EzDev.org

services interview questions

Top 15 services interview questions

15451 Jobs openings for services


Managing service accounts in an RPM spec

I've been given a partially-complete RPM spec for a service we're writing. It gets as far as making the required directories, copying files, setting permissions, etc., but it doesn't make the required system account that the service will run under. I was told that it's best for the RPM to take care of this, so I've added

Requires(pre): /usr/sbin/useradd

%pre
useradd -r -d /path/to/program -s /bin/false myservice

This succeeds in making the user account (and associated group), so later on when it tries to set ownership / permissions on the service's files, that succeeds as well.

My current problem is, a) if the user account already exists, the RPM install fails because useradd fails (because the user already exists); and b) I don't know how to have rpm -e myservice also remove the associated user and group.


Source: (StackOverflow)

Is there a way to determine which service (in svchost.exe) does an outgoing connection?

I'm redoing my firewall configuration with more restrictive policies and I would like to determine the provenance (and/or destination) of some outgoing connections.

I have an issue because they come from svchost.exe and go to web content/application delivery providers - or similar:

5 IP in range: 82.96.58.0 - 82.96.58.255      --> Akamai Technologies         akamaitechnologies.com
3 IP in range: 93.150.110.0 - 93.158.111.255  --> Akamai Technologies         akamaitechnologies.com
2 IP in range: 87.248.194.0 - 87.248.223.255  --> LLNW Europe 2               llnw.net
205.234.175.175                               --> CacheNetworks, Inc.         cachefly.net
188.121.36.239                                --> Go Daddy Netherlands B.V.   secureserver.net

So is it possible to know which service does a particular connection? Or what's your recommendation about the rules applied to these ones?

(Comodo Firewall & Windows 7)

Update:

netstat -ano & tasklist /svc help me a little but they are many services in one svchost.exe so it's still an issue. moreover the service names returned by "tasklist /svc" are not easy readable.

(All the connections are HTTP (port 80) but I don't think it's relevant)


Source: (StackOverflow)

how to kill process in Mac OS X and not have it restart on its own

When I run sudo kill -9 [PID] with the proper process ID, the process stops but then is restarted and has a new PID. I'm trying to kill the mysqld process.

How can I mimic the Activity Monitor in killing a process? In the Activity Monitor, when you press "Quit Process", the process permanently stops running, it is totally terminated. I figure that kill will do the same thing right?

I had both the Activity Monitor and the terminal next to each other to see if the command works, but every time I do sudo kill -9 [PID], the process in Activity monitor doesn't go away, it just refreshes with a new PID.

So... how do I kill the mysqld process via the terminal?


Source: (StackOverflow)

How to install Jenkins on Windows Server 2012

This may sound like a trivial question but here is what is happening:

  1. I grab the latest version of Jenkins as native installer for Windows (1.491 in my case)
  2. I set up a Windows Server 2012 (official release image, no release candidate) and install all updates
  3. I try to run the Jenkins installation.

Everything is working fine in the installation process except for the part where it tries to start the service. At this point I get informed that I have not sufficient privileges to start system services. This has been working on 2k8R2 without any problems. I am logged on as Administrator which was created during server installation and is the only user on the machine.

The full message I get is:

Service 'Jenkins' (Jenkins) failed to start. Verify that you have sufficient privileges to start system services.

Is anybody else having these problems? I guess the internals of Server 2012 have changed the way of the installation and the Jenkins installer is not build for that.

If anyone can tell me to which group I have to add the administrator, or can give me a work-around for this problem, this will help a lot.


Source: (StackOverflow)

Remove services on OS X

I'm looking to remove some services completely, or at least from the list in the Keyboard preference pane. I've tried:

  1. Service Scrubber. It only removes services from the menu — something you've been able to do from System Preferences since 10.6.
  2. Removing files in ~/Library/Services/ and /Library/Services/. It's just that most third party apps don't put their services there.
  3. defaults delete /Applications/SomeApp.app/Contents/Info NSServices. It does remove the services from the list in System Preferences. But it also invalidates the bundle's code signature, and the changes can get reverted by updates.

I guess you'd just have to settle for the last option, and assign new signatures with codesign when needed. But is there any easier way?


Source: (StackOverflow)

DDoS Virus infection (as a unix service) on a Debian 8 VM Webserver

I maintain a (fully updated) Wordpress for a student team on a Virtual Machine on ~okeanos service for a couple of years. Today, the helpdesk informed me that i am conducting DDoS attacks, which - of course - I am not (this service has my academic credentials connected..). After they suspended the machine and I flamed their mailing system I tried to find out what has happend.

