpd.target disabled
[root@localhost system]# systemctl status vsftpd2.service #查看服務2的狀態
● vsftpd2.service - Vsftpd second ftp daemon
Loaded: loaded (/etc/systemd/system/vsftpd2.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2019-08-28 15:34:24 CST; 42min ago
Main PID: 110076 (vsftpd)
CGroup: /system.slice/vsftpd2.service
└─110076 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd2.conf
8月 28 15:34:24 localhost.localdomain systemd[1]: Starting Vsftpd second ftp daemon...
8月 28 15:34:24 localhost.localdomain systemd[1]: Started Vsftpd second ftp daemon.
[root@localhost system]# systemctl restart vsftpd.service vsftpd2.service #重啟服務
[root@localhost system]# systemctl enable vsftpd.service vsftpd2.servcie #設置開機啟動,這里我字母寫錯了,看出來了么
Failed to execute operation: No such file or directory
[root@localhost system]# systemctl enable vsftpd.service vsftpd2.service#這是改完之后的,不認真真看不出來
[root@localhost system]# systemctl status vsftpd.service vsftpd2.service#查看狀態
● vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2019-08-28 16:17:14 CST; 35s ago
Main PID: 112853 (vsftpd)
CGroup: /system.slice/vsftpd.service
└─112853 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
8月 28 16:17:14 localhost.localdomain systemd[1]: Starting Vsftpd ftp daemon...
8月 28 16:17:14 localhost.localdomain systemd[1]: Started Vsftpd ftp daemon.
● vsftpd2.service - Vsftpd second ftp daemon
Loaded: loaded (/etc/systemd/system/vsftpd2.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2019-08-28 16:17:14 CST; 35s ago
Main PID: 112856 (vsftpd)
CGroup: /system.slice/vsftpd2.service
└─112856 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd2.conf
8月 28 16:17:14 localhost.localdomain systemd[1]: Starting Vsftpd second ftp daemon...
8月 28 16:17:14 localhost.localdomain systemd[1]: Started Vsftpd second ftp daemon.
[root@localhost system]# netstat -ntlp #查看一下信息
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 8138/X
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 8598/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 7675/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 94257/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 8037/master
tcp6 0 0 :::555 :::* LISTEN 112856/vsftpd #555端口的vsftpd
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::6000 :::* LISTEN 8138/X
tcp6 0 0 :::21 :::* LISTEN 112853/vsftpd #默認端口的vsftpd
tcp6 0 0 :::22 :::* LISTEN 7675/sshd
tcp6 0 0 ::1:631 :::* LISTEN 94257/cupsd
tcp6 0 0 ::1:25 :::* LISTEN 8037/master
多重的重復設定
就是要重復設置的指令,例如上例子中的,多端口的vsftp就是一個例子,還有書中提到的getty,多用戶登錄
從文中的意思就是,所有在/usr/lib/systemd/system文件夾中,帶有@的服務,都可以直接用 systemctl start xxxxxx.service來啟動
我們進入/usr/lib/systemd/system文件夾中,然后ls | grep @ 來查看所有帶@符號的服務
[root@localhost system]# ls | grep @ anaconda-shell@.service anaconda-tmux@.service autovt@.service chrony-dnssrv@.service chrony-dnssrv@.timer clean-mount-point@.service configure-printer@.service container-getty@.service getty@.service #多用戶的例子,就是書中的例子 lvm2-pvscan@.service mdadm-grow-continue@.service mdadm-last-resort@.service mdadm-last-resort@.timer mdmon@.service rdma-load-modules@.service rsyncd@.service saned@.service selinux-policy-migrate-local-changes@.service serial-getty@.service sshd@.service systemd-backlight@.service systemd-fsck@.service systemd-hibernate-resume@.service systemd-nspawn@.service systemd-rfkill@.service teamd@.service usb_modeswitch@.service vsftpd@.service #我們要用的例子 wacom-inputattach@.service [root@localhost system]#
上面的這些服務,都可以在更改配置文件后,直接起動。例如 vsftp。下面我們如果要開啟 一個6666端口的vsftp服務該如何呢?
