10.19 iptables规则备份和恢复
10.20 firewalld的9个zone
10.21 firewalld关于zone的操作
10.22 firewalld关于service的操作
10.23 linux任务计划cron
10.24 chkconfig工具
10.25 systemd管理服务
10.26 unit介绍
10.27 target介绍
1. ipables规则备份和恢复
1.1 一般我们设定的防火墙规则只是保存在内存中,并没有保存到某一个文件中,也就说当系统重启后以前设定的规则就没有了。
1.2 如果我们需要备份规则,就是这个/etc/sysconfig/iptables文件内,这个文件就是iptables的配置文件了,如果你遇到备份防火墙规则的任务,其实就是要拷贝一份这个文件的副本。
[root@localhost ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]1.3 将规则备份到别的地方 就用这条命令 iptables-save >/etc/iptables.rule
[root@localhost ~]# iptables-save >/etc/iptables.rule
[root@localhost etc]# cat iptables.rule
# Generated by iptables-save v1.4.21 on Sat Aug 25 02:04:43 2018
*nat
:PREROUTING ACCEPT [218:20066]
:INPUT ACCEPT [169:16360]
:OUTPUT ACCEPT [259:19671]
:POSTROUTING ACCEPT [260:19723]
-A PREROUTING -d 192.168.1.150/32 -p tcp -m tcp --dport 1122 -j DNAT --to-destination 192.168.100.11:22
-A POSTROUTING -s 192.168.100.0/24 -o ens33 -j MASQUERADE
-A POSTROUTING -s 192.168.100.0/24 -o ens33 -j MASQUERADE
-A POSTROUTING -d 192.168.100.0/24 -o ens33 -j MASQUERADE
-A POSTROUTING -s 192.168.100.11/32 -j SNAT --to-source 192.168.1.150
COMMIT
# Completed on Sat Aug 25 02:04:43 2018
# Generated by iptables-save v1.4.21 on Sat Aug 25 02:04:43 2018
*filter
:INPUT ACCEPT [1154:98537]
:FORWARD ACCEPT [206:21084]
:OUTPUT ACCEPT [848:73807]
COMMIT
# Completed on Sat Aug 25 02:04:43 2018
1.4 恢复备份的规则 iptables-restore</etc/iptables.rule
[root@localhost etc]# iptables -A INPUT -s 192.168.0.125 -j DROP
[root@localhost etc]# iptables -nvL// 首先我们给iptables增加一条规则
Chain INPUT (policy ACCEPT 22 packets, 1608 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 192.168.0.125 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 15 packets, 1428 bytes)
pkts bytes target prot opt in out source destination
[root@localhost etc]# iptables-save > /etc/iptables.rule //将规则保存
[root@localhost etc]# iptables -F //清空规则
[root@localhost etc]# iptables -nvL //我们可以看到刚刚的规则没有了
Chain INPUT (policy ACCEPT 22 packets, 1608 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 15 packets, 1428 bytes)
pkts bytes target prot opt in out source destination
[root@localhost etc]# iptables-restore < /etc/iptables.rule //将规则恢复过来
[root@localhost etc]# iptables -nvL //再查看的时候这条规则就有了
Chain INPUT (policy ACCEPT 24 packets, 1724 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 192.168.0.125 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 16 packets, 1504 bytes)
pkts bytes target prot opt in out source destination 2.firewalld的9个zone
2.1 由于之前我们做实验把firewalld给禁掉了,现在我们把它恢复过来。
[root@localhost etc]# systemctl disable iptables
Removed symlink /etc/systemd/system/basic.target.wants/iptables.service.
