Managing Initscripts with Red Hat's chkconfig
So far, so good. We've seen how to view, modify and delete services using chkconfig. It's time to add a new service. Take the script named oracle (see Listing 1).
Using this script, Oracle 8 can be started with the “start” argument and terminated with the “stop” argument. This meets the minimum requirements of an initscript that can be used in conjunction with the launch script /etc/rc.d/rc.
Place the script in /etc/rc.d/init.d and run (as root)
chmod +x /etc/rc.d/init.d/oracle
to make the script executable. If you are concerned about normal users seeing the script, you could try more restrictive file permissions, as long as the script is executable by root as a standalone script.
Notice the two comments lines in the script:
#chkconfig: 2345 80 05 #description: Oracle 8 Server
These lines are needed by chkconfig to determine how to establish the initial runlevels to add the service as well as set the priority for the start-and-stop script execution order. These lines denote the script will start Oracle 8 server for the runlevels 2, 3, 4 and 5. In addition, the start priority will be set to 80 while the stop priority will be 05.
Now that the script is in place with the appropriate execute permissions and the required chkconfig comments are in place, we can add the initscript to the chkconfig configuration by typing, as root, chkconfig --add oracle.
Using chkconfig's query feature, we can verify our addition:
[root]# chkconfig --list | grep oracle oracle 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Also, we can type our standard find command to see how chkconfig set up the symbolic links:
[root]# find /etc/rc.d -name '*oracle' -print /etc/rc.d/init.d/oracle /etc/rc.d/rc0.d/K05oracle /etc/rc.d/rc1.d/K05oracle /etc/rc.d/rc2.d/S80oracle /etc/rc.d/rc3.d/S80oracle /etc/rc.d/rc4.d/S80oracle /etc/rc.d/rc5.d/S80oracle /etc/rc.d/rc6.d/K05oracleAs requested, the names of the kill links contain the priority 05 while the start links contain 80. If we need to adjust the priorities, (e.g., our stop priority needs to be 03), simply modify the chkconfig comment lines in the initscript for oracle and run the reset command, as shown below. The resulting symbolic links will be renamed accordingly:
[root]# chkconfig oracle reset [root]# find /etc/rc.d -name '*oracle' -print /etc/rc.d/init.d/oracle /etc/rc.d/rc0.d/K03oracle /etc/rc.d/rc1.d/K03oracle /etc/rc.d/rc2.d/S80oracle /etc/rc.d/rc3.d/S80oracle /etc/rc.d/rc4.d/S80oracle /etc/rc.d/rc5.d/S80oracle /etc/rc.d/rc6.d/K03oracle
As many of you already know, inetd was replaced by xinetd in Red Hat 7. In addition, chkconfig functionality has been extended to manage some of the functionality of xinetd's Internet services. Sample output is shown below:
[root]# chkconfig --list ... xinetd based services: finger: on linuxconf-web: off rexec: off rlogin: off rsh: off ntalk: off talk: off telnet: on tftp: off wu-ftpd: on
To disable a xinetd feature, perhaps finger, you could type [root]# chkconfig finger off.
Pretty neat, huh? However, there is one “gotcha”. When the configuration is changed, the xinetd is signaled automatically to reload the new configuration with the command /etc/init.d/xinetd reload, that is executed by chkconfig. This script performs a kill with the SIGUSR2 signal which instructs xinetd to perform a hard reconfiguration.
What does that mean? Well, when I tested it, the active sessions of services offered through xinetd (i.e., Telnet, FTP, etc.) were immediately terminated. That might not be a problem for you, assuming you can plan the best time to disable/enable xinetd services on your system. As an alternative, you can modify the /etc/init.d/xinetd script so that the reload option sends a SIGUSR1 signal, which is a soft reconfiguration. This will restart the services without terminating existing connections.
Adding xinetd services for chkconfig management is as simple as adding an xinetd service file into the /etc/xinetd.d directory. The chkconfig utility will automatically pick it up and make it available for management through the chkconfig utility. Neat!
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- The US Government and Open-Source Software
- New Container Image Standard Promises More Portable Apps
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide