Certified Linux Administrator System daemons (xinetd, inetd, rsyslogd and cron)

System daemons (xinetd, inetd, rsyslogd and cron)

A daemon is a background process that performs a specific function or system task. In keeping with the UNIX and Linux philosophy of modularity, daemons are  pro-grams rather than parts of the kernel. Many daemons start at boot time and continue to run as long as the system is up. Other daemons are started when needed and run only as long as they are useful.

Daemons  made their way from Multics to UNIX to Linux, where they are so popular that they need a superdaemon ( xinetd  or  inetd) to manage them.

Before  inetd was written, all daemons started at boot time and ran continuously (or more accurately, they blocked waiting for work to do). Over time, more and more daemons  were added to the system. The daemon population became so large that it began to cause performance problems. In response, the Berkeley gurus developed inetd, a daemon that starts other daemons as they are needed.  inetd  successfully popularized this superdaemon model, which remains a common way to minimize the number of processes running on a server. Most versions of UNIX and Linux now use a combination of inetd and always-running daemons.

init  is the first process to run after the system boots, and in many ways it is the most important daemon. It always has a PID of 1 and is an ancestor of all user processes and all but a few system processes. At startup, init  either places the system in single-user mode or begins to execute the scripts needed to bring the system to multiuser mode. When you boot the system into single-user mode, init  runs  the startup scripts after you terminate the single-user shell by typing   exit  or .

In multiuser mode,  init  is responsible for making sure that processes are available to handle logins on every login-enabled device. Logins on serial ports are generally handled by some variant of  getty (e.g.,  agetty ,  mgetty , or  mingetty.  init  also supervises a graphical login procedure that allows users to log directly in to X Windows.

In addition to its login management duties ,  init  also has the responsibility to exor-cise undead zombie processes that would otherwise accumulate on the system. init  defines several “run levels” that determine what set  of system resources should be enabled. There are seven levels, numbered 0 to 6. The name “s” is recognized as a  synonym for level 1 (single-user mode). The characteristics of each run level are defined  in the  /etc/inittab  file.

init  usually reads its initial run level from the  /etc/inittab  file, but the run level can also be passed in as an argument from the boot loader. If “s” is specified,  init  enters single-user mode. Otherwise, it scans  /etc/inittab  for entries that apply to the re-quested run level and executes their corresponding commands.

The  telinit  command changes  init ’s run level once the system is up. For example, telinit   4  forces  init  to go to run level 4 (which is unused on our example systems). telinit ’s most useful argument is  q, which causes  init  to reread the  /etc/inittab  file.

The  cron  daemon (known as crond  on Red Hat) is responsible for running com-mands at preset times. It accepts schedule files (“crontabs”) from both users and administrators. cron  is frequently employed for administrative purposes, including management of log files and daily cleanup of the filesystem.

The  atd daemon runs commands scheduled with the  at  command. Most versions of Linux also include the  anacron scheduler, which executes jobs at time intervals rather than at specific times.  anacron is particularly useful on systems that are not always turned on, such as laptops.

xinetd  and  inetd are daemons that manage other daemons. They start up their client daemons when there is work for them to do and allow the clients to die grace-fully once their tasks have been completed. The traditional version of inetd comes to us from the UNIX world, but most Linux distributions have migrated to xinetd , a souped-up alternative that incorporates security features similar to those formerly achieved through the use of tcpd , the “TCP wrappers” package. xinetd  also provides better protection against denial of service attacks, better log management features, and a more flexi-ble configuration language.
xinetd  and  inetd only work with daemons that provide services over the network. To find out when someone is trying to access one of their clients,  xinetd  and  inetd attach themselves to the network ports that would normally be managed by the qui-escent daemons. When  a connection occurs,  xinetd/inetd starts up the appropriate daemon and connects its standard  I/O channels to the network port. Daemons must be written with this convention in mind if they are to be compatible.


