Systemd

OpenSMTPD hardening profile

Tighten the already secure OpenSMTPD software on Linux by using this predefined profile that uses the systemd sandboxing options.

How to reload or restart a systemd service?

Services that are controlled with systemd can be reloaded or restarted depending on their configuration. Use systemctl to perform the related restart tasks.

How to check if a systemd service is enabled?

Systemd units can be enabled or disabled based on multiple factors, such as meeting specific dependencies. Learn how to see if a systemd service is enabled.

How to set environment variables in a systemd unit?

Systemd units can be configured to contain environment variables and passed along to the underlying application. Learn how to configure this unit setting.

RuntimeDirectoryMode setting

Harden system and user services by configuring systemd units with more strict file permissions using the unit setting RuntimeDirectoryMode.

What is run0?

Run0 is a command part of systemd that is intended as an alternative to the sudo command. Both elevate privileges, but are slightly different.

How to verify a systemd unit for errors?

Learn how to troubleshoot issues with systemd units by verifying the unit files for any errors. One of the tools to help is systemd-analyze.

Why does systemctl list-units show units as 'not-found'?

Troubleshoot issues like units being marked as 'not-found' in the output of systemctl list-units. This articles help with the steps to take.

How to see active systemd timers

Systemd timers are scheduled tasks for Linux systems. Show timer information with the systemctl command such as status, last execution, and its schedule.

UMask setting

Harden system and user services by configuring systemd units with a strict umask value using the unit setting UMask. Learn how to configure it in your units.

RestrictRealtime setting

Harden system and user services on Linux by restricting systemd units to use realtime scheduling with the unit setting RestrictRealtime.

RestrictSUIDSGID setting

Harden services by restricting systemd units to set the set-user-ID (suid) or set-group-ID (sgid) bit on files with the unit setting RestrictSUIDSGID.

RestrictNamespaces setting

Harden system and user services on Linux by restricting systemd units to only use specified namespaces with the unit setting RestrictNamespaces.

CapabilityBoundingSet setting

Improve the security of services by defining what Linux capabilities are allowed with the help of systemd unit setting CapabilityBoundingSet.

ProtectKernelTunables setting

Restrict systemd units to access information from the kernel tunables in the /proc and /sys directories with the unit setting ProtectKernelTunables.

LockPersonality setting

Learn how to harden systemd units by preventing processes from switching their personality (kernel execution domain) with the LockPersonality setting.

NoNewPrivileges setting

Learn how to harden systemd unit by preventing processes and their children from obtaining new privilege with the NoNewPrivileges setting.

SystemCallArchitectures setting

Harden Linux services using the systemd unit setting SystemCallArchitectures, to restrict access to files in /dev and limit those to common pseudo-devices.

PrivateDevices setting

Harden Linux services using the systemd unit setting PrivateDevices, to restrict access to files in /dev and limit those to common pseudo-devices.

PrivateTmp setting

Learn how to harden systemd units by giving processes their own view on temporary directories /tmp and /var/tmp, preventing possible misuse.

NoExecPaths setting

Harden system services by using the systemd unit settings such as NoExecPaths to disable program execution from specified paths.

ExecPaths setting

Harden system services by using the systemd unit settings such as ExecPaths and NoExecPaths to allow program execution from only specified paths.

ProtectControlGroups setting

Learn how to harden systemd units by marking some paths within the file system as read-only with the ProtectControlGroups unit setting.

ProtectSystem setting

Learn how to harden systemd units by marking some paths within the file system as read-only with the ProtectSystem unit setting.

ProtectClock setting

Harden system and user services by restricting systemd units to access clock information with the ProtectClock unit setting.

How to clear systemd journal logs by time

Learn how to use the journalctl command to query the disk usage of the journal logs and how to clean or trim them by number, size, or age.

How to schedule a periodic task with systemd

Linux systems using systemd, use timers to schedule a repeating task. Learn how to configure these systemd timer units and fine-tune them.

Systemd-analyze

The command systemd-analyze helps analyzing systemd components to optimize the system including performance and security.

How to check if systemd is being used or active

Want to know if systemd is used on your Linux distribution? Learn how to quickly confirm that systemd is being used as your system and service manager.

How to see all enabled services with systemctl

Linux systems using systemd have the systemctl command available that can be used to show all service units, including a filter for only those that are enabled.

Nginx hardening profile

Harden the nginx configuration with the help of this predefined profile that implements systemd sandboxing capabilities and restricting resources.

Hardening profiles for systemd

Collection of predefined hardening profiles for systemd that can be used to secure your applications. With detailed explanation of the unit settings.

SocketBindAllow setting

Harden system and user services by allowing systemd units to only use system call bind() on sockets specified with the unit setting SocketBindAllow.

SocketBindDeny setting

Harden system and user services by restricting systemd units to use system call bind() on sockets specified with the unit setting SocketBindDeny.

DevicePolicy setting

Harden system and user services on Linux by restricting systemd units to access devices in the /dev directory with the unit setting DevicePolicy.

DeviceAllow setting

Restrict systemd units to access devices in the /dev directory with the unit setting DeviceAllow. Learn how to configure it for your services.

Troubleshooting a failed systemd unit (with examples)

Systemd units may be shown in a failed state if something goes wrong. Learn how to troubleshoot these failed units, possible causes, and how to resolve them.

What does systemctl daemon-reload do?

When making changes to systemd unit files, you may need to use systemctl daemon-reload. This article explains why and what happens next.

How to check if 'systemctl daemon-reload' is needed

When systemd units are changed, a 'systemctl daemon-reload' might be needed. Need to know why? We can find the relevant units with some scripting.

How to see which syscalls are part of a systemd syscall filter set

Systemd units can be filtered using the SystemCallFilter setting. Learn how to see what syscalls are part of a particular syscall filter set.

SystemCallFilter setting

Harden system and users services, by defining if they are allowed to use specific syscalls or groups, with the use of systemd unit setting SystemCallFilter.

Systemd syscall filtering

Learn more about the system calls (syscalls) that systemd may use in commands and unit files, such as with SystemCallFilter property.

What is the difference between systemctl disable and systemctl mask?

Want to disable a systemd service unit, but wondering the difference between systemctl disable and systemctl mask? This article explains the differences.

How to use systemctl edit to change a service?

Systemd allows customizing services with overrides. Learn how to edit an existing systemd service unit with the systemctl edit command.

How to see only running services with systemctl

Linux systems using systems may use the systemctl command to query services. Use a filter to reduce its output and only show all running services.

Run0 cheat sheet

Systemd version 256 introduced the run0 command to run privileged commands. Learn how to get everything out of run0 tool and replace sudo.

Run0: introduction and usage

Learn how to use the run0 command part of systemd, its purpose, and how to use it for elevating privileges to run privileged tasks.

How to disable the background color of run0

The background color of run0, part of systemd, can be changed with the '--background' option. This way another color can be configured instead of its default.

MemoryDenyWriteExecute setting

Block the ability for systemd units to create or alter memory segments to become writable and executable as well with the unit setting MemoryDenyWriteExecute.

InaccessiblePaths setting

Harden system and user services on Linux by limiting systemd units to access specified paths with the unit setting InaccessiblePaths.

How to see memory usage of a service with systemctl?

The systemctl command can be used to show the memory usage of a service managed by systemd. Use the subcommand 'status' to find the details about a unit.

How to see the active settings of a systemd unit

Linux systems using systemd can use the systemctl command to show the all applied unit settings. This can be used on units like a service.

How to override the settings of a systemd unit

Systemd units have their own configuration file. The systemctl 'edit' command can be used to override settings of a systemd unit, including services.

ReadWritePaths setting

Harden system and user services on Linux by allowing systemd units access to only the specified paths to read or write with the unit setting ReadWritePaths.

Hardening nginx with systemd security features

Secure your nginx service by using security features provided by systemd. We have a look at the available options that systemd units can offer.

Systemd features to secure units and services

Systemd has a wide set of unit settings available that can be used to secure units and system services. Learn which ones and how to implement them.

ProcSubset setting

Harden system and user services by restricting systemd units to access information from the /proc directory with the unit setting ProcSubset.

RestrictAddressFamilies setting

Harden system and user services on Linux by restricting systemd units using only the specified socket address families with setting RestrictAddressFamilies.

ProtectProc setting

Harden system and user services by restricting systemd units to access information from the /proc directory with the unit setting ProtectProc.

ProtectHome setting

Harden system and user services by restricting systemd units to access data in home directories with the unit setting ProtectHome.

ProtectKernelLogs setting

Secure system and user services by restricting systemd units to read or write to the kernel log ring buffer with the unit setting ProtectKernelLogs.

ProtectKernelModules setting

Secure system and user services by restricting systemd units to load kernel modules with the ProtectKernelModules unit setting.

How to see the time synchronization details with timedatectl

Linux systems running systemd can use the timedatectl command to show time synchronization details. Learn how to use it, including its subcommands.

How to show the systemd machine ID

Linux systems using systemd store an unique identifier called the machine ID. Find this value using the hostnamectl command that comes with systemd.

How to see the dependencies of a systemd unit

The systemctl command has the list-dependencies option to show dependencies between units. But there are more options to query a little bit more information.

How to see the available systemd unit types

The systemctl command can be used to show all available systemd unit types. Here is how to find the available types and to select them.

How to see all active systemd units of one type

Linux systems using systemd have the systemctl command available to show all active systemd units of one particular type using the '--type' option.

How to limit the disk usage of the systemd journal

Learn how to define the maximum size that the systemd journal daemon may use on Linux systems for storing journals and limit its disk usage.

How to see the size of the systemd journal

Use the journalctl command to show the size of the systemd journal logs. In this article we look how journalctl vacuuming works.

How to see kernel messages with journalctl

Linux systems using systemd store kernel events in the journal logs. Show these entries with the '--dmesg' or '-k' option, optionally with a date.

What is a systemd unit?

Systemd units define resources, such as a service, path, socket, or timer. They are usually managed with the systemctl command.

How to see only recent journal entries

Linux systems with systemd use journal to store log entries. Learn how to filter these journal entries by specifying a date or time interval.

How to see new log entries automatically with journalctl

Learn how to continuously show new log entries on Linux systems using systemd with the journalctl command. The behavior will be like the 'tail -f' command.

How to see logging for a specific unit or service

Linux systems with systemd store log entries in a journal. Limit the number of log entries from the journal by filtering journalctl output by unit.

How to reload the systemd configuration

When changes are made to systemd unit files, such as service files, the systemd daemon needs to be reloaded. Use the daemon-reload subcommand to reload.

What is systemd?

Systemd is a system and service manager on Linux distributions to start, stop, and monitor system services. Learn about systemd is and the main components.

What is a masked systemd unit?

Systemd units that are in a masked state are administratively disabled. While being in this state, they can not be started until they are unmasked.

Systemd commands

Running a Linux system with systemd? Here is all commands related to systemd in one overview. Learn about their purpose and when to use them.

Systemd timers

systemd

Systemd timers are the unit type for scheduled tasks on Linux similar to cron. Learn how to configure them and how they differ from cron.

Show to clear the DNS cache with systemd

Linux with systemd might doing DNS resolving using its resolver daemon. Learn how to inspect and clear the DNS cache when using the systemd resolver daemon.

Resolvectl

The command resolvectl provides details about systemd-resolved. Discover the available options for the name resolution daemon on Linux systems.

Settings for systemd units

Systemd units can be configured with a lot of fine-grained settings. This overview shows which settings are available and what they do.

Systemd

Systemd is a system and service manager for Linux systems. This section covers the basics like the different units tips up to advanced troubleshooting.

Systemd settings

Systemd can be configured and fine-tuned beyond imagination. This section covers what and where you can configure them, such as the many unit settings.

How to see all masked units with systemctl

Want to find all masked unit files on a Linux system running systemd? In this article we show how to do this with systemctl and query those units.

How to see the last X lines with journalctl

Limit the output from journalctl by defining the number of lines you want to see by using the '-n' option, optionally with the service itself.

How to disable a systemd unit with systemctl

Want to disable a service or specific systemd unit? Use the systemctl command to configure units and disable it on boot or completely.

How to start and enable a unit with systemctl

Systemd can start and enable a unit, such as a service at the same time. Learn how to use systemctl more efficiently to achieve this this action.

How to show failed units with systemctl

Want to check the system for failed systemd units? In this article we show how to do this with systemctl and query the units with a failure state.

Systemd: Frequently Asked Questions

Frequently asked questions about systemd, systemctl, and journalctl. Learn by practical examples how to use these tools.

Systemd cheat sheet

Increase your system administration skills with this systemd cheat sheet, including how to configure and monitor systemd units.

Systemd units and their purpose

systemd

Which systemd unit types are available and what is their goal? In this article we cover them and show some useful commands related to these units.