start, stop, restart Linux services (daemon HUNTING!!) // Linux for Hackers // EP 6

did you know that your linux system has a bunch of demons in it yep i said demons now apparently it's the good kind not the bad kind but still they're there they're in the background you can't see them and they are the reason that your linux system can run but i want to find them i want to find these demons these services that make our linux system tick so get your coffee ready [Music] let's go demon hunting this is episode 6 of my linux for hackers and everyone because everyone needs to learn linux course or

series whatever you want to call it whatever the case we're learning linux and today we're learning about demons now demons are kind of like services and linux so in this episode i'm showing you how to manage all your services and linux how to start stop restart enable things like ssh and web servers essential skills for everyone learning linux now because this will be a bit spooky i'm not doing this by myself i want you to do this with me please help me i want you to spin up your own linux environment your own linux virtual

machine and hey even if you don't have your own linux environment i've got one right here for you for free thanks to our sponsor of this entire series hack the box academy if you check that link in the description you'll get a free linux lab to help me hunt demons right now now hike the box academy is freaking awesome they teach you how to become a hacker blue team red team whatever you want to be and they recently released their hack the box academy for business now this is pretty cool it'll help your employees go

from a junior it pro to like an expert blu-ray red teamer that way you can get a hacker on your team you'll get unlimited trading content employee progress tracking user receipt flexibility anyways tell your boss to sign up and if you're the boss sign up and speaking of hacking have you hacked the youtube algorithm today make sure you do hit that like button notification bell comment subscribe let's hack youtube today ethically of course anyways let's get our linux box spun up whether you're using kali linux on your own vm or if you're going to use

hack the box academy's pwn box let's go ahead and get logged in if you don't know how to do that i do have a video at the beginning of this course showing you how to do it but let's go ahead and get started here on hack the box academy we'll click on linux fundamentals and continue that course and today we'll be focusing on service and process management so go and click on that and feel free to read this and go crazy but what i want you to do right now is scroll down to the my

workstation and launch your phone box start the instance and we'll get our lab going here we go and while that's starting coffee break need some energy to hunt some demons then i'll click on interact to make that bigger in its own window and we are here how to get some more coffee this is going to be pretty intense here we go now first i really don't like saying demons i'm going to call it daemon in fact that's kind of how it looks when it's spelt and some people actually do pronounce it like that so damon

anyways demons demons whatever it's called what are they well i mentioned before they call the shots on your linux system like they're the reason that everything is running the way it works right now but again they're hidden they're in the background and they're pretty freaking cool but before we talk about them we gotta talk about something else we gotta talk about processes it doesn't sound as cool as demons the official term of a process is an instance of a running program so for example let's say i go over here and i launch the sublime text

editor at the top go ahead and do this with me just open that sucker up when we launched sublime we started a process wanna see it check it out let's get to our favorite place let's open up our bash terminal right here at the top open it up and if you're on a different os you'll be able to open it and figure it out pretty easy anyways here in my terminal i can actually find my processors and see what they are now just so you know every time you launch a program boom there's a process

you launch nano boom process let's let's see let's let me show you and this is also the same for like windows and and mac you've probably seen that before anyways command here new command time ps and we'll do a tick or a dash a u x and just this by itself is gonna show a lot let's try it out ah so many i can't do that so let's i'm gonna clear this out let's try it again we'll do ps dash aux and let's do a pipe and then grep and then we'll type in sublime we're

basically filtering out all this stuff but sublime this text editor we opened i'm gonna make this a bit wider here so we can appreciate what's happening and bam right there we have our processes running for that particular application now what happens if we close it let's try it out i'm gonna go over here and close sublime click on the x closed and i'll run that same command ps you know whatever just hit the up arrow that's gone or at least these two processes up here are gone the same thing goes for nano if i open

up a new terminal here i'll just start editing i'll type in nano and i'll edit a file named daemons so i have nano open i'm editing a file named daemons if i run that same command but let me grep for nano there it is it's even cool it shows me the file i have open the process is this file nano and demons so you get the gist right whenever we open a program boom a process when we close that program bam the process is gone and of course if i close nano here get out of

there and i run that command once more yeah it's gone now when we open a program like sublime or nano this is what's referred to as an interactive process meaning we had to do something about it the process only started when we actually opened the program we started the process but earlier when we ran our ps command let me open up terminal once more and let's run it again together right now ps space tick aux let me run that there's a lot of stuff going on a lot of processes that we did not open what

are all these programs what are all these processes well most of these a lot of these are demons or demons demons demons are the processes that we don't start that we have nothing to do with we don't touch it we have no interaction with them they just do their stinking thing by themselves that's why they're a bit spooky i mean i'm just kidding they're not spooky they they're like services if you're a windows user you know all about services the print spooler wait too soon ntp and all the other services linux has services like windows

