List and describe the three options you will find in the Status column of the server services menu.

What will be an ideal response?

The Status column indicates the current status of the service as follows:
• Started shows that the service is running.
• Paused means that the service is started, but is not available to users.
• A blank means that the service is halted or has not been started.

Computer Science & Information Technology

You might also like to view...

Which of the following components is required to connect multiple servers to a SAN?

A. Router B. HBA C. RAID controller D. Fiber switch

View

Computer Science & Information Technology

The process PID 395 is nginx. How could that be concluded from the output above?

Display the services currently running. a. Use the ps command to display all the programs running in the background:

[analyst@secOps ~]$ sudo ps –elf
[sudo] password for analyst:
F S UID  PID PPID C PRI NI ADDR SZ WCHAN  STIME TTY  TIME     CMD
4 S root 1    0   0 80  0   - 2250 SyS_ep Feb27  ?  00:00:00 /sbin/init
1 S root 2    0   0 80  0   -    0 kthrea Feb27  ?  00:00:00 [kthreadd]
1 S root 3    2   0 80  0   -    0 smpboo Feb27  ?  00:00:00 [ksoftirqd/0]
1 S root 5    2   0 60  -20 -    0 worker Feb27  ?  00:00:00 [kworker/0:0H]
1 S root 7    2   0 80  0   -    0 rcu_gp Feb27  ?  00:00:00 [rcu_preempt]
1 S root 8    2   0 80  0   -    0 rcu_gp Feb27  ?  00:00:00 [rcu_sched]
1 S root 9    2   0 80  0   -    0 rcu_gp Feb27  ?  00:00:00 [rcu_bh]
1 S root 10   2   0 -40 -   -    0 smpboo Feb27  ?  00:00:00 [migration/0]
1 S root 11   2   0 60  -20 -    0 rescue Feb27  ?  00:00:00 [lru-add-drain]
5 S root 12   2   0 -40 -   -    0 smpboo Feb27  ?  00:00:00 [watchdog/0]
1 S root 13   2   0 80  0   -    0 smpboo Feb27  ?  00:00:00 [cpuhp/0]
5 S root 14   2   0 80  0   -    0 devtmp Feb27  ?  00:00:00 [kdevtmpfs]
1 S root 15   2   0 60  -20 -    0 rescue Feb27  ?  00:00:00 [netns]
1 S root 16   2   0 80  0   -    0 watchd Feb27  ?  00:00:00 [khungtaskd]
1 S root 17   2   0 80  0   -    0 oom_re Feb27  ?  00:00:00 [oom_reaper]

b. In Linux, programs can also call other programs. The ps command can also be used to display such process hierarchy. Use –ejH options to display the currently running process tree.

[analyst@secOps ~]$ sudo ps –ejH
[sudo] password for analyst:

  1     1     1 ?        00:00:00 systemd
  167   167   167 ?        00:00:01   systemd-journal
  193   193   193 ?        00:00:00   systemd-udevd
  209   209   209 ?        00:00:00   rsyslogd
  210   210   210 ?        00:01:41   java
  212   212   212 ?        00:00:01   ovsdb-server
  213   213   213 ?        00:00:00   start_pox.sh
  224   213   213 ?        00:01:18     python2.7
  214   214   214 ?        00:00:00   systemd-logind
  216   216   216 ?        00:00:01   dbus-daemon
  221   221   221 ?        00:00:05   filebeat
  239   239   239 ?        00:00:05   VBoxService
  287   287   287 ?        00:00:00   ovs-vswitchd
  382   382   382 ?        00:00:00   dhcpcd
  387   387   387 ?        00:00:00   lightdm
  410   410   410 tty7     00:00:10     Xorg
  460   387   387 ?        00:00:00     lightdm
  492   492   492 ?        00:00:00       sh
  503   492   492 ?        00:00:00         xfce4-session
  513   492   492 ?        00:00:00           xfwm4
  517   492   492 ?        00:00:00           Thunar
  1592  492   492 ?        00:00:00             thunar-volman
  519   492   492 ?        00:00:00           xfce4-panel
  554   492   492 ?        00:00:00             panel-6-systray
  559   492   492 ?        00:00:00             panel-2-actions
  523   492   492 ?        00:00:01           xfdesktop
  530   492   492 ?        00:00:00           polkit-gnome-au
  395   395   395 ?        00:00:00   nginx
  396   395   395 ?        00:00:00     nginx
  408   384   384 ?        00:01:58   java
  414   414   414 ?        00:00:00   accounts-daemon
  418   418   418 ?        00:00:00   polkitd

c. As mentioned before, servers are essentially programs, often started by the system itself at boot time. The task performed by a server is called service. In such fashion, a web server provides web services. The netstat command is a great tool to help identify the network servers running on a computer. The power of netstat lies on its ability to display network connections. In the terminal window, type netstat.

