Curently, i want auditd service run forever and user can not stop this via any commands.
Current my auditd service:
~]# systemctl cat auditd
# /usr/lib/systemd/system/auditd.service
[Unit]
Description=Security Auditing Service
DefaultDependencies=no
After=local-fs.target systemd-tmpfiles-setup.service
Conflicts=shutdown.target
Before=sysinit.target shutdown.target
RefuseManualStop=yes
ConditionKernelCommandLine=!audit=0
[Service]
ExecStart=/sbin/auditd -n
## To not use augenrules, copy this file to /etc/systemd/system/auditd.service
## and comment/delete the next line and uncomment the auditctl line.
## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
ExecStartPost=-/sbin/augenrules --load
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
# /etc/systemd/system/auditd.service.d/override.conf
[Service]
ExecReload=
ExecReload=/bin/kill -HUP $MAINPID ; /sbin/augenrules --load
I can't stop this service from command:
# systemctl stop auditd.service
Failed to stop auditd.service: Operation refused, unit auditd.service may be requested by dependency only.
But when i using service auditd stop command. I can stop this service normally.
# service auditd stop
Stopping logging: [ OK ]
How can i prevent it? Thanks
The administrator (root) will always be able to manually kill the auditd process (which is what the service command does). What systemd is doing here is only to prevent the administrator from doing it via the systemctl interface.
In both cases, unprivileged users can not kill the daemon.
If you want to restrict even what root can do, you will have to use SELinux and customize the policy.
Some actions of service command are not redirected to systemctl but run some specific scripts located in /usr/libexec/initscripts/legacy-actions.
In this case, stop command will call this script:
/usr/libexec/initscripts/legacy-actions/auditd/stop
If you want that, the audited service can't be stopped by service command, you can remove this script, the action "stop" will be redirected to systemctl, which will block it b/c of the parameter "RefuseManualStop=yes".
But this doesn't mean that you can't kill the process of course.
Related
I am using the nohup command with Python and Flask for background process. After I close the terminal it is working fine but after 1 or 2 days the process stops. Can someone tell me how to keep the background process running? I am using below command:
screen
space
nohup python -m flask run --cert local.crt --key local.key --host=0.0.0.0 --port=443 &
ctrl+a+d
Let's assume all your Flask code resides in the folder /home/abc_user/flask_app.
Steps
Create a file flask-server.service in /etc/systemd/system.
[Unit]
Description=Flask server
After=network.target
[Service]
User=abc_user
Group=abc_user
WorkingDirectory=/home/abc_user/flask_app
ExecStart=python -m flask run --cert local.crt --key local.key --host=0.0.0.0 --port=443
Restart=always
[Install]
WantedBy=multi-user.target
Run sudo systemctl daemon-reload.
Start the service using systemctl start flask-server.service.
Check that it has started by systemctl status flask-server.service. Status should say "running".
If you want your flask server to auto-start after reboots, run systemctl enable flask-server.service
Some common operations
Check current status - systemctl status flask-server.service
Start the service - systemctl start flask-server.service
Stop the service - systemctl stop flask-server.service
Check logs - journalctl -u flask-server.service
Stream logs - journalctl -f -u flask-server.service
Check logs in past 1 hour - journalctl -u flask-server.service --since "1 hour ago"
Try nohup python -m flask run --cert local.crt --key local.key --host=0.0.0.0 --port=443 >/dev/null 2>&1&
Use nohup , you should redirct you print to /dev/null or log, Otherwise it will be create a file nohup.out occupy disk space.
Most times we use gunicorn and supervisor to manager flask application.
Did you maybe shut down the computer the flask server is running on ?
If so, the problem will be solved by either not shutting down your computer or starting the flask server again after shutting down !
nohup is a POSIX command to ignore the HUP (hangup) signal. The HUP signal is, by convention, the way a terminal warns dependent processes of logout.
Output that would normally go to the terminal goes to a file called nohup.out if it has not already been redirected.
See nohup.out for searching errors in ./ or executed directory. It is no nohup error. Look nohup.out and google error and will refresh question.
Currently I wanted to run my dedicated server on my vps. When I run system systemctl start csgo.service it gives me error Load: error (Reason: Exec format error) when I run systemctl status csgo.service it gives me /lib/systemd/system/csgo.service:12: Executable path is not absolute: killall -TERM srcds_linux. Below are the service file that I am trying to run, am I making any mistake since it says format error?
[Unit]
Description=CSGO Server
[Service]
Type=simple
User=steam
Group=steam
Restart=on-failure
RestartSec=5
StartLimitInterval=60s
StartLimitBurst=3
ExecStart=/home/steam/steamcmd/csgo/srcds_run -game csgo -console -usercon +game_type 0 +game_mode 1 -tickrate 128 +mapgroup mg_active +map de_dust2 +sv_setsteamaccount GsltKeyHere -net_port_try 1
ExecStop=killall -TERM srcds_linux
[Install]
WantedBy=multi-user.target
My dedicated server files are inside /home/steam/steamcmd/csgo
Quoting the manual on unit files:
Note that shell command lines are not directly supported. If shell command lines are to be used, they need to be passed explicitly to a shell implementation of some kind.