First of all, I run a ps -ej to checkout what is running:

root@snf-25181:~# ps -ej
1545 1545 1545 ? 00:00:00 console-kit-dae
1618 1057 1057 ? 00:00:00 gdm-session-wor
1632 1632 1632 ? 00:01:40 rghuoywvrf
1767 1767 1767 ? 00:00:00 sshd
1769 1769 1769 ? 00:00:00 systemd
1770 1769 1769 ? 00:00:00 (sd-pam)
1775 1767 1767 ? 00:00:00 sshd
1776 1776 1776 pts/0 00:00:00 bash
1849 1849 1776 pts/0 00:00:00 su
1870 1870 1776 pts/0 00:00:00 bash
2246 0 0 ? 00:00:00 kworker/0:0
2797 839 839 ? 00:00:00 apache2
3158 3158 3158 ? 00:00:00 bvxktwwnsb
3162 3162 3162 ? 00:00:00 bvxktwwnsb
3163 3163 3163 ? 00:00:00 bvxktwwnsb
3164 3164 3164 ? 00:00:00 bvxktwwnsb
3165 3165 1776 pts/0 00:00:00 ps

Notice the bvxktwwnsb and the rguoywvrf

Then I did a ps aux to get the services (again, a tail):

Debian-+  1629  0.0  0.0 178300  4444 ?        Sl   16:53   0:00 /usr/lib/dconf/dconf-service
root      1667  0.0  0.0  30744  4436 ?        Ss   16:53   0:00 /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
root      1670  0.0  0.1 299588  9884 ?        Ssl  16:53   0:00 /usr/lib/packagekit/packagekitd
root      1674  0.0  0.1 1055004 6168 ?        Ssl  16:53   0:00 /usr/sbin/console-kit-daemon --no-daemon
www-data  1923  0.0  0.1 240964  8112 ?        S    16:53   0:00 /usr/sbin/apache2 -k start
pankgeo+  5656  0.0  0.0  27416  3424 ?        Ss   17:03   0:00 /lib/systemd/systemd --user
pankgeo+  5657  0.0  0.0 143108  2408 ?        S    17:03   0:00 (sd-pam)   
root      5893  0.0  0.1 102420  6428 ?        Ss   17:04   0:00 sshd: pankgeorg [priv]
pankgeo+  5904  0.1  0.0 102560  4128 ?        S    17:04   0:02 sshd: pankgeorg@pts/0
pankgeo+  5905  0.2  0.1  16816  6388 pts/0    Ss+  17:04   0:04 -bash      
root      7443  0.0  0.1 102420  6496 ?        Ss   17:07   0:00 sshd: pankgeorg [priv]
pankgeo+  7448  0.0  0.0 102552  4160 ?        S    17:07   0:00 sshd: pankgeorg@pts/1
pankgeo+  7449  0.0  0.1  16468  6228 pts/1    Ss+  17:07   0:01 -bash      
root     17351  0.0  0.0      0     0 ?        S    17:15   0:00 [kworker/0:0]
root     18446  0.0  0.0      0     0 ?        S    17:18   0:00 [kworker/0:2]
root     18488  0.1  0.0      0     0 ?        S    17:18   0:01 [kworker/1:1]
root     22680  1.5  0.0      0     0 ?        S    17:28   0:08 [kworker/1:0]
root     24173  0.0  0.1 102420  6416 ?        Ss   17:31   0:00 sshd: pankgeorg [priv]
pankgeo+ 24181  0.3  0.0 102420  3360 ?        S    17:31   0:01 sshd: pankgeorg@pts/2
pankgeo+ 24182  0.0  0.0  16480  6112 pts/2    Ss   17:31   0:00 -bash      
root     25316  2.3  0.0      0     0 ?        S    17:33   0:06 [kworker/1:2]
root     26777  0.0  0.0      0     0 ?        S    17:35   0:00 [kworker/0:1]
root     26778  0.0  0.0      0     0 ?        S    17:35   0:00 [kworker/0:3]
root     27300  0.0  0.0   1424  1040 ?        Ss   17:38   0:00 cat resolv.conf  #note                        
root     27306  0.0  0.0   1424  1036 ?        Ss   17:38   0:00 gnome-terminal   #from                     
root     27307  0.0  0.0   1424  1036 ?        Ss   17:38   0:00 ifconfig eth0    #here                    
root     27308  0.0  0.0   1424  1040 ?        Ss   17:38   0:00 id               #(DDOS?)         
root     27309  0.0  0.0   1424  1040 ?        Ss   17:38   0:00 ifconfig                        
pankgeo+ 27315  0.0  0.0  11136  2044 pts/2    R+   17:38   0:00 ps aux     