首先修改配置文件,然后直接start就可以,試試看
[root@localhost system]# cd /etc/vsftpd [root@localhost vsftpd]# ls ftpusers user_list vsftpd2.conf vsftpd.conf vsftpd_conf_migrate.sh [root@localhost vsftpd]# cp vsftpd.conf vsftpd3.conf #創建一個新的配置文件vsftpd3.conf [root@localhost vsftpd]# ls ftpusers user_list vsftpd2.conf vsftpd3.conf vsftpd.conf vsftpd_conf_migrate.sh [root@localhost vsftpd]# vim vsftpd3.conf #修改他,然后將端口更改為6666 # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES # # Uncomment this to allow local users to log in. # When SELinux is enforcing check for SE bool ftp_home_dir local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. # When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access #anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. #anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. #xferlog_file=/var/log/xferlog # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. xferlog_std_format=YES # # You may change the default value for timing out an idle session. "vsftpd3.conf" 129L, 5133C 1,1 頂端 # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains # the behaviour when these options are disabled. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: #ftpd_banner=Welcome to blah FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that # the user does not have write access to the top level directory within the # chroot) #chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen=NO # # This directive enables listening on IPv6 sockets. By default, listening # on the IPv6 "any" address (::) will accept connections from both IPv6 # and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6 # sockets. If you want that (perhaps because you want to listen on specific # addresses) then you must run two copies of vsftpd with two configuration # files. # Make sure, that one of the listen options is commented !! listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES listen_port=6666 #更改端口為6666 "vsftpd3.conf" 129L, 5133C 已寫入 [root@localhost vsftpd]# systemctl start vsftp@vsftp3.service Failed to start vsftp@vsftp3.service: Unit not found. [root@localhost vsftpd]# systemctl start vsftp@vsftpd3.service Failed to start vsftp@vsftpd3.service: Unit not found. [root@localhost vsftpd]# systemctl start vsftpd@vsftpd3.service #我們重啟服務,前面的vsftpd就是我們在前面/usr/lib/systemd/system中的帶@的服務。后面的vsftpd3就是你改的配置文件的名字對應的服務 [root@localhost vsftpd]# netstat -tlnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 8138/X tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 8598/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 7675/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 94257/cupsd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 8037/master tcp6 0 0 :::6666 :::* LISTEN 116405/vsftpd #看到了么?直接就OK了。。。。是不是很簡單,是不是比剛才那么改簡單?但是要這樣做的根本就是要有對應的@服務才行,否則你還是要。。。。。 tcp6 0 0 :::555 :::* LISTEN 112856/vsftpd tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 :::6000 :::* LISTEN 8138/X tcp6 0 0 :::21 :::* LISTEN 112853/vsftpd tcp6 0 0 :::22 :::* LISTEN 7675/sshd tcp6 0 0 ::1:631 :::* LISTEN 94257/cupsd tcp6 0 0 ::1:25 :::* LISTEN 8037/master
重點來了。做我們自己的服務,有意思嘍。我喜歡這玩意。書中做一個自動備份系統的服務,我們來敲一遍
[root@localhost ~]# vim /backups/backup.sh #!/bin/bash source="/etc /home /root /var/lib /var/spool/{cron,at,mail}" #need backup source target="/backups/backup-system-$(date+%Y-%m-%d).tar.gz" #tar.gz to File and filename with date [ ! -d /backups ] && mkdir /backups # if not have directories then mkdir tar -zcvf ${target} ${source} &> /backups/backup.log #tar this and make somelog to the backup.log
保存后,提示無法創建文件。。。。不知道為啥?查百度也沒找出原因,是不是沒有這個文件夾的原因呢?我mkdir一下,然后保存,就OK了。這點注意一下,這里可以用到我們上個隨筆說的前后台切換的,很實用
ctrl+z fg進行切換
[root@localhost ~]# chmod a+x /backups/backup.sh [root@localhost ~]# ll /backups/backup.sh -rwxr-xr-x. 1 root root 369 8月 28 17:26 /backups/backup.sh [root@localhost ~]# vim /etc/systemd/system/backup.service^C [root@localhost ~]# vim /etc/systemd/system/backup.service [Unit] Des ~ ~ ~ ~ ~ ~ ▽ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ [root@localhost ~]# cp /etc/systemd/system/vsftpd.servcie /etc/systemd/system/backup.service cp: 無法獲取"/etc/systemd/system/vsftpd.servcie" 的文件狀態(stat): 沒有那個文件或目錄 [root@localhost ~]# ls /etc/systemd/system | grep vs vsftpd2.service [root@localhost ~]# cp /etc/systemd/system/vsftpd2.servcie /etc/systemd/system/backup.service cp: 無法獲取"/etc/systemd/system/vsftpd2.servcie" 的文件狀態(stat): 沒有那個文件或目錄 [root@localhost ~]# cp /etc/systemd/system/vsftpd2.service /etc/systemd/system/backup.service [root@localhost ~]# vim /etc/systemd/system/backup.service [Unit] Description=backup my servce Requires=atd.service [Service] Type=simple ExecStart=/bin/bash -c " echo /backups/backup.sh | at now" [Install] WantedBy=multi-user.target ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ "/etc/systemd/system/backup.service" 10L, 177C 已寫入 [root@localhost ~]# systemctl daemon-reload [root@localhost ~]# systemctl start backup.servcie Failed to start backup.servcie.service: Unit not found. [root@localhost ~]# systemctl start backup.servci Failed to start backup.servci.service: Unit not found. [root@localhost ~]# systemctl start backup.service [root@localhost ~]# systemctl status backup.servcie Unit backup.servcie.service could not be found. [root@localhost ~]# systemctl status backup.service ● backup.service - backup my servce Loaded: loaded (/etc/systemd/system/backup.service; disabled; vendor preset: disabled) Active: inactive (dead) 8月 28 17:35:35 localhost.localdomain systemd[1]: Started backup my servce. 8月 28 17:35:35 localhost.localdomain bash[118097]: job 5 at Wed Aug 28 17:35:00 2019 [root@localhost ~]# ls /etc/backups ls: 無法訪問/etc/backups: 沒有那個文件或目錄 [root@localhost ~]# ls /backu0ps ls: 無法訪問/backu0ps: 沒有那個文件或目錄 [root@localhost ~]# ls /backups backup.log backup.sh backup-system-.tar.gz #看到這個gz文件了么?成功備份。發現問題了沒有?system-后面缺少了時間,回去看看sh吧。。。
[root@localhost backups]# vim backup.sh
#!/bin/bash
source="/etc /home /root /var/lib /var/spool/{cron,at,mail}" #need backup source
target="/backups/backup-system-$(date +%Y-%m-%d).tar.gz" #tar.gz to File and filename with date 找到問題了么?date后面要有空格再跟后面的格式
[ ! -d /backups ] && mkdir /backups # if not have directories then mkdir
tar -zcvf ${target} ${source} &> /backups/backup.log #tar this and make somelog to the backup.log
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"backup.sh" 8L, 370C 已寫入
[root@localhost backups]# systemctl daemon-reload
[root@localhost backups]# systemctl start backup.service
[root@localhost backups]# systemctl status backup.servcie
Unit backup.servcie.service could not be found.
[root@localhost backups]# systemctl status backup.service
● backup.service - backup my servce
Loaded: loaded (/etc/systemd/system/backup.service; disabled; vendor preset: disabled)
Active: inactive (dead)
8月 28 17:35:35 localhost.localdomain systemd[1]: Started backup my servce.
8月 28 17:35:35 localhost.localdomain bash[118097]: job 5 at Wed Aug 28 17:35:00 2019
8月 29 09:01:06 localhost.localdomain systemd[1]: Started backup my servce.