and often these are called daemons now again demons are essential without them we couldn't do anything on linux they run things like uh i don't know your networking what about printing can get a printing damon ssh we have an ssh diamond these daemons or daemon processes hide in the background and make sure these things work now how do we know when a process is a daemon because it will look like a regular process how can we identify its daemon-ness a daemon service will have a d at the end so like ssh it is a daemon

and it will have a d so sshd let me show you your first daemon don't be scared i'm being silly i'm going to clear this out clear we'll type in our command ps to find our processes we'll do again once more tick or dash aux then we'll pipe and grep for ssh just type in ssh we just bound today man you see it do you see it it's right there here it is this ssh daemon make sure that when you try to ssh or remotely connect to your linux box here it'll work and you don't

have to do anything with that it runs in the background as soon as you boot your linux system up the demons or the daemons get to work they're always working let's find one more we'll use the same command and this time we'll grip for now let's do ntp the network time protocol which keeps your time in sync on your linux server so let's search for that there he is now the damon in the wild like i need a proton pack i want to capture this thing there it is ntp d d meaning damon okay cool

we found a few demons but my goal in this video is not just to show you how to find them i want to show you how to manage them to control them even though they are in the background even though they are invisible you want to become the master of demons which i know sounds weird but we're just managing services and linux the stuff in the background and it's essential as an linux admin or as a hacker or whatever you want to do with linux you gotta know how to do this now real quick i

feel like i have to say this when we're talking about the term daemon which yes can be pronounced demon it definitely has a negative connotation in a lot of cultures but it gets its roots from greek mythology which their interpretation of a demon or daemon is just a supernatural being that has no bias towards evil or good it's just something working in the background that's doing stuff so that's why the linux guys are like hey let's call them demons wouldn't have been my choice but that's why if you want to dive deeper into that i

got a link below now this is where things get a bit spookier the way we control our demons is by dealing with the master daemon yes there is a master demon process his name is system d he basically commands all the other demons he's in charge of the demons he starts the daemons he stops the demons he restarts the damage if you want to do anything with demons you got to go through system d now also note that you know he's a daemon because he has a d at the end of his name he's also

a damon master damon anyways now systemd has two main jobs he's the service manager managing all the demons or services he's also and more importantly the initialization system or the init system this right here is a massive job and is vital to the boot process for example when we boot our linux system we power it up it boots loads the system kernel and then the kernel kicks it over to system d and he'll do small things like i don't know continue mounting the file system and starting all the services or starting all the demons and

what's cool is he's actually the first service started for the first process he's the first daemon and from him using a process called forking kind of like a pitchfork he will start all the other processes or demons so he's the one you have to think that when you boot up your linux system you can actually just start using it like your gui is already there you can ssh into it you can launch bash he's the reason that stuff is actually on and working he turned it on there's actually a cool way to visualize that let

me show you let's pull up terminal once more and we'll type in one command ps tree or process tree boom now this is cool we're gonna scroll all the way to the top all the way and from here we can see that systemd is the original process and all the processes fork or branch out from him now since systemd is the first processor first daemon created his process id which if i go back to my terminal here and type in ps tick aux you'll notice that each of these processes has a number or process id

his because he's the first one is number one scroll all the way to the top here there he is system d process number one so now how can we use the master daemon system d to control all the daemons let's talk about that now we're gonna explore his other feature his other job here as service manager and we're gonna be his boss we're gonna use a tool called system ctl it's a command line tool that we'll use to control all of our daemons now i gotta say this systemd is not the only init system out

there there are others but he'll be the main one you see on any modern linux distro but in the past you would have seen things like sysv init upstart which ubuntu had that for a long time open rc and others but thankfully a lot of linux distros again have adopted systemd as their net system but anyways systemd is the king right now so we're gonna learn how to use him let's do it so follow along with me let's go ahead and launch our terminal our bash shell and let's control some demons i mean demons now

real quick one more thing i got to show you about systemd when he's talking to his demons his demons he doesn't call them dammits no he's got his own name for him he calls them units so when you see the term units associated with system d just know that equals demons or services or whatever you want to call it i know it seems like unnecessary confusion but you just got to deal with it let's walk through this here we go so we'll start messing with the common daemon ssh or as we know him ssh d

and we'll walk through a few of the common things you'll always do with services like this or daemons starting them stopping them restarting them i mean you got the gist we'll show you we'll show you everything here we go new command time our command will be system ctl and then what we want to do so let's say we want to stop the ssh daemon we'll type in stop and then the name of our daemon for ssh his name will be ssh d now hold on real quick if you're not using the hack the box academy

lab if you're actually ssh into your box doing this will break your system like you'll i mean it won't break your system but you'll be logged out so be careful so make sure you're not using ssh as we're stopping ssh just fair warning anyways boom now oh hold on you get a pseudo that sucker so i'm going to ctrl c that hit the up arrow put sudo right before that command let's try it again bam now not a lot of feedback there right like did it work did we stop the service we did our next