Example: ExecStart=sh -c 'dmesg | tac'
You'll need to either use sh like that or figure out the actual path to your killall executable, e.g.
[Unit]
ExecStop=sh -c 'killall -TERM srcds_linux'
or
[Unit]
ExecStop=/sbin/killall -TERM srcds_linux
As an aside, that's not the best of ExecStop commands; it'll ruthlessly kill all srcds_linux executables, no matter if they're related to this service or not. Having no ExecStop command will have systemd terminate the service by itself:
Note that it is usually not sufficient to specify a command for this setting that only asks the service to terminate (for example, by queuing some form of termination signal for it), but does not wait for it to do so. Since the remaining processes of the services are killed according to KillMode= and KillSignal= as described above immediately after the command exited, this may not result in a clean stop. The specified command should hence be a synchronous operation, not an asynchronous one.
All Logstash errors logs in /var/log/logstash/* , but all the error logs of Logstash logs in /var/log/syslog too.
Is there any way to disable logging errors of Logstash in /var/log/syslog?
I suppose you run logstash from systemd. For unknown reason logstash print it's logs on stdout/stderr, so journald is forwarding console output to syslog.
Redirect stdout/err in systemd unit file like this:
[Service]
Type=simple
Restart=always
WorkingDirectory=/data/logstash
ExecStart=/usr/bin/sudo -u logstashuser bash -c "/opt/logstash/bin/logstash --path.settings /opt/logstash/conf >/dev/null 2>/logs/logstash/logstash.error.log"
then
systemctl daemon-reload
and
systemctl stop logstash.service
systemctl start logstash.service
Another solution is to modify /etc/systemd/system/logstash.service and change those two option as following
StandardOutput=null
StandardError=null
# cat /etc/systemd/system/logstash.service
[Unit]
Description=logstash
[Service]
Type=simple
User=logstash
Group=logstash
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
StandardOutput=null
StandardError=null
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384
# When stopping, how long to wait before giving up and sending SIGKILL?
# Keep in mind that SIGKILL on a process can cause data loss.
TimeoutStopSec=infinity
[Install]
WantedBy=multi-user.target
Then of course
#systemctl daemon-reload
#systemctl restart logstash
Many system daemon can be started using start/stop command. I was just curious how start/stop works on Linux system. Say I wrote a daemon executable, how should I configure it so that it can be controlled by start/stop in Linux.
I make a daemon in linux (ArchLinux) few years ago, and it works every day perfectly.
There are 2 ways to do this. Short way and long way:
Short Way:
Create a file in /etc/systemd/system/ called for example mydaemon.service :
/etc/systemd/system/mydaemon.service
[Unit]
Description=This is my first daemon! - Fernando Pucci
After=network.target
[Service]
User=root
WorkingDirectory=/root
Type=oneshotmc
RemainAfterExit=yes
ExecStart=/bin/echo -e "Daemon started"
ExecStop=/bin/echo -e "Daemon Stopped"
[Install]
WantedBy=multi-user.target
This service does nothing but show Daemon Started or Stopped. You can change echoes by the sentences you need.
If you need to run some script, try the Long way:
Long way
Create a file in some directory, like root folder or /usr/lib/systemd/scripts called for example
/root/mydaemon.sh
start() {
<your start sentences here
and here>
}
stop() {
<your stop sentences here
and here>
}
case $1 in
start|stop) "$1" ;;
esac
You must to make it runnable (chmod x)
(And you can execute it with start or stop parameter to test it.)
And as second step, create another file in
/usr/lib/systemd/system/mydaemon.service
[Unit]
Description=Second daemon of Fernando Pucci
After=network.target
[Service]
User=root
WorkingDirectory=/root
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/bash -c '/root/mydaemon.sh start'
ExecStart=/bin/echo -e "MyDaemon Started"
ExecStop=/bin/bash -c '/root/mydaemon.sh stop'
ExecStop=/bin/echo -e "MyDaemon Stopped"
[Install]
WantedBy=multi-user.target
Starting and Stopping
systemctl start mydaemon
systemctl stop mydaemon
systemctl status mydaemon
systemctl enable mydaemon
systemctl disable mydaemon
You (and someone) can send me a private msg for help about that.
I am doing a project read GPS values output from a GPS dongle and need to
programmatically start the gpsd daemon.
i.e. I need to automate the following command;
sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock
I was able to read the coordinates through the code after manually starting the daemon as above. But don't know how to start the daemon through he code.
Since gpsd is a daemon, you can just set the daemon up to be run automatically at startup. How to do this depends on which startup system you have. For example, if you have systemd, you have to write a gpsd.service file, something like this
[Unit]
Description=GPSd daemon service file
[Service]
Type=forking
User=root
Group=dialout
TimeoutStartSec=0
ExecStart=/usr/local/sbin/gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock
[Install]
# Grouping mechanism that let systemd start groups of processes up at the same time
WantedBy=multi-user.target
then install it in /lib/systemd/system and finally using the following commands
$ sudo systemctl enable gpsd
$ sudo systemctl start gpsd
the start command is just to run gpsd as systemd daemon without rebooting your system.
for debian its just
dpkg-reconfigure gps