[analyst@secOps ~]$ netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp   0      0      localhost.localdo:48746 localhost.local:wap-wsp ESTABLISHED
tcp   0      0      localhost.localdo:48748 localhost.local:wap-wsp ESTABLISHED
tcp6  0      0      localhost.local:wap-wsp localhost.localdo:48748 ESTABLISHED
tcp6  0      0      localhost.local:wap-wsp localhost.localdo:48746 ESTABLISHED
tcp6  0      0      localhost.local:wap-wsp localhost.localdo:48744 ESTABLISHED
tcp6  0      0      localhost.localdo:48744 localhost.local:wap-wsp ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type  State I-Node Path
unix  3      [ ]   DGRAM       8472   /run/systemd/notify
unix  2      [ ]   DGRAM       8474   /run/systemd/
cgroups-agent

d. Use netstat with the –tunap options to adjust the output of netstat. Notice that netstat allows multiple options to be grouped together under the same “- ” sign. The information for the nginx server is highlighted.

[analyst@secOps ~]$ sudo netstat -tunap
[sudo] password for analyst:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address   Foreign Address State
PID/Program name
tcp   0      0      0.0.0.0:80      0.0.0.0:*       LISTEN
395/nginx: master p
tcp   0      0      0.0.0.0:21      0.0.0.0:*       LISTEN
279/vsftpd
tcp   0      0      0.0.0.0:22      0.0.0.0:*       LISTEN
277/sshd
tcp   0      0      0.0.0.0:6633    0.0.0.0:*       LISTEN
257/python2.7
tcp6  0      0      :::22           :::*            LISTEN
277/sshd
tcp6  0      0      :::23           :::*            LISTEN
1/init
udp   0      0      192.168.1.15:68   0.0.0.0:*
237/systemd-network

Clients will connect to a port and, using the correct protocol, request information from a server. The netstat output above displays a number of services that are currently listening on specific ports. Interesting columns are: ? The first column shows the Layer 4 protocol in use (UDP or TCP, in this case). ? The third column uses the format to display the local IP address and port on which a specific server is reachable. The IP address 0.0.0.0 signifies that the server is currently listening on all IP addresses configured in the computer. ? The fourth column uses the same socket format to display the address and port of the device on the remote end of the connection. 0.0.0.0:* means that no remote device is currently utilizing the connection. ? The fifth column displays the state of the connection. ? The sixth column displays the process ID (PID) of the process responsible for the connection. It also displays a short name associated to the process. e. Sometimes it is useful to cross the information provided by netstat with ps. Based on the output of item (d), it is known that a process with PID 395 is bound to TCP port 80. Port 395 is used in this example. Use ps and grep to list all lines of the ps output that contain PID 395:

[analyst@secOps ~]$ sudo ps -elf | grep 395
[sudo] password for analyst:
1 S root 395 1 0 80 0 - 1829 sigsus Feb27 ? 00:00:00
nginx: master process /usr/bin/nginx -g pid /run/nginx.pid; error_log stderr;
5 S http 396 395 0 80 0 - 1866 SyS_ep Feb27 ? 00:00:00
nginx: worker process
0 S analyst 3789 1872 0 80 0 - 1190 pipe_w 14:05 pts/1 00:00:00 grep
395

In the output above, the ps command is piped through the grep command to filter out only the lines containing the number 395. The result is three lines with text wrapping. The first line shows a process owned by the root user (third column), started by another process with PID 1 (fifth column), on Feb27 (twelfth column) with command /usr/bin/nginx -g pid /run/nginx.pid; error_log stderr; The second line shows a process with PID 396, owned by the http user, started by process 395, on Feb27. The third line shows a process owned by the analyst user, with PID 3789, started by a process with PID 1872, as the grep 395 command.

View

Computer Science & Information Technology