Linux 的各項服務管理一直都是用 SysV Init Script,Systemd 是新的管理工具,在 CentOS 7 開始已經有支援。

設定上比 SysV Init 簡單許多,指令的操作差異不大。


支援的 Linux:

  • CentOS 7+
  • Ubuntu 16.04+


  • Supervisor
    這個被使用在 Ubuntu 9.10,Mac OS X (10.4/10.5/10.6),Solaris (10 for Intel) 及 FreeBSD 6.1。系統環境需要有 Python 2.4,但不支援 Python 3。


  • /etc/systemd/system 客製的服務啟動檔位置
  • /lib/systemd/system 內建系統的服務啟動檔位置



Description=Backup daemon



TIP: 這是表示 Run Level 3




ExecStart=/usr/sbin/fwconsole start
ExecStop=/usr/sbin/fwconsole stop


systemctl enable freepbx



# Reload Systemd
systemctl daemon-reload

# 啟動服務
systemctl start <service-name>

# 檢查服務狀態
systemctl status <service-name>
systemctl is-active <service-name> 
systemctl is-enabled <service-name>

# 關閉服務
systemctl stop <service-name>

# 啟用:自動啟動
systemctl enable <service-name>

# 關閉:自動啟動
systemctl disable <service-name>

# 列出設為自動啟用的服務
systemctl list-unit-files --type=service --state=enabled


# list active services
systemctl list-units --type=service

# List all the running systemd services
systemctl list-units --type=service --state=running

# List all loaded systemd services including the inactive ones
systemctl list-units --all --type=service

# List all the inactive systemd services
systemctl list-units --all --type=service --state=inactive

# List all the installed systemd services
systemctl list-unit-files --type=service

# List all systemd services that will be run at each boot automatically
systemctl list-unit-files --type=service --state=enabled


# Halt the system
systemctl halt

# Poeroff the system
systemctl poweroff

# Reboot the system
systemctl reboot



# view journal entries for time zones
journalctl --utc

# view only errors, warnings, etc in journal logs
# Error codes
# 0: emergency
# 1: alerts
# 2: critical
# 3: errors
# 4: warning
# 5: notice
# 6: info
# 7: debug
journalctl -p 0

# When you specify the error code, it shows all messages from that code and above. 
# For example, if you specify the below command, it shows all messages with priority 2, 1 and 0
journalctl -p 2

# view journal logs for a specific boot
journalctl --list-boots

# To view a specific boot number you the first number or the boot ID as below.
journalctl -b -45
journalctl -b 8bab42c7e82440f886a3f041a7c95b98

# You can also use -x switch which can add an explanation of the systemd 
# error messages in your display. This is a lifesaver in certain situations.
journalctl -xb -p 3

# view journal logs for a specific time, date duration
journalctl --since "2020-12-04 06:00:00"
journalctl --since "2020-12-03" --until "2020-12-05 03:00:00"
journalctl --since yesterday
journalctl --since 09:00 --until "1 hour ago"

# see Kernel specific journal logs
journalctl -k

# see journal logs for a service, PID
journalctl -u NetworkManager.service

# If you do not know the service name, you can use the below 
# command to list the systemd services in your system.
systemctl list-units --type=service

# view journal logs for a user, group
id -u debugpoint
journalctl _UID=1000 --since today

# view journal logs for an executable
journalctl /usr/bin/gnome-shell --since today

Application firewalls

An application firewall, unlike a gateway (router) or system level firewall, is meant to limit the networking of a single application. It can be used to prevent a compromised service from seeing into the local network, prevent programs from calling home, plug metadata leaks, or more tightly control a program’s network access.

The systemd firewall directives is built on Linux kernel features. The required Kernel features might not be enabled in your specific environment (especially when using a custom kernel or container). Testing is key, as it is with any network filter and security solution. You should always test to verify that your firewall set up blocks and allows the traffic you specify.


# 列出系統所有 core dump

# 列出指定 program 的 core dump
coredumpctl dump <program-name>

# 列出指定 PID
coredumpctl dump _PID=XXX

# 分析特定 core dump 的內容
coredumpctl gdb <PID>

# 預設 core dump files 路徑