[root@localhost etc]# systemctl stop iptables
[root@localhost etc]# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
[root@localhost etc]# systemctl start firewalld
2.2 firewalld的9个zone
[root@localhost etc]# firewall-cmd --get-zones
block dmz drop external home internal public trusted work
- 默认zone为public
- drop(丢弃):任何接受的网络数据包都被丢弃,没有任何恢复,仅能有发送出去的网络连接(数据包不能进来,但是可以出去)
- block(限制):任何接受的网络连接都被IPv4的icmp-host-prohibited信息和IPv6的icmp6-adm-prohibited信息所拒绝。(和drop相比,比较宽松一些,主要是为了针对icmp)
- piblic(公共):在公共区域内使用,不能相信网络内其他计算机不会对你造成危害,只能接受经过选取的连接。
- external(外部):特别是为路由器启用了伪装功能的外部网,你不能信任来自网络的其他计算,不能相信他们不会对你造成伤害,只能接受经过选择的连接。
- dmz(非军事区):用于你的非军事区内的电脑,此区域可公开访问,可以有限的进入你的内部网络,仅仅接受经过选择的连接。
- work(工作):用于工作区,你可以基本信任网络内的其他电脑不会对你造成危害,仅仅接收经过选择的连接。
- home(家庭):用于内部网络,你可以基本上信任网络内其他电脑不会对你造成危害,仅仅接收经过选择的连接。
- internal(内部):用于内部网络,你可以基本上信任网络内其他电脑不会对你造成危害,仅仅接收经过选择的连接。
- trusted(信任):可接受所有的网络连接。
[root@localhost etc]# firewall-cmd --get-default-zone
public
3.firewalld关于zone的操作
3.1 设定默认zone(现在默认的是public我们给设定为work)
[root@localhost etc]# firewall-cmd --get-default-zone
public
[root@localhost etc]# firewall-cmd --set-default-zone=work
success
[root@localhost etc]# firewall-cmd --get-default-zone
work
3.2 查指定网卡的zone
[root@localhost etc]# firewall-cmd --get-zone-of-interface=ens33
work
[root@localhost etc]# firewall-cmd --get-zone-of-interface=lo
no zone
3.3给指定网卡设置zone,这里我们lo是没有zone的我们给他设定为public
[root@localhost etc]# firewall-cmd --get-zone-of-interface=lo
no zone
[root@localhost etc]# firewall-cmd --zone=public --add-interface=lo
success
[root@localhost etc]# firewall-cmd --get-zone-of-interface=lo
public
3.4 给指定网卡更改zone或者删除zone
[root@localhost etc]# firewall-cmd --zone=block --change-interface=lo
//将这个网卡zone改为block
success
[root@localhost etc]# firewall-cmd --get-zone-of-interface=lo
block
[root@localhost etc]# firewall-cmd --remove-interface=lo //删除这个网卡的相关zone
success
[root@localhost etc]# firewall-cmd --get-zone-of-interface=lo
no zone
3.5 查看系统所有网卡的zone
[root@localhost etc]# firewall-cmd --get-active-zones
work
interfaces: ens33
4.firewalld关于service的操作
4.1 查看所有的services 和查看当前zone下有哪些services
[root@localhost etc]# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server
[root@localhost etc]# firewall-cmd --list-services //当前只有两个服务
ssh dhcpv6-client
4.2 将相应的服务加入到zone下面去,也可以移除相关服务,在配置文件中加入相关服务
[root@localhost etc]# firewall-cmd --get-default-zone
work
[root@localhost etc]# firewall-cmd --zone=work --add-service=http
//将http服务加入默认的zone中
success
[root@localhost etc]# firewall-cmd --list-services //这里可以看到多了一个http
ssh dhcpv6-client http
//移除相关服务从zone中
[root@localhost etc]# firewall-cmd --zone=work --remove-service=http
success
[root@localhost etc]# firewall-cmd --list-services
ssh dhcpv6-client4.3 自定义ftp服务端口号为1121,在work zone下面放行ftp
//首先我们把相关服务配置文件拷贝到/etc/firewalld/services
[root@localhost etc]# cp /usr/lib/firewalld/services/ftp.xml /etc/firewalld/services
//修改配置文件
[root@localhost etc]# vi /etc/firewalld/ftp.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>FTP</short>
<description>FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.</description>
<port protocol="tcp" port="1121"/> //修改相应端口号
<module name="nf_conntrack_ftp"/>
</service>
//拷贝相关配置文件到/etc/firewalld/zones
[root@localhost etc]# cp /usr/lib/firewalld/zones/work.xml /etc/firewalld/zones/
[root@localhost etc]# vi /etc/firewalld/zones/work/xml //修改相关配置文件