8月 29 09:01:06 localhost.localdomain bash[45725]: job 6 at Thu Aug 29 09:01:00 2019
[root@localhost backups]# ls
backup.log backup.sh backup-system-2019-08-29.tar.gz backup-system-.tar.gz #OK。第二個gz完美出來了,日期也是對的
systemctl timer定時配置文件
systemd的timer功能的必要條件
一個循環運作的案例
開機2小時開始執行 backup.service
自從第一次執行后,沒兩天執行一次 backup.service
[root@localhost system]# cp backup.service backup.timer [root@localhost system]# vim backup.timer #backup.timer是新建的,我對比了一下backup.service,大致相同,就cp了一下進行修改 Description=backup my servce timer [Unit] Description=backup my servce timer [Timer] OnBootSec=2hrs #2小時執行 OnUnitActiveSec=2days #2天后定期執行 [Install] WantedBy=multi-user.target ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ "backup.timer" 9L, 126C 已寫入 [root@localhost system]# systemctl daemon-reload [root@localhost system]# systemctl enable backup.timer Created symlink from /etc/systemd/system/multi-user.target.wants/backup.timer to /etc/systemd/system/backup.timer. [root@localhost system]# systemctl restart backup.timer
[root@localhost system]# systemctl start backup.service #執行一下備份service看看對比效果
[root@localhost system]# systemctl show timers.target |grep Condition
ConditionResult=yes
ConditionTimestamp=三 2019-08-21 15:03:56 CST #timer啟動時間
ConditionTimestampMonotonic=132307867
[root@localhost system]# systemctl show backup.service |grep ExecMain
ExecMainStartTimestamp=四 2019-08-29 10:44:39 CST
ExecMainStartTimestampMonotonic=663063034594
ExecMainExitTimestamp=四 2019-08-29 10:44:39 CST #backup.service上次執行的時間
ExecMainExitTimestampMonotonic=663063115827
ExecMainPID=52211
ExecMainCode=1
ExecMainStatus=0
[root@localhost system]# systemctl show backup.timer |grep NextElapse
NextElapseUSecRealtime=0
NextElapseUSecMonotonic=1w 2d 16h 11min 3.034662s #下次執行的差值 一周2天16小時。我設定的是兩天,為啥這么大,就是因為conditionTimestamp的原因。因為時間戳是8.21日,今天是8.29日,算一下吧。2018.8.21 15點加上1w2d16h,是不是就是2019.8.29 12點左右,也就是往后兩小時執行的時間。執行完畢后,就是2d的時間了因為我們在配置文件里邊寫好,第一次執行2小時,往后2天執行一次。
[root@localhost system]#
如果要每周二執行任務該如何操作呢?
首先需要一個timer,一個service。我們copy一下backup.time,然后改一下就OK了。這里還遇到一個很奇怪的問題
[Unit] Description=backup my servce timer2 [Timer] OnCalendar=Sun *-*-* 02:00:00 #問題就出在這,一直啟動不起來服務,提示無法將時間格式轉化成時間。。。后來我改成下划線,重新啟動,再改回來,重新啟動,就可以了。。。不知道問題出在哪 Persistent=true Unit=backup.service [Install] WantedBy=multi-user.target
問題在這
8月 29 11:33:40 localhost.localdomain systemd[1]: [/etc/systemd/system/backup2.timer:5] Failed to parse calendar specification, ignoring: Sun *-*-* 02:00:00
8月 29 11:33:40 localhost.localdomain systemd[1]: backup2.timer lacks value setting. Refusing.
8月 29 11:33:40 localhost.localdomain systemd[1]: [/etc/systemd/system/backup2.timer:5] Failed to parse calendar specification, ignoring: Sun *-*-* 02:00:00
8月 29 11:33:40 localhost.localdomain systemd[1]: backup2.timer lacks value setting. Refusing.
[root@localhost system]# systemctl daemon-reload [root@localhost system]# systemctl start backup2.timer [root@localhost system]# systemctl status backup2.timer ● backup2.timer - backup my servce timer2 Loaded: loaded (/etc/systemd/system/backup2.timer; enabled; vendor preset: disabled) Active: active (waiting) since 四 2019-08-29 14:55:08 CST; 10min ago 8月 29 14:55:08 localhost.localdomain systemd[1]: Started backup my servce timer2. [root@localhost system]# systemctl show backup2.timer | grep Next NextElapseUSecRealtime=49y 7month 4w 1d 10h 30min #下次執行的日期。這不是以時間戳為依據,他依據的是Unix標准時間,就是1970-01-01 00:00:00.。。。。。49年,看起來很可怕,其實不可怕。還不到一個世紀 NextElapseUSecMonotonic=0
centos 7.X 預設啟動服務的內容
預設未啟動服務
課后例題。是一個將ssh的端口改成222的題目。
這里有個點,就是路徑的問題。一個/usr/lib/systemd/system 一個是/etc/systemd/system的問題,這兩個搞定,一般就沒問題了
[root@localhost ssh]# man sshd
SSHD(8) BSD System Manager's Manual SSHD(8)
NAME
sshd — OpenSSH SSH daemon
▽
SYNOPSIS
sshd [-46DdeiqTt] [-C connection_spec] [-c host_certificate_file] [-E log_file] [-f config_file] [-g login_grace_time] [-h host_key_file] [-o option] [-p port] [-u len]
DESCRIPTION
sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these programs replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network.
