1 00:00:06,720 --> 00:00:10,136 - In this video, I'll tell you about systemd socket's. 2 00:00:10,136 --> 00:00:12,900 So, a systemd socket is used with a service. 3 00:00:12,900 --> 00:00:14,250 To start a service 4 00:00:14,250 --> 00:00:16,923 when traffic comes in on a specific socket. 5 00:00:17,790 --> 00:00:20,100 To use systemd socket's, you will have a service 6 00:00:20,100 --> 00:00:21,330 as well as a socket file 7 00:00:21,330 --> 00:00:23,490 and they need to have the same name. 8 00:00:23,490 --> 00:00:28,353 So, sshd.service would come with sshd.socket ,for instance. 9 00:00:29,370 --> 00:00:32,640 You can use ListenStream to tell the socket 10 00:00:32,640 --> 00:00:34,890 to listen on a TCP port. 11 00:00:34,890 --> 00:00:38,670 Or ListenDatagram to listen on a UDP port. 12 00:00:38,670 --> 00:00:41,200 And when using socket's, the socket is started 13 00:00:42,270 --> 00:00:44,010 or enabled or both 14 00:00:44,010 --> 00:00:45,270 and not a service. 15 00:00:45,270 --> 00:00:47,670 So, it's a socket that's taking over the activity 16 00:00:47,670 --> 00:00:50,520 and triggering the service whenever that is needed. 17 00:00:50,520 --> 00:00:51,363 Let me show you. 18 00:00:54,780 --> 00:00:59,780 So, let me use systemctl list unit files minus D socket. 19 00:01:00,630 --> 00:01:03,210 The minus D option is a nice option that allows you to 20 00:01:03,210 --> 00:01:06,120 filter only a specific type. 21 00:01:06,120 --> 00:01:08,910 And here we can see the socket files that are available 22 00:01:08,910 --> 00:01:10,563 on my system by default. 23 00:01:11,430 --> 00:01:14,130 So, there is an sshd.socket. 24 00:01:14,130 --> 00:01:16,260 Let's check out sshd.socket, 25 00:01:16,260 --> 00:01:19,230 which is currently disabled and disabled. 26 00:01:19,230 --> 00:01:22,980 That's okay, we can always enable it if you want to. 27 00:01:22,980 --> 00:01:24,510 Now the thing to realize here, 28 00:01:24,510 --> 00:01:29,250 sshd.socket comes with sshd.service. 29 00:01:29,250 --> 00:01:32,190 Cockpit.socket, which is another one that's pretty common 30 00:01:32,190 --> 00:01:35,610 in Red Hat environments, comes with cockpit.service. 31 00:01:35,610 --> 00:01:38,310 And the only thing you need to do is to enable the socket 32 00:01:38,310 --> 00:01:40,530 if you want it to trigger the service. 33 00:01:40,530 --> 00:01:42,750 And that's exactly what we are going to do. 34 00:01:42,750 --> 00:01:43,770 Well, you know what? 35 00:01:43,770 --> 00:01:47,220 Let's rather have a look at cockpit.socket. 36 00:01:47,220 --> 00:01:51,933 So, systemctl cat on cockpit.socket, 37 00:01:53,910 --> 00:01:56,040 is showing us what this thing is doing. 38 00:01:56,040 --> 00:01:58,320 So, here we have the socket configuration and 39 00:01:58,320 --> 00:01:59,670 on the socket configuration 40 00:01:59,670 --> 00:02:03,390 we have ListenStream set to 90 90, 41 00:02:03,390 --> 00:02:05,373 which is the default cockpit port. 42 00:02:06,540 --> 00:02:10,730 So, let's check out systemctl status 43 00:02:10,730 --> 00:02:14,880 on cockpit.service. 44 00:02:14,880 --> 00:02:17,100 And there we can see it's inactive (dead). 45 00:02:17,100 --> 00:02:19,410 That's exactly what I want it to be. 46 00:02:19,410 --> 00:02:22,283 I want to use systemctl enable. 47 00:02:22,283 --> 00:02:27,153 That is now on cockpit.socket. 48 00:02:29,160 --> 00:02:30,390 And now what is happening 49 00:02:30,390 --> 00:02:33,480 if you do the status on cockpit.service again? 50 00:02:33,480 --> 00:02:36,150 Well, it's still inactive and dead 51 00:02:36,150 --> 00:02:38,220 but we can see a green light 52 00:02:38,220 --> 00:02:40,773 for triggered by cockpit.socket. 53 00:02:41,695 --> 00:02:45,390 So, I am going to open a browser 54 00:02:45,390 --> 00:02:49,050 and let's check out what is happening on port 90 90, 55 00:02:49,050 --> 00:02:50,553 of this sent to our system. 56 00:02:52,770 --> 00:02:56,970 So, I'm going to local host 57 00:02:56,970 --> 00:02:58,083 call on 90 90. 58 00:03:01,866 --> 00:03:05,760 And there we can see the potential security risk. 59 00:03:05,760 --> 00:03:09,450 That's okay, we are going to accept the risk and continue. 60 00:03:09,450 --> 00:03:11,040 And there we go CentOS Stream. 61 00:03:11,040 --> 00:03:14,640 So, let's log in as the root user 62 00:03:14,640 --> 00:03:19,640 with the passwords to get access to the cockpit 63 00:03:19,950 --> 00:03:22,768 the web-based interface that is available 64 00:03:22,768 --> 00:03:26,823 on CentOS in Red Hat's related service by default. 65 00:03:27,870 --> 00:03:30,090 So, what is the issue? 66 00:03:30,090 --> 00:03:31,470 Well, the issue is that right now 67 00:03:31,470 --> 00:03:34,890 I'm in this cockpit and if we check out the status 68 00:03:34,890 --> 00:03:36,540 of cockpit.service again. 69 00:03:36,540 --> 00:03:39,210 There we can see that it is active and it is running 70 00:03:39,210 --> 00:03:40,890 because of the socket. 71 00:03:40,890 --> 00:03:43,570 And if we are going to disable it again 72 00:03:44,430 --> 00:03:47,288 by closing all tabs and quit 73 00:03:47,288 --> 00:03:49,716 then the socket is going to be disabled 74 00:03:49,716 --> 00:03:52,320 after a while as well. 75 00:03:52,320 --> 00:03:54,270 Apparently, it doesn't realize yet 76 00:03:54,270 --> 00:03:56,370 that there is no incoming traffic anymore, 77 00:03:56,370 --> 00:03:57,480 but it'll disappear. 78 00:03:57,480 --> 00:04:00,240 And that's the benefit of using socket's. 79 00:04:00,240 --> 00:04:01,350 Now, there is a couple 80 00:04:01,350 --> 00:04:03,930 of socket's that come pre-installed when 81 00:04:03,930 --> 00:04:06,300 you install your Linux distribution. 82 00:04:06,300 --> 00:04:09,840 Apart from that, you can always create your own. 83 00:04:09,840 --> 00:04:11,820 Socket's work with everything. 84 00:04:11,820 --> 00:04:14,190 You just tell the socket what to monitor, 85 00:04:14,190 --> 00:04:16,470 make sure it has the same name as a service 86 00:04:16,470 --> 00:04:17,820 and that's going to be all.