Last change: 2025-01-06
Linux systems using systemd can use the systemctl command to list all available and active service units. Learn how to use the command with these tips.
Commands:
Systemd articles
Last change: 2025-01-06
Harden Linux system services by restricting systemd units with the SecureBits setting, which enables special behavior related to Linux capabilities.
Commands:
- capsh
- ps
- sudo
- systemd-run
Last change: 2025-01-06
Harden Linux system services by restricting systemd units to remove any Inter-Process Communication (IPC) objects are a service is stopped.
Last change: 2025-01-06
Harden services on Linux with systemd unit setting PrivateUsers. It defines a new user namespace for the service and provides process capability isolation.
Commands:
- systemd-run
Last change: 2025-01-06
Harden services on Linux by using the systemd unit setting KeyringMode, which defines if the kernel session keyring information is available to the service.
Last change: 2025-01-06
Harden Linux system services by restricting systemd units to change the hostname or NIS domain name of the system with the unit setting ProtectHostname.
Last change: 2025-01-06
Harden system services on Linux by allowing systemd units to access only the specified paths with read permissions using the unit setting ReadOnlyPaths.
Last change: 2025-01-06
Harden Linux services using the systemd unit setting PrivateMounts, which gives the service the service its own mount namespace.
Last change: 2025-01-10
Harden the Dovecot IMAP and POP3 server configuration with the help of this predefined profile and leverage systemd sandboxing capabilities.
Last change: 2025-01-06
Harden Linux services by restricting systemd units to access the network interfaces of the host system using the PrivateNetwork unit setting.
Commands:
- systemd-run
Last change: 2025-01-06
The version of systemd defines the available features and commands that is has to offer. Learn how to query the systemd version number.
Commands:
- busctl
- systemctl
Last change: 2025-01-06
Harden services on Linux by using the systemd unit setting PrivatePIDs, which allows running a service in its private PID namespace.
Commands:
- systemd-run
Last change: 2025-01-06
Harden systemd services with this step-by-step guide to gather the right information to define sandboxing features and secure and protect resources from misuse.
Commands:
- auditctl
- ausearch
- grep
- journalctl
- strace
- strings
- systemctl
- which
Last change: 2025-01-06
Harden the Apache web server configuration with the help of this predefined profile that implements systemd sandboxing capabilities and restricting resources.
Last change: 2025-01-06
Systemd can track the number of network packets and data traffic of services with unit setting IPAccounting. See how to configure this setting for services.
Last change: 2025-01-06
Tighten the already secure OpenSMTPD software on Linux by using this predefined profile that uses the systemd sandboxing options.
Last change: 2025-01-06
Services that are controlled with systemd can be reloaded or restarted depending on their configuration. Use systemctl to perform the related restart tasks.
Commands:
Last change: 2025-01-06
Systemd units can be enabled or disabled based on multiple factors, such as meeting specific dependencies. Learn how to see if a systemd service is enabled.
Last change: 2025-01-06
Systemd units can be configured to contain environment variables and passed along to the underlying application. Learn how to configure this unit setting.
Last change: 2025-01-06
Harden system and user services by configuring systemd units with more strict file permissions using the unit setting RuntimeDirectoryMode.
Commands:
Last change: 2025-01-06
Run0 is a command part of systemd that is intended as an alternative to the sudo command. Both elevate privileges, but are slightly different.
Commands:
Last change: 2025-01-06
Learn how to troubleshoot issues with systemd units by verifying the unit files for any errors. One of the tools to help is systemd-analyze.
Commands:
Last change: 2025-01-06
Troubleshoot issues like units being marked as 'not-found' in the output of systemctl list-units. This articles help with the steps to take.
Commands:
Last change: 2025-01-06
Systemd timers are scheduled tasks for Linux systems. Show timer information with the systemctl command such as status, last execution, and its schedule.
Commands:
Last change: 2025-01-06
Harden system and user services by configuring systemd units with a strict umask value using the unit setting UMask. Learn how to configure it in your units.
Commands:
- systemd-run
Last change: 2025-01-06
Harden system and user services on Linux by restricting systemd units to use realtime scheduling with the unit setting RestrictRealtime.
Last change: 2025-01-06
Harden services by restricting systemd units to set the set-user-ID (suid) or set-group-ID (sgid) bit on files with the unit setting RestrictSUIDSGID.
Last change: 2025-01-06
Harden system and user services on Linux by restricting systemd units to only use specified namespaces with the unit setting RestrictNamespaces.
Commands:
- strace
- strings
Last change: 2025-01-06
Improve the security of services by defining what Linux capabilities are allowed with the help of systemd unit setting CapabilityBoundingSet.
Last change: 2025-01-06
Restrict systemd units to access information from the kernel tunables in the /proc and /sys directories with the unit setting ProtectKernelTunables.
Last change: 2025-01-06
Learn how to harden systemd units by preventing processes from switching their personality (kernel execution domain) with the LockPersonality setting.
Last change: 2025-01-06
Learn how to harden systemd unit by preventing processes and their children from obtaining new privilege with the NoNewPrivileges setting.
Last change: 2025-01-07
Harden Linux services using the systemd unit setting SystemCallArchitectures, to restrict access to files in /dev and limit those to common pseudo-devices.
Last change: 2025-01-06
Harden Linux services using the systemd unit setting PrivateDevices, to restrict access to files in /dev and limit those to common pseudo-devices.
Last change: 2025-01-06
Learn how to harden systemd units by giving processes their own view on temporary directories /tmp and /var/tmp, preventing possible misuse.
Commands:
- systemd-run
Last change: 2025-01-06
Harden system services by using the systemd unit settings such as NoExecPaths to disable program execution from specified paths.
Last change: 2025-01-07
Harden system services by using the systemd unit settings such as ExecPaths and NoExecPaths to allow program execution from only specified paths.
Last change: 2025-01-06
Learn how to harden systemd units by marking some paths within the file system as read-only with the ProtectControlGroups unit setting.
Last change: 2025-01-06
Learn how to harden systemd units by marking some paths within the file system as read-only with the ProtectSystem unit setting.
Last change: 2025-01-06
Harden system and user services by restricting systemd units to access clock information with the ProtectClock unit setting.
Commands:
- gcc
- strace
- systemd-run
Last change: 2025-01-06
Learn how to use the journalctl command to query the disk usage of the journal logs and how to clean or trim them by number, size, or age.
Commands:
Last change: 2025-01-06
Linux systems using systemd, use timers to schedule a repeating task. Learn how to configure these systemd timer units and fine-tune them.
Last change: 2025-01-10
The command systemd-analyze helps analyzing systemd components to optimize the system including performance and security.
Last change: 2025-01-06
Want to know if systemd is used on your Linux distribution? Learn how to quickly confirm that systemd is being used as your system and service manager.
Commands:
- ps
Last change: 2025-01-06
Linux systems using systemd have the systemctl command available that can be used to show all service units, including a filter for only those that are enabled.
Commands:
Last change: 2025-01-06
Harden the nginx configuration with the help of this predefined profile that implements systemd sandboxing capabilities and restricting resources.
Last change: 2025-01-06
Collection of predefined hardening profiles for systemd that can be used to secure your applications. With detailed explanation of the unit settings.
Last change: 2025-01-06
Harden system and user services by allowing systemd units to only use system call bind() on sockets specified with the unit setting SocketBindAllow.
Last change: 2025-01-06
Harden system and user services by restricting systemd units to use system call bind() on sockets specified with the unit setting SocketBindDeny.
Last change: 2025-01-07
Harden system and user services on Linux by restricting systemd units to access devices in the /dev directory with the unit setting DevicePolicy.
Last change: 2025-01-06
Restrict systemd units to access devices in the /dev directory with the unit setting DeviceAllow. Learn how to configure it for your services.
Last change: 2025-01-06
Systemd units may be shown in a failed state if something goes wrong. Learn how to troubleshoot these failed units, possible causes, and how to resolve them.
Commands:
Last change: 2025-01-06
When making changes to systemd unit files, you may need to use systemctl daemon-reload. This article explains why and what happens next.
Commands:
Last change: 2025-01-06
When systemd units are changed, a 'systemctl daemon-reload' might be needed. Need to know why? We can find the relevant units with some scripting.
Commands:
Last change: 2025-01-06
Systemd units can be filtered using the SystemCallFilter setting. Learn how to see what syscalls are part of a particular syscall filter set.
Commands:
Last change: 2025-01-06
Harden system and users services, by defining if they are allowed to use specific syscalls or groups, with the use of systemd unit setting SystemCallFilter.
Last change: 2025-01-06
Learn more about the system calls (syscalls) that systemd may use in commands and unit files, such as with SystemCallFilter property.
Commands:
- awk
- grep
- sort
- strings
- uniq
Last change: 2025-01-06
Want to disable a systemd service unit, but wondering the difference between systemctl disable and systemctl mask? This article explains the differences.
Commands:
Last change: 2025-01-06
Systemd allows customizing services with overrides. Learn how to edit an existing systemd service unit with the systemctl edit command.
Commands:
Last change: 2025-01-06
Linux systems using systems may use the systemctl command to query services. Use a filter to reduce its output and only show all running services.
Commands:
Last change: 2025-01-06
Systemd version 256 introduced the run0 command to run privileged commands. Learn how to get everything out of run0 tool and replace sudo.
Last change: 2025-01-06
Learn how to use the run0 command part of systemd, its purpose, and how to use it for elevating privileges to run privileged tasks.
Commands:
Last change: 2025-01-06
The background color of run0, part of systemd, can be changed with the '--background' option. This way another color can be configured instead of its default.
Commands:
Last change: 2025-01-06
Block the ability for systemd units to create or alter memory segments to become writable and executable as well with the unit setting MemoryDenyWriteExecute.
Last change: 2025-01-06
Harden system and user services on Linux by limiting systemd units to access specified paths with the unit setting InaccessiblePaths.
Last change: 2025-01-06
The systemctl command can be used to show the memory usage of a service managed by systemd. Use the subcommand 'status' to find the details about a unit.
Commands:
Last change: 2025-01-06
Linux systems using systemd can use the systemctl command to show the all applied unit settings. This can be used on units like a service.
Commands:
Last change: 2025-01-06
Systemd units have their own configuration file. The systemctl 'edit' command can be used to override settings of a systemd unit, including services.
Commands:
Last change: 2025-01-06
Harden system and user services on Linux by allowing systemd units access to only the specified paths to read or write with the unit setting ReadWritePaths.
Last change: 2025-01-07
Secure your nginx service by using security features provided by systemd. We have a look at the available options that systemd units can offer.
Last change: 2025-01-06
Systemd has a wide set of unit settings available that can be used to secure units and system services. Learn which ones and how to implement them.
Commands:
Last change: 2025-01-06
Harden system and user services by restricting systemd units to access information from the /proc directory with the unit setting ProcSubset.
Last change: 2025-01-06
Harden system and user services on Linux by restricting systemd units using only the specified socket address families with setting RestrictAddressFamilies.
Last change: 2025-01-06
Harden system and user services by restricting systemd units to access information from the /proc directory with the unit setting ProtectProc.
Last change: 2025-01-06
Harden system and user services by restricting systemd units to access data in home directories with the unit setting ProtectHome.
Last change: 2025-01-06
Secure system and user services by restricting systemd units to read or write to the kernel log ring buffer with the unit setting ProtectKernelLogs.
Last change: 2025-01-06
Secure system and user services by restricting systemd units to load kernel modules with the ProtectKernelModules unit setting.
Last change: 2025-01-06
Linux systems running systemd can use the timedatectl command to show time synchronization details. Learn how to use it, including its subcommands.
Commands:
- timedatectl
Last change: 2025-01-06
Linux systems using systemd store an unique identifier called the machine ID. Find this value using the hostnamectl command that comes with systemd.
Commands:
- hostnamectl
Last change: 2025-01-06
The systemctl command has the list-dependencies option to show dependencies between units. But there are more options to query a little bit more information.
Commands:
Last change: 2025-01-06
The systemctl command can be used to show all available systemd unit types. Here is how to find the available types and to select them.
Commands:
Last change: 2025-01-06
Linux systems using systemd have the systemctl command available to show all active systemd units of one particular type using the '--type' option.