command to find out what's going on with our daemon let's take his temperature see if he's okay we'll do sudo like before system ctl and then we'll type in status ssh d and we can tell he's not started or active by looking at his active right here it says no no no he's inactive he's that damon's dead let's bring him back to life i don't like this hit q and we'll again type in sudo systemctl and instead of stop we're going to type in start sshd again not a lot of feedback so let's go find

out what's going on with him systemctl status sshd and boom this guy he's active and he's forrest gump man he's running he's healthy and real quick a couple more commands that we'll always use all the time sudo systemctl and instead of start or stop what do you say we just restart which will obviously kill the demon and then bring it back to life so restart sshd boom did its thing another option we have here instead of restart we might have the option to do reload now not all daemons can do this it depends on their

configuration which is ideal if you just want to reload the configuration and not actually restart the service but again not every service or daemon can do that there's actually a cool command you can use if you're unsure if it can reload but you might want it to reload if at all possible you can do the command system ctl reload or dash or tick or dash or tick restart which is pretty self-explanatory it'll reload if it can and if it can't reload it'll restart it okay cool we've covered start stop reload reload or restart but that

involves us manually doing that what if i want to make sure that a service or this daemon starts by itself when the system boots or maybe i want it to not start by itself when the system boots we can control that again with system ctl let's try it out so let's pick on a different daemon we're going to pick on ntp or the network time protocol now by default this does start up when the system starts so what i want to try and do is actually disable that i don't want it to start up when

the system starts which by the way you should never do but just for practice let's do it the command will be sudo systemctl disable ntp and boom no a lot of stuff happened there but essentially what happened was we disabled mtp from starting up again let's verify that we'll use our same command as we learned earlier pseudo system ctl status and tp now you might think chuck this day man looks healthy dude he's active he's forrest gump and that's true because we didn't stop him did we but we did stop him from coming up next

time we could see that by up here we got ntp.service disabled he won't come up again so let's re-enable him this command you'll use often sudo systemctl enable instead of disable ntp this will make sure a service or daemon will start up automatically on your next boot it won't start the service right now but it will make sure next time it will so we'll click on enable bam and then if we do our same status command as before we can see right here that he is indeed enabled now a quick handy way to see if

he's enabled or active just a couple of fun commands pseudosystem ctl command is is dash active and then the daemon name ntp which means is he up and running yeah he's active cool another command instead of his activity is enabled yep he's enabled so just a quick one-liner to say oh hey how's my system doing or my damon sorry now hey at this point you're pretty much a master of the daemons you can start stop restart reload enable disable see what's up that's a lot but there are a lot of demons out there how do

we find all those other daemons how do we see all these services running on our linux system here we go let's check up on our system here new command time now same as before sudo systemctl that's what we'll use the entire time to manage our services it's a part of systemd the master daemon to see a list of active demons that the systemd daemon knows about we'll type in list dash units remembering again that systemd calls the daemons units let's go ahead and hit this go and bam quite a bit and while this is a

lot this is not all of them this is just the ones that are active for example here our buddy ntp and even openvpn both demons but notice at the end of their name they have dot service that's their full name so for ntp ntp is kind of like his first name and service which is the type of daemon he is is his last name so when i ran systemctl start for example ntp i could have put ntp.service but you don't have to because systemctl is smart enough to go oh ntp you mean ntp.service and the

same goes for the other ones like openvpn and sshd and also notice that service is not the only type of daemon we've got sockets targets timers and mounts and devices a topic for another time if you want to go deeper into that i encourage you to right now but it's not important for us right now because we're focusing on services and to help us focus let's get all the extra crap out of here so we can actually do pseudosystem ctl list units then we can do dash t which stands for type service and now we're

only seeing the active services on our system here now what does all this stuff mean quick recap unit that's the daemon here's his name load if it says loaded that means it's been loaded in the system memory and then active is it active and is it running and then of course the description what's it all about i just noticed this under here we have the d o dash agent service which is the digital ocean monitoring agent so this is hosted on digitalocean fun to know fun fact now hey at this point you pretty much know

everything you need to know about managing demons but sometimes our demons don't behave the way we want them to something happens and it doesn't work what do we do about that let's kick a scenario to you real quick let's do this there is a daemon right now on our system that's not enabled it's nginx now first i want to find nginx and this is actually kind of interesting because it's harder than you might think so let's use the command we used before sudo system ctl we'll do list units to list our units our damage and

we'll grep pipe grep for nginx nothing now you might think well yeah chuck nginx probably isn't active and by default just the list units command will only list active so let's yeah let's try that so we'll add the dash dash all switch which will list everything and active and active and let's see if it's there no not there why not this is another gotcha when you use systemctl list units it will only list units that it's attempted to parse and load into memory which in our case is not nginx so to list units that aren't