To change the daemons that loads at boot on Red Hat Linux, in a console, become root (type su -) and type setup, then in the menu select System Services. Various daemons are

acpid This a completely flexible, totally extensible daemon for delivering ACPI events. It listens on a file (/proc/acpi/event) and when an event occurs, executes programs to handle the event.
ACPI stands for: Advanced Configuration and Power Interface.
aep1000 For AEP 1000 coprocessors. It's used for hardware cryptographic acceleration under Linux.
anacron Anacron is a periodic command scheduler. It executes commands at intervals specified in days. Unlike cron, it does not assume that the system is running continuously.
Every time Anacron is run, it reads a configuration file that specifies the jobs Anacron controls, and their periods in days. If a job wasn't executed in the last n days, where n is the period of that job, Anacron executes it. Anacron then records the date in a special timestamp file that it keeps for each job, so it can know when to run it again
apmd The apmd package is a set of user-level programs to control the Advanced Power Management system found in all modern laptop computers and most modern desktops. apmd talks to the Linux kernel APM layer, which does all the hardware-dependent stuff.
atd atd runs jobs queued by at.
autofs Auto-autofs detects Disks, Partitions, CD-ROMs, Floppies etc. and sets up an automount configuration.
So it provides an easy access to the hardware.
Auto-autofs is a Perl script that searches the hardware for block devices using the /proc directory. It finds partitions on harddisks via fdisk and tries to detect the filesystems.
bcm5820 Hardware cryptographic accelerator support for Broadcom BCM5820 eCommerce Processor.
chargen Character Generator Protocol.
A useful debugging and measurement tool is a character generator service. A character generator service simply sends data without regard to the input. Listens on port 19 TCP/UDP.
Details: https://www.networksorcery.com/enp/RFC/Rfc864.txt
chargen-udp See chargen.
crond Daemon to execute scheduled commands.
cups The Common UNIX Printing System ("CUPS") is a cross-platform printing solution for all UNIX environments. It is based on the "Internet Printing Protocol" and provides complete printing services to most PostScript and raster printers.
cups-lpd This is the CUPS Line Printer Daemon ("LPD") mini-server that supports legacy client systems that use the LPD protocol.
daytime The Daytime Protocol (Internet RFC 867) is a simple protocol that allows clients to retrieve the current date and time from a remote server. While useful at a bsic level, the Daytime protocol is most often used for debugging purposes rather than actually acquire the current date and time. The daytime protocol is available on TCP port 13.
daytime-udp See daytime.
echo Service for testing, everything you send to port 7 (echo) would be sent back to you.
echo-udp see echo
gpm General Purpose Mouse Daemon. Necessary only if you want to use your mouse on the console (not xterms).
httpsd The apache web server.
iptables firewall
irda (Infrared Data Association) is an industry standard for infrared wireless communication.
irqbalance Daemon to balance irq's across multiple CPUs. Only useful on SMP systems (more than one processor)
isdn ISDN (Integrated Services Digital Network). Use only with ISDN network interfaces.
ktalk A graphical talk client for KDE.
kudzu Detects and configures new and/or changed hardware on a system.
lisa LISa is a small daemon which is intended to run on end user systems. It provides something like a "network neighborhood", but only relying on the TCP/IP protocol stack, no smb or whatever.
The information about the hosts in your "neighborhood" is provided via TCP port 7741.
To use it: from a client computer, open konqueror and type lan://targetIP
More information: https://lisa-home.sourceforge.net/
messagebus D-BUS is first a library that provides one-to-one communication between any two applications; dbus-daemon-1 is an application that uses this library to implement a message bus daemon. Multiple programs connect to the message bus daemon and can exchange messages with one another.
More information: https://www.freedesktop.org/software/dbus/doc/dbus-daemon-1.1.html
microcode_ctl It decodes and sends new microcode to the kernel driver to be uploaded to Intel IA32 processors. (Pentium Pro, PII, PIII, Pentium 4, Celeron, Xeon etc - all P6 and above, which does NOT include pentium classics)
It signals the kernel driver to release any buffers it may hold.
The microcode update is volatile and needs to be uploaded on each system boot i.e. it doesn't reflash your cpu permanently, reboot and it reverts back to the old microcode.
This driver is designed for Intel IA32 microprocessors only, it will not work with AMD or any other non-Intel processors as they don't support microcode updates or they support it in a manner different from Intel's specs.
More information: https://www.urbanmyth.org/microcode/   https://microcodes.sourceforge.net/
mysqld MySQL database server.
named DNS server. Bind.
netfs Network Filesystem Mounter. Needed for mounting NFS, SMB and NCP shares on boot.
network Activates all network interfaces at boot time.
nfslock To help manage file access conflicts and protect NFS sessions during failures, NFS offers a file and record locking service called the network lock manager. The network lock manager is a separate service NFS makes available to user applications. To use the locking service, applications must make calls to standard lock routines.
ntpd The ntpd sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol (NTP) version 4. Allows other computers to synchronize system time with your server.
pcmcia PCMCIA cards.
portmap The portmap service is a dynamic port assignment daemon for RPC services such as NIS and NFS.
postgresql PostgreSQL database server.
random Initialize kernel random number generator
rawdevices Block devices.  Links hardware to devices that store data.
rhnsd Red Hat Network Service. Informs you about official security and bug updates for your system.
rsync Its just like rpc with much more features. Provides a very fast method for bringing remote files into sync.
saslauthd SASL (Simple Authentication and Security Layer) authentication server. Server to allow others identify on this server.
sendmail Mail server, allows to send emails using this machine as mail server.
services An internal xinetd services, listing active services.
sgi_fam File Alteration Monitor, provides an API that applications can use to be notified when specific files or directories are changed. For example, consider a graphical file manager, when the user removes a file thru the file manager, their changes are visible immediately.
smartd Self Monitor Analysis and Reporting Technology System. Monitor you hard disk for failures.
smb Samba, allows to share and access MS windows network.
snmpd Simple Network Management protocol. A standard protocol for non-windows networks.
More information: https://www.ncsa.uiuc.edu/UserInfo/Resources/Hardware/IBMp690/IBM/usr/share/man/info/en_US/a_doc_lib/cmds/aixcmds5/snmpd.htm
snmptrapd This is an SNMP application that recieves and logs SNMP TRAP and INFORM messages. Uses UDP port 162.
squid Web proxy cache. https://www.squid-cache.org/
sshd Secure Shell daemon, allows secure and remote logging to this machine.
syslog Logs all system activities.
time Retrieve the date and time from a host or hosts on the network and set the local system time TCP version.
time-udp Retrieve the date and time from a host or hosts on the network and set the local system time UDP version.
tux The TUX Web Server is an HTTP daemon for Linux . The TUX Web Server is different from other Web servers in that it runs partially from within the Linux kernel as a module, or kernel subsystem. Given sufficient networking cards, it enables direct scatter-gather direct memory access (DMA) and hardware-based TCP/IP checksums from the page cache (the Linux file data cache) directly to the network, avoiding extra data copies.
vncserver VNC stands for Virtual Network Computing. It is remote control software which allows you to view and interact with one computer (the "server") using a simple program (the "viewer") on another computer anywhere on the Internet.
More  information: https://www.realvnc.com/
vsftpd Secure FTP daemon.
More information: https://vsftpd.beasts.org/

Winbind is an nss switch module to map Windows NT Domain databases to Unix.
In combination with Samba and pam_ntdom, a Unix box will be able to integrate straight into a full Windows NT Domain environment, without needing a Unix Account database.
More information: https://www.samba.org/

xfs The X font server (xfs) provides a standard mechanism for an X server to communicate with a font renderer, frequently running on a remote machine. It usually runs on TCP port 7100.
You need to be running xfsif you want a remote X terminal to be able to use fonts from your system, or if you want to use fonts that your X server doesn't understand (and the font server does).
xinetd Service wrapper. xinetd is a replacement for inetd, the internet services daemon.
xinetd - eXtended InterNET services daemon - provides a good security against intrusion and reduces the risks of Denial of Services (DoS) attacks. Like the well known couple (inetd+tcpd), it enables the configuration of the access rights for a given machine.
More information: https://www.xinetd.org/
yum yum is an automatic updater and package installer/remover for rpm systems.
It automatically computes dependencies and figures out what things should occur to install packages.
It makes it easier to maintain groups of machines without having to manually update each one using rpm.
More information: https://linux.duke.edu/projects/yum/


 For Support