Commands:
Last change: 2025-01-06
Learn how to define the maximum size that the systemd journal daemon may use on Linux systems for storing journals and limit its disk usage.
Commands:
Last change: 2025-01-06
Use the journalctl command to show the size of the systemd journal logs. In this article we look how journalctl vacuuming works.
Commands:
Last change: 2025-01-06
Linux systems using systemd store kernel events in the journal logs. Show these entries with the '--dmesg' or '-k' option, optionally with a date.
Commands:
Last change: 2025-01-06
Systemd units define resources, such as a service, path, socket, or timer. They are usually managed with the systemctl command.
Last change: 2025-01-06
Linux systems with systemd use journal to store log entries. Learn how to filter these journal entries by specifying a date or time interval.
Commands:
Last change: 2025-01-06
Learn how to continuously show new log entries on Linux systems using systemd with the journalctl command. The behavior will be like the 'tail -f' command.
Commands:
Last change: 2025-01-06
Linux systems with systemd store log entries in a journal. Limit the number of log entries from the journal by filtering journalctl output by unit.
Commands:
Last change: 2025-01-06
When changes are made to systemd unit files, such as service files, the systemd daemon needs to be reloaded. Use the daemon-reload subcommand to reload.
Last change: 2025-01-06
Systemd is a system and service manager on Linux distributions to start, stop, and monitor system services. Learn about systemd is and the main components.
Last change: 2025-01-06
Systemd units that are in a masked state are administratively disabled. While being in this state, they can not be started until they are unmasked.
Commands:
Last change: 2025-01-10
Running a Linux system with systemd? All relevant systemd commands in one overview, their purpose, and when they were first introduced.
Last change: 2025-01-06
Systemd timers are the unit type for scheduled tasks on Linux similar to cron. Learn how to configure them and how they differ from cron.
Commands:
Last change: 2025-01-06
Linux with systemd might doing DNS resolving using its resolver daemon. Learn how to inspect and clear the DNS cache when using the systemd resolver daemon.
Commands:
Last change: 2025-01-10
The command resolvectl provides details about systemd-resolved. Discover the available options for the name resolution daemon on Linux systems.
Last change: 2025-01-06
Systemd units can be configured with a lot of fine-grained settings. This overview shows which settings are available and what they do.
Last change: 2025-01-06
Systemd is a system and service manager for Linux systems. This section covers the basics like the different units tips up to advanced troubleshooting.
Last change: 2025-01-06
Systemd can be configured and fine-tuned beyond imagination. This section covers what and where you can configure them, such as the many unit settings.
Last change: 2025-01-06
Want to find all masked unit files on a Linux system running systemd? In this article we show how to do this with systemctl and query those units.
Commands:
Last change: 2025-01-06
Limit the output from journalctl by defining the number of lines you want to see by using the '-n' option, optionally with the service itself.
Commands:
Last change: 2025-01-06
Want to disable a service or specific systemd unit? Use the systemctl command to configure units and disable it on boot or completely.
Commands:
Last change: 2025-01-06
Systemd can start and enable a unit, such as a service at the same time. Learn how to use systemctl more efficiently to achieve this this action.
Commands:
Last change: 2025-01-06
Want to check the system for failed systemd units? In this article we show how to do this with systemctl and query the units with a failure state.
Commands:
Last change: 2025-01-06
Frequently asked questions about systemd, systemctl, and journalctl. Learn by practical examples how to use these tools.
Last change: 2025-01-06
Increase your system administration skills with this systemd cheat sheet, including how to configure and monitor systemd units.
Last change: 2025-01-06
Which systemd unit types are available and what is their goal? In this article we cover them and show some useful commands related to these units.
Commands:
Last change: 2025-01-06
Learn how to get every piece of information from systemd units, such as services and timers, including its configuration and status.
Last change: 2025-01-06
Learn how to get every piece of information from systemd journals with the journalctl command. This cheat sheet will help you with the task.
Last change: 2025-01-10
Systemd stores boot information in a journal. This article shows how to find the related boot logs, and the commands to query all relevant information.
Commands:
Last change: 2025-01-06
Sometimes systemd units like services and timers may fail. Learn how to troubleshoot such issues and resolve them much easier.
Commands: