Systemd
An introduction into systemd
Systemd
is a system and service manager for systems running Linux. Many popular Linux distributions implemented systemd to replace the existing SysV init system, modernizing how services are started and monitored. Benefits of systemd include providing a faster boot process, a more structured approach to service management, and introduces new features.
The additional features that systemd increase the stability of the system and make services more secure. This is done by making use of some components that are part of the Linux kernel, such as cgroups, namespaces, and sandboxing functionality.
Systemd also implemented a new approach to logging. It uses a journal, a binary log that is focused on efficiency and making it available to all services. It replaces most of the standard syslog functionality that is normally responsible for storing events.
Systemd was created by Lennart Poettering and Kay Sievers with its first release (version 1) in 2010. The first Linux distribution to adopt systemd was Fedora Linux 2011, followed by OpenSUSE (2011), Arch Linux (2012), Mageia (2013), RHEL and derivatives (2014), then Debian and Ubuntu (2015.
Learn more: What is systemd?
Systemd units
To monitor and manage services on a system using systemd, unit files are used. These text-based files define what to run or do, relevant conditions, and any applicable dependencies.
Learn more:
What are the available systemd commands?
Systemd has a wide range of commands to interact with the individual systemd components. As the list is long, have a look at the overview of systemd commands to see them all, their purpose, and when they were introduced.
Relevant cheat sheets:
Using systemd for security
The unit settings of systemd allow to leverage sandboxing functionality and restricted resources. They can be used to harden systemd services, reducing the related risks of possible vulnerabilities or misuse.
Hardening profiles for systemd
To guide in securing systemd services, consider implementing the systemd hardening profiles for your services.
| Software | Description | Service | Version |
|---|---|---|---|
| Apache | Web server | apache2 | 0.2 |
| Dovecot | IMAP and POP3 server | dovecot | 0.2alpha |
| nginx | Web server | nginx | 0.4 |
| OpenSMTPD | SMTP daemon originally created by developers for OpenBSD and ported to Linux and others | opensmtpd | 0.1 |
Articles for systemd
Sometimes systemd units like services and timers may fail. Learn how to troubleshoot such issues and resolve them much easier.
Collection of predefined hardening profiles for systemd that can be used to secure your applications. With detailed explanation of the unit settings.
Harden systemd services with this step-by-step guide to gather the right information to define sandboxing features and secure and protect resources from misuse.
Learn how to use the run0 command part of systemd, its purpose, and how to use it for elevating privileges to run privileged tasks.
Running a Linux system with systemd? All relevant systemd commands in one overview, their purpose, and when they were first introduced.
Systemd has a wide set of unit settings available that can be used to secure units and system services. Learn which ones and how to implement them.
Systemd can be configured and fine-tuned beyond imagination. This section covers what and where you can configure them, such as the many unit settings.
Learn more about the system calls (syscalls) that systemd may use in commands and unit files, such as with SystemCallFilter property.
Systemd timers are the unit type for scheduled tasks on Linux similar to cron. Learn how to configure them and how they differ from cron.
Which systemd unit types are available and what is their goal? In this article we cover them and show some useful commands related to these units.
Systemd units may be shown in a failed state if something goes wrong. Learn how to troubleshoot these failed units, possible causes, and how to resolve them.
Frequently Asked Questions
How to list all services with systemctl?
Run systemctl with the 'list-unit-files' subcommand and provide a filter to list all services.
How to see the systemd version?
Run systemctl with the '--version' option.
How to reload or restart a systemd service?
Use the systemctl command with the 'reload' or 'restart' subcommand, followed by the service.
How to check if a systemd service is enabled?
Use the systemctl command with the 'is-enabled' subcommand, followed by the service.
How to set environment variables in a systemd unit?
Define Environment or EnvironmentFile in the systemd unit to set the environment variable directly or have it retrieved from a file.
How to verify a systemd unit for errors?
Run the systemd-analyze command with the 'verify' subcommand, followed by the unit file.
Why does systemctl list-units show units as 'not-found'?
Units may be shown as 'not-found' if they are listed as a target in another unit file, but are not available or unknown to systemd.
How to see active systemd timers?
Run systemctl with the 'list-timers' subcommand.
How to clear systemd journal logs by time?
Run the journalctl command and define a vacuum time to clear out the journal logs.
How to schedule a periodic task with systemd?
To create a repeating task, create a timer unit and link that to an existing service unit.
How to check if systemd is being used or active?
Use the ps command to see if systemd is used as process ID (PID) 1.
How to see all enabled services with systemctl?
Run systemctl with the 'list-unit-files' subcommand and provide a filter to only show enabled services.
What does 'systemctl daemon-reload' do?
When running 'systemctl daemon-reload', the systemd manager configuration is reloaded. It does this by running the generators that are helper scripts to create non-native systemd scripts. The dependency tree that links units in the right order is recreated and unit files containing their configuration are reloaded.
How to check if 'systemctl daemon-reload' is needed?
Use systemctl to show the NeedDaemonReload property of the specific unit.
How to see which syscalls are part of a systemd syscall filter set?
Run the systemd-analyze with the syscall-filter subcommand and the relevant system call set.
What is the difference between systemctl disable and systemctl mask?
Using systemctl disable will no longer automatically start a service, while systemctl mask will administratively disable a service from running at all.
How to use systemctl edit?
Run systemctl with the 'edit' subcommand and service.
How to see only running services with systemctl?
Run systemctl and define the type (--type) and state (--state) options.
How to disable the background color of run0
Use run0 with the --background option and leave the value empty.
How to see memory usage of a service with systemctl?
Run systemctl with the 'show' subcommand and select the MemoryCurrent property, followed by the service.
See all frequently asked questions for Systemd