Note the items[-4:-1]. Then I found online about chkconfig --list so I run that and this popped out:

root@snf-25181:/home/pankgeorg# chkconfig --list
acdnfhruvx 0:off 1:off 2:off 3:off 4:off 5:off 6:off
flyymwddwn 0:off 1:off 2:off 3:off 4:off 5:off 6:off

1 to 5 where on but I turned them off. Then I restarted and it has changed name. Then I located the acdnfhruvx and this popped out:

root@snf-25181:~# locate acdnfhruvx
/etc/init.d/acdnfhruvx
/etc/rc1.d/S01acdnfhruvx
/etc/rc2.d/S01acdnfhruvx
/etc/rc3.d/S01acdnfhruvx
/etc/rc4.d/S01acdnfhruvx
/etc/rc5.d/S01acdnfhruvx

The contents of one of them (they are all the same): root@snf-25181:~# cat /etc/init.d/acdnfhruvx #!/bin/sh

chkconfig: 12345 90 90
description: acdnfhruvx
BEGIN INIT INFO
Provides: acdnfhruvx
Required-Start:
Required-Stop:
Default-Start: 1 2 3 4 5
Default-Stop:
Short-Description: acdnfhruvx
END INIT INFO
case $1 in
start)
/bin/acdnfhruvx
;;
stop)
;;
*)
/bin/acdnfhruvx   
;;
esac    

This was found after a restart, so /bin/acdnfhruvx was nowhere. Later I found exes (ELF Formatted) at /usr/bin (I think I can share it if there is a brave man among you)

An extensive list of the commands I saw the machine executing without knowing origin (from successive ps -ejs and ps auxes:

root     27755  0.0  0.0   1424  1036 ?        Ss   17:40   0:00 ifconfig                        
root     27759  0.0  0.0   1424  1036 ?        Ss   17:40   0:00 who                        
root     27760  0.0  0.0   1424  1040 ?        Ss   17:40   0:00 echo "find"                        
root     27761  0.0  0.0   1424  1036 ?        Ss   17:40   0:00 top                        
root     27762  0.0  0.0   1424  1036 ?        Ss   17:40   0:00 id                        
root     27805  0.0  0.0   1424  1036 ?        Ss   17:40   0:00 gnome-terminal                        
root     27809  0.0  0.0   1424  1040 ?        Ss   17:40   0:00 ifconfig                        
root     27810  0.0  0.0   1424  1044 ?        Ss   17:40   0:00 sh                        
root     27811  0.0  0.0   1424  1040 ?        Ss   17:40   0:00 sleep 1                        
root     27822  0.0  0.0   1424  1040 ?        Ss   17:40   0:00 netstat -an                        
root     27826  0.0  0.0   1424  1036 ?        Ss   17:40   0:00 top                        
root     27829  0.0  0.0   1424  1040 ?        Ss   17:40   0:00 bash                        
root     27833  0.0  0.0   1424  1040 ?        Ss   17:40   0:00 cd /etc                        
root     27834  0.0  0.0   1424  1040 ?        Ss   17:40   0:00 whoami                        
root     27822  0.0  0.0   1424  1040 ?        Ss   17:40   0:00 netstat -an                        
root     27826  0.0  0.0   1424  1036 ?        Ss   17:40   0:00 top                        
root     27829  0.0  0.0   1424  1040 ?        Ss   17:40   0:00 bash                        
root     27833  0.0  0.0   1424  1040 ?        Ss   17:40   0:00 cd /etc                        
root     27834  0.0  0.0   1424  1040 ?        Ss   17:40   0:00 whoami                        

pkilling is pointless, since it always forks, removing files from /etc/init.d/ and /{usr/,}bin is also pointless since after restart there is a new (identical) version of the executable. After all this info, I have two questions: Can I find out HOW I was infected? Can I get rid of this? Thank you in advance!


Source: (StackOverflow)

How do I enable services on a Windows computer via a command line?

On my Sony Viao pcg-811124 laptop with Windows 7, I disabled all non-Windows services through msconfig. When I restarted my laptop, it booted up, but I cannot view the screen, even in safe mode. I may have disabled a driver, but now I have no way of knowing which one.