sshd listens for connections from clients. It is normally started at boot from /etc/rc. It forks a new daemon for each incoming connection. The forked daemons handle key exchange, encryption, authentication, command execu‐
tion, and data exchange.
sshd can be configured using command-line options or a configuration file (by default sshd_config(5)); command-line options override values specified in the configuration file. sshd rereads its configuration file when it
receives a hangup signal, SIGHUP, by executing itself with the name and options it was started with, e.g. /usr/sbin/sshd.
The options are as follows:
-4 Forces sshd to use IPv4 addresses only.
-6 Forces sshd to use IPv6 addresses only.
-C connection_spec
Specify the connection parameters to use for the -T extended test mode. If provided, any Match directives in the configuration file that would apply to the specified user, host, and address will be set before the
configuration is written to standard output. The connection parameters are supplied as keyword=value pairs. The keywords are “user”, “host”, “laddr”, “lport”, and “addr”. All are required and may be supplied in any
order, either with multiple -C options or as a comma-separated list.
-c host_certificate_file
Specifies a path to a certificate file to identify sshd during key exchange. The certificate file must match a host key file specified using the -h option or the HostKey configuration directive.
-D When this option is specified, sshd will not detach and does not become a daemon. This allows easy monitoring of sshd.
-d Debug mode. The server sends verbose debug output to standard error, and does not put itself in the background. The server also will not fork and will only process one connection. This option is only intended for
debugging for the server. Multiple -d options increase the debugging level. Maximum is 3.
-E log_file
Append debug logs to log_file instead of the system log.
-e Write debug logs to standard error instead of the system log.
-f config_file
Specifies the name of the configuration file. The default is /etc/ssh/sshd_config (這里是配置文件的位置). sshd refuses to start if there is no configuration file.
-g login_grace_time
Gives the grace time for clients to authenticate themselves (default 120 seconds). If the client fails to authenticate the user within this many seconds, the server disconnects and exits. A value of zero indicates
no limit.
-h host_key_file
Specifies a file from which a host key is read. This option must be given if sshd is not run as root (as the normal host key files are normally not readable by anyone but root). The default is
/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key. It is possible to have multiple host key files for the different host key algorithms.
-i Specifies that sshd is being run from inetd(8).
-o option
Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate command-line flag. For full details of the options, and their values,
see sshd_config(5).
-p port
[root@localhost ssh]#
[root@localhost ssh]# cp /etc/ssh/sshd_config /etc/ssh/sshd2_config #配置sshd2的配置文件
[root@localhost ssh]# vim sshd2_config
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
▽ This sshd was compiled with PATH=/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
Port 222 #增加端口222
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
"sshd2_config" 139L, 3907C 已寫入
[root@localhost ssh]# cd /etc/systemd/system
[root@localhost system]# cp /usr/lib/systemd/system/sshd.service ssh2.service 將usr中的sshd.service 拷貝到 ssh2.service .這里看清楚了,我是copy成了ssh2,應該是sshd2.service,這也是后面出的根源,后來我mv了
[root@localhost system]# vim sshd2.service #出錯了,提示是個新文件。就是因為我名字寫錯了
[root@localhost system]# ls
backup2.timer dbus-org.bluez.service dbus-org.freedesktop.nm-dispatcher.service getty.target.wants remote-fs.target.wants timers.target.wants
backup.service dbus-org.fedoraproject.FirewallD1.service default.target graphical.target.wants sockets.target.wants vmtoolsd.service.requires
backup.timer dbus-org.freedesktop.Avahi.service default.target.wants local-fs.target.wants ssh2.service vsftpd2.service
basic.target.wants dbus-org.freedesktop.ModemManager1.service dev-virtio\x2dports-org.qemu.guest_agent.0.device.wants multi-user.target.wants sysinit.target.wants
bluetooth.target.wants dbus-org.freedesktop.NetworkManager.service display-manager.service network-online.target.wants system-update.target.wants
[root@localhost system]# vim ssh2.service #當時想講錯就錯,其實這樣也沒問題的。只不過你需要啟動的服務就是ssh2.servcie而不是sshd2.service而已
[Unit]
Description=OpenSSH2 server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service
[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -f /etc/ssh/sshd2_config -D $OPTIONS #更改的這里,將sshd2_config配置文件添加到服務中
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
"ssh2.service" 17L, 399C 已寫入
[root@localhost system]# systemctl daemon-reload
[root@localhost system]# ssytemctl enable sshd2
bash: ssytemctl: 未找到命令...
相似命令是: 'systemctl'
[root@localhost system]# systemctl enable sshd2 #這里就是出錯的原因,因為我寫的是ssh2而不是sshd2,所以我設置默認啟動就出錯了,后來我mv了
Failed to execute operation: No such file or directory
[root@localhost system]# mv ssh2.service sshd2.service #在這里mv了
[root@localhost system]# systemctl enable sshd2
Created symlink from /etc/systemd/system/multi-user.target.wants/sshd2.service to /etc/systemd/system/sshd2.service.
[root@localhost system]# systemctl start sshd2.service #這里有出錯了,查看日志文件
Job for sshd2.service failed because the control process exited with error code. See "systemctl status sshd2.service" and "journalctl -xe" for details.
[root@localhost system]# systemctl status sshd2.service
● sshd2.service - OpenSSH2 server daemon
Loaded: loaded (/etc/systemd/system/sshd2.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since 四 2019-08-29 15:26:12 CST; 11s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 70144 ExecStart=/usr/sbin/sshd -f /etc/ssh/sshd2_config -D $OPTIONS (code=exited, status=255)
Main PID: 70144 (code=exited, status=255)
8月 29 15:26:12 localhost.localdomain systemd[1]: sshd2.service failed.
[root@localhost system]# tail -n 20 /var/log/messages #查看日志文件
Aug 29 15:26:12 localhost systemd: sshd2.service failed.
Aug 29 15:26:12 localhost dbus[6985]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Aug 29 15:26:14 localhost dbus[6985]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Aug 29 15:26:14 localhost setroubleshoot: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 222. For complete SELinux messages run: sealert -l ff1ceb2c-1778-4880-add3-c49f3d32e03d
Aug 29 15:26:14 localhost python: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 222.#012#012***** Plugin bind_ports (99.5 confidence) suggests ************************#012#012If you want to allow /usr/sbin/sshd to bind to network port 222#012Then you need to modify the port type.#012Do#012# semanage port -a -t PORT_TYPE -p tcp 222#012 where PORT_TYPE is one of the following: ssh_port_t, vnc_port_t, xserver_port_t.#012#012***** Plugin catchall (1.49 confidence) suggests **************************#012#012If you believe that sshd should be allowed name_bind access on the port 222 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sshd' --raw | audit2allow -M my-sshd#012# semodule -i my-sshd.pp#012
Aug 29 15:26:15 localhost setroubleshoot: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 222. For complete SELinux messages run: sealert -l ff1ceb2c-1778-4880-add3-c49f3d32e03d
Aug 29 15:26:15 localhost python: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 222.#012#012***** Plugin bind_ports (99.5 confidence) suggests ************************#012#012If you want to allow /usr/sbin/sshd to bind to network port 222#012Then you need to modify the port type.#012Do#012# semanage port -a -t PORT_TYPE -p tcp 222#012 where PORT_TYPE is one of the following: ssh_port_t, vnc_port_t, xserver_port_t.#012#012***** Plugin catchall (1.49 confidence) suggests **************************#012#012If you believe that sshd should be allowed name_bind access on the port 222 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sshd' --raw | audit2allow -M my-sshd#012# semodule -i my-sshd.pp#012
Aug 29 15:26:54 localhost systemd: sshd2.service holdoff time over, scheduling restart.