parsed and aren't part of memory we need a different command don't we thankfully we have one instead of list units we're going to type in list units files and then i'll do a pipe and grep for nginx oh whoops it's not units unit list unit files and there he is right off the bat we can see that he's disabled disabled a better view of that would be our other commands we've learned right sudo system ctl status nginx and we can see right here he's not active which means he's not started and he's definitely not enabled

he's disabled which means he won't start up on boot now what is internetx if you've never heard of that it's a web server your linux server could be running a website and that's something you might want to start up by itself when your computer reboots there is a spider web hanging there spooky okay i don't like spiders anyways so let's get nginx up and running that's gonna be fun let's check it out so we're gonna do two things first make sure nginx will start on every boot and second i want to start nginx on this

current boot because it's not going to start unless i reboot or just manually start it now if you already know what to do go ahead and pause the video right here and just do it on pause he got paused for you you're welcome now we're going to do it real quick so first let's make sure it starts on boot sudo system ctl enable nginx boom done let's make sure it's a little handy command is it enabled or is enabled nginx oh you got to spell it right it sure is it's enabled awesome now let's start

it and fair warning this is where we're going to hit a bit of a hiccup a bit of a roadblock bump all those things sudo systemctl to start a service we'll just type in start start nginx and go oh what failed not great now what i love about systemd and what it does here is that if you do hit a failure which i've hit a lot it'll say hey hey hey you might want to check the status so it'll tell you how to check the status with systemctl it'll even show you how to check another

systemd utility journal ctl which is actually the logs for systemd stuff whatever it's doing so let's enter that command it told us to enter thank you systemd so journal ctl dash xe i'll make sure i do a pseudo right before that and make sure i'm not separating journal and ctl there we go and let's check it out now this is interesting more troubleshooting for whatever reason there are no entries in journal ctl which is actually should not be the case journal ctl should have a lot of logs because systemd is always doing stuff now this

is a primary example of why you need to learn how to manage your daemons because journalctl is itself a daemon that we may need to restart that's exactly our case here so first let's find the real full name of journalctl we may not know what it is so sudo systemctl list dash units this one should be active and enabled we'll grep for journal and we've got a few options here but i'm going to guess going to guess that right here system d journal d dot service is the daemon we want to restart so let's try

that out so we'll do susta system sudo system ctl restart system d journal d and that should be all we need let's try it out boom let's restart it now i'm hoping that i fixed it let's go ahead and try to uh start our nginx service once more so we actually get some journaling there we gotta repeat the error so we can see what happened sudo systemctl start nginx okay we expected this now we can actually use our journalctl command journalctl xe with a nice pseudo in the front of it ah much better okay this

is so cool though check it out it tells us a lot like i finished with the failure like we we got this but we scroll up a bit more we can find out what's up um let me scroll over a bit if you're still viewing this with the yellow box down here with the end we can use our directional arrows to scroll through all this so i'm going to scroll a little bit up with my directional pad go up that tells me exactly what's happening nginx i know by default it's going to use port 80

as its web server and you know what that's already being used see already in use by some other service by some other damon and it couldn't bind now how do you fix that we're not going to cover that in this video you will know how to do that by the end of the series don't worry but today i wanted to focus on haunting demons whoo anyways we just hunted down some demons and we managed them we mastered them and that was awesome things like masking and targets and all kinds of stuff which by the way

if you want to learn more about that then i've got an extended version of this video at my learning website link below it's free so if you want to keep going down the rabbit hole red hill blue pill of learning about this click the link below anyways that's where i'm going to end this video this episode that's what's important to know as you learn linux and as you want to become a hacker or just anyone who wants to learn about linux and use linux and again massive shout out to the sponsor of this video hack

the box academy again they have a new business thing that's really cool and uh also thank you for having an awesome lab that we can all use yeah i've had a lot of coffee today and i'm you're not surprised right i always have lots of coffee but this is like two espressos i had coffee this morning i'm hyped up and i'm gonna have a hard time sleeping tonight make sure you hack that youtube algorithm like button notification bell subscribe comment because you gotta hack youtube ethically but we gotta do it and yeah that's all i

got today i'll catch you guys next time we hunted down some demons a little spooky hope you weren't too scared it's okay oh since you're still here just hanging out at the end with the end credits um make sure you join my membership below i've got a free membership which gives you access to an ad for youtube videos and it's pretty cool i'm hoping to add more stuff here in a bit and also i do have a paid version of that if you want to help support what i do here it's 12 bucks a month

and i'm of course going to be adding more to that here very soon let me know you thought of the video in the comments below are you still watching thank you you still hanging around yeah that's all i got later guys [Music] you