So, not only do I not know which services I disable and need to enable, I can't seem to even enable the services I know that I have (for example, JungleDisk). When tried to restart it via the command line, I got prompted that I could not restart this service because it had been disabled.

How do I get my services enabled again?


Source: (StackOverflow)

What in the world is ctfmon.exe?

I seem to see "ctfmon.exe" in the running tasks of every Windows PC I've used. I've always called it "capture the flag monitor." What is it really used for, do I need it, and if not, can I safely remove it?


Source: (StackOverflow)

Remove Windows service from command line

I would like to do this because I have a half installed service because of installation failure which is just there, non-functioning.

How can I delete the Windows service using the command line?


Source: (StackOverflow)

Linux : To monitor a Service and restart if stopped?

Actually I'm not so sure whether i should use Shell Scripts, or if there some ways already. But whatever approach we use, i would like to keep a Service running all the time.

Let's say iptables as an example. Then ..

  • Whenever the iptables service is stopped or (in other words) not running, i want it to be started (or restarted) .. automatically whenever it stopped (or not running).
  • In other more simple words, i want to keep a Service up and running all the time.

(May be i could give a fair frequency to check, if doing Real-time checking is the problem. So lets say, every 5 mins)

The only way i could think of, is to use Shell Scripts with Cron Tab.

  • Is there any smart solution please?

Thanks!


Source: (StackOverflow)

Changing windows service display name?

I would like to change the display name of a windows service that has already been created. I have read online that I can just alter the value in the registry. If I alter it in the registry and then relaunch my services window, the new name does not seem to be reflected. I assume if I restart my computer this new name will be reflected but I need a solution that will show up immediately with out having to restart my computer.

Here is an example:

I launch services.exe and right-click on the service I want to change and click properties. In the properties window I see the service name as service1 and the display name as service1. I go into the registry and navigate to

HKLM\system\CurrentControlSet\services\service1.

In here there is a field called DisplayName that is set to service1. I go and change this value to Some Name. After changing this value I relaunch services and I still see service1. When I go to properties of service1, I still see the display name as service1 and not Some Name.


Source: (StackOverflow)

What can a service do on Windows?

What kind malware/spyware could someone put into a service that doesn't have it's own process on windows? I mean services that use svchost.exe for example, like this:
enter image description here

Could a service spy on my keyboard input? Take screenshots? Send/receive data over the internet? Infect other processes or files? Delete files? Kill processes?


Source: (StackOverflow)

Which Google Updater is the one that I should allow to run?

My machine has 5 Google updaters running:

  • Service: Google Update Service (gupdate)

    Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
    
  • Service: Google Update Service (gupdatem)

    Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
    
  • Service: Google Updater Service

    C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    
  • Scheduled Task: GoogleUpdateTaskMachineCore

    Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.

    • Runs at logon of any user
    • Runs daily at 10:08 AM

        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /C
      
  • Scheduled Task: GoogleUpdateTaskMachineUA

    Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.

    • Runs every hour

      C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
      

Now obviously Google doesn't need all these items running at the same time; some are going to be legacy duplicates.

Which one is the current, true, preferred, Google updater?

Would the real Google updater please stand up,
please stand up, please stand up.


My setup:

  • Windows 7 Professional 64-bit
  • Chrome
  • one interactive user account

Source: (StackOverflow)

In Ubuntu, is there a command to show a list of ALL autostart services?

In Ubuntu,

  1. Is there a command to show a list of all autostart services?
  2. Is there a command to check if a service is autostarted at boot time or not?

I did Google and IRC. I can not find the answer. Maybe there no such commands exist in Ubuntu. In the beginning, I thought all autostarted services would be under /etc/rc2.d/, but I was wrong about that. Some ones are configured only under /etc/init/*.conf. Then I tried the chkconfig tool (installed it manually), it does not work all the time. For instance, it gives the wrong result for mongodb which is autostarted from /etc/init/mongodb.conf.

service --status-all and initctl list can only tell the services' current status instead of autostart status. update-rc.d is a command to change the autostart status instead of showing the status.

If there is no answer to my question, I am just wondering why it's so hard to check autostart services in Ubuntu.


Source: (StackOverflow)

Disabling Microsoft Antimalware service

I can't disable the Microsoft Antimalware service (MsMpSvc/MsMpEng.exe). I tried using services.msc, but the Startup Type drop-down is grayed out and I can't change it to Disabled nor stop the service. I also tried msconfig, but when I click Apply, the service gets enabled again. I even tried net stop msmpsvc and got system error 5 (access denied).

Any suggestions?


Source: (StackOverflow)