Aug 29 15:26:54 localhost systemd: Stopped OpenSSH2 server daemon.
Aug 29 15:26:55 localhost systemd: Starting OpenSSH2 server daemon...
Aug 29 15:26:55 localhost systemd: sshd2.service: main process exited, code=exited, status=255/n/a
Aug 29 15:26:55 localhost systemd: Failed to start OpenSSH2 server daemon.
Aug 29 15:26:55 localhost systemd: Unit sshd2.service entered failed state.
Aug 29 15:26:55 localhost systemd: sshd2.service failed.
Aug 29 15:26:55 localhost dbus[6985]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Aug 29 15:26:55 localhost dbus[6985]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Aug 29 15:26:55 localhost setroubleshoot: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 222. For complete SELinux messages run: sealert -l ff1ceb2c-1778-4880-add3-c49f3d32e03d
Aug 29 15:26:55 localhost python: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 222.#012#012***** Plugin bind_ports (99.5 confidence) suggests ************************#012#012If you want to allow /usr/sbin/sshd to bind to network port 222#012Then you need to modify the port type.#012Do#012# semanage port -a -t PORT_TYPE -p tcp 222#012 where PORT_TYPE is one of the following: ssh_port_t, vnc_port_t, xserver_port_t.#012#012***** Plugin catchall (1.49 confidence) suggests **************************#012#012If you believe that sshd should be allowed name_bind access on the port 222 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sshd' --raw | audit2allow -M my-sshd#012# semodule -i my-sshd.pp#012
Aug 29 15:26:56 localhost setroubleshoot: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 222. For complete SELinux messages run: sealert -l ff1ceb2c-1778-4880-add3-c49f3d32e03d
Aug 29 15:26:56 localhost python: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 222.#012#012***** Plugin bind_ports (99.5 confidence) suggests ************************#012#012If you want to allow /usr/sbin/sshd to bind to network port 222#012Then you need to modify the port type.#012Do#012# semanage port -a -t PORT_TYPE -p tcp 222#012 where PORT_TYPE is one of the following: ssh_port_t, vnc_port_t, xserver_port_t.#012#012***** Plugin catchall (1.49 confidence) suggests **************************#012#012If you believe that sshd should be allowed name_bind access on the port 222 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sshd' --raw | audit2allow -M my-sshd#012# semodule -i my-sshd.pp#012
[root@localhost system]# semanage port -a -t ssh_port_t -p tcp 222 #上面提示中的我加粗的那句 ,類型肯定是ssh_port_t
[root@localhost system]# systemctl start sshd2.service #成功啟動
[root@localhost system]# systemctl status sshd2.service
● sshd2.service - OpenSSH2 server daemon
Loaded: loaded (/etc/systemd/system/sshd2.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2019-08-29 15:29:01 CST; 9s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 70423 (sshd)
Tasks: 1
CGroup: /system.slice/sshd2.service
└─70423 /usr/sbin/sshd -f /etc/ssh/sshd2_config -D
8月 29 15:29:01 localhost.localdomain systemd[1]: sshd2.service holdoff time over, scheduling restart.
8月 29 15:29:01 localhost.localdomain systemd[1]: Stopped OpenSSH2 server daemon.
8月 29 15:29:01 localhost.localdomain systemd[1]: Starting OpenSSH2 server daemon...
8月 29 15:29:01 localhost.localdomain sshd[70423]: Server listening on 0.0.0.0 port 222.
8月 29 15:29:01 localhost.localdomain sshd[70423]: Server listening on :: port 222.
8月 29 15:29:01 localhost.localdomain systemd[1]: Started OpenSSH2 server daemon.
[root@localhost system]# netstat -tlnp |grep ssh
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 7675/sshd
tcp 0 0 0.0.0.0:222 0.0.0.0:* LISTEN 70423/sshd #222成功啟動
tcp6 0 0 :::22 :::* LISTEN 7675/sshd
tcp6 0 0 :::222 :::* LISTEN 70423/sshd #222成功啟動
好啦,這章結束,下一章。你學會了么?我反正學會了。。越學越喜歡。這玩意真的很有意思,就是命令太難記了,有的人喜歡死記硬背,我反正背不過,背不過的人只有一個字,多練。。。。多練多練多練。