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Work</short>
<description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>//增加相关服务名称
<service name="dhcpv6-client"/>
</zone>
//加载相关配置文件
[root@localhost etc]# firewall-cmd --reload
success
[root@localhost etc]# firewall-cmd --zone=work --list-services
ssh ftp dhcpv6-client
5. linux任务计划cron
5.1我们做为运维工程师有些系统管理工作都是通过定期自动执行某一个脚本来完成的,那么如何定期执行某一个脚本呢?这就要借助linux的cron功能了。
5.2关于cron任务计划功能的操作都是通过crontab这个命令来完成的。其中常用的选项有:
-u :指定某个用户,不加-u选项则为当前用户;
-e :制定计划任务;
-l :列出计划任务;
-r :删除计划任务。
5.3 crontab示例:每周日3点执行 “/bin/sh /usr/local/sbin/backup.sh”
[root@localhost etc]# crontab -l //刚开始里面是没有任务计划的
no crontab for root
[root@localhost etc]# crontab -e //创建任务计划
no crontab for root - using an empty one
crontab: installing new crontab
[root@localhost etc]# crontab -l //这里就可以看到有了任务计划
0 3 * * 7 /bin/sh /usr/local/sbin/backup.sh 5.4 查看相关用户的任务计划 启动cronb服务
[root@localhost etc]# cat /var/spool/cron/root
0 3 * * 7 /bin/sh /usr/local/sbin/backup.sh
[root@localhost etc]# systemctl status crond.service
● crond.service - Command Scheduler
Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-08-24 21:04:17 EDT; 7h ago
Main PID: 644 (crond)
CGroup: /system.slice/crond.service
└─644 /usr/sbin/crond -n
Aug 24 21:04:17 localhost.localdomain systemd[1]: Started Command Scheduler.
Aug 24 21:04:17 localhost.localdomain systemd[1]: Starting Command Scheduler...
Aug 24 21:04:17 localhost.localdomain crond[644]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 42% if used.)
Aug 24 21:04:17 localhost.localdomain crond[644]: (CRON) INFO (running with inotify support)
6.chkconfig工具
6.1 chkconfig命令主要用来更新(启动或停止)和查询系统服务的运行级信息。谨记chkconfig不是立即自动禁止或激活一个服务,它只是简单的改变了符号连接。
6.2 chkconfig --list #列出所有的系统服务
[root@localhost etc]# chkconfig -list
-list: unknown option
[root@localhost etc]# chkconfig --list
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
6.3 chkconfig --level netconsole 3 on #设置network在运行级别为3的情况下都是on(开启)的状态
[root@localhost etc]# chkconfig --level 3 netconsole on
\[root@localhost etc]# chkconfig --list
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
netconsole 0:off 1:off 2:off 3:on 4:off 5:off 6:off
6.4 在chkconfig工具服务列表中增加和删除相关服务
[root@localhost etc]# chkconfig --del network //删除network服务
[root@localhost etc]# chkconfig --list
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
netconsole 0:off 1:off 2:off 3:on 4:off 5:off 6:off
[root@localhost etc]# chkconfig --add network //增加network服务
[root@localhost etc]# chkconfig --list
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
netconsole 0:off 1:off 2:off 3:on 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off7. systemd管理服务
7.1 Systemctl是一个系统管理守护进程、工具和库的集合,用于取代System V、service和chkconfig命令,初始进程主要负责控制systemd系统和服务管理器。该命令主要分为:查询或发送控制命令给systemd服务,管理单元服务的命令,服务文件的相关命令,任务、环境、快照相关命令,systemd服务的配置重载,系统开机关机相关的命令。
7.2 列出所有服务
[root@localhost etc]# systemctl list-units --all --type=service
UNIT LOAD ACTIVE SUB DESCRIPTION
auditd.service loaded active running Security Auditing Service
chronyd.service loaded active running NTP client/server
cpupower.service loaded inactive dead Configure CPU power related settings
crond.service loaded active running Command Scheduler
dbus.service loaded active running D-Bus System Message Bus
● display-manager.service not-found inactive dead display-manager.service
dm-event.service loaded inactive dead Device-mapper event daemon
dracut-shutdown.service loaded inactive dead Restore /run/initramfs
ebtables.service loaded inactive dead Ethernet Bridge Filtering tables
emergency.service loaded inactive dead Emergency Shell
● exim.service not-found inactive dead exim.service
firewalld.service loaded active running firewalld - dynamic firewall daemon
[email protected] loaded active running Getty on tty1
ip6tables.service loaded inactive dead IPv6 firewall with ip6tables
● ipset.service not-found inactive dead ipset.service
iptables.service loaded inactive dead IPv4 firewall with iptables
irqbalance.service loaded inactive dead irqbalance daemon
● kdump.service loaded failed failed Crash recovery kernel arming
kmod-static-nodes.service loaded active exited Create list of required static device nodes for the c
● lvm2-activation.service not-found inactive dead lvm2-activation.service
lvm2-lvmetad.service loaded active running LVM2 metadata daemon
lvm2-lvmpolld.service loaded inactive dead LVM2 poll daemon
lvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etc. using dmev
lvm2-pvscan@8:2.service loaded active exited LVM2 PV scan on device 8:2
microcode.service loaded inactive dead Load CPU microcode update
netconsole.service loaded inactive dead SYSV: Initializes network console logging
network.service loaded active exited LSB: Bring up/down networking
7.3 systemctl 如何启动、重启、停止、重载服务以及检查服务状态
# systemctl start crond.service //开启crond服务
# systemctl restart crond.service //重启crond服务
# systemctl stop crond.service //停止crond服务
# systemctl enable crond.service //设置开机启动
# systemctl diable crond.service //禁止开机启动
# systemctl status crond.service //查看服务相关状态
# systemctl is-active mysql.service //检查相关服务是否开机启动
注意:当我们使用systemctl的start,restart,stop和reload命令时,终端不会输出任何内容,只有status命令可以打印输出。
[root@localhost etc]# systemctl status crond.service
● crond.service - Command Scheduler
Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-08-24 21:04:17 EDT; 8h ago
Main PID: 644 (crond)
CGroup: /system.slice/crond.service
└─644 /usr/sbin/crond -n
Aug 24 21:04:17 localhost.localdomain systemd[1]: Started Command Scheduler.
Aug 24 21:04:17 localhost.localdomain systemd[1]: Starting Command Scheduler...
Aug 24 21:04:17 localhost.localdomain crond[644]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 42% if used.)
Aug 24 21:04:17 localhost.localdomain crond[644]: (CRON) INFO (running with inotify support)
[root@localhost etc]# systemctl enable crond.service8.unit介绍
systemd开启和监督整个系统是基于unit的概念。unit是由一个与配置文件名同名的名字和类型组成的(例如:avahi.service unit有一个具有相同名字的配置文件,它是守护进程avahi的一个封装单元)
8.1 列出系统所有unit
[root@localhost etc]# ls /usr/lib/systemd/system
arp-ethers.service local-fs.target.wants [email protected]
auditd.service lvm2-lvmetad.service sshd.socket
[email protected] lvm2-lvmetad.socket suspend.target
basic.target lvm2-lvmpolld.service swap.target
basic.target.wants lvm2-lvmpolld.socket sys-fs-fuse-connections.mount
blk-availability.service lvm2-monitor.service sysinit.target
bluetooth.target [email protected] sysinit.target.wants
brandbot.path machine.slice sys-kernel-config.mount
brandbot.service machines.target sys-kernel-debug.mount
[email protected] messagebus.service syslog.socket
[email protected] microcode.service syslog.target.wants
chronyd.service multi-user.target systemd-ask-password-console.path8.2. unit有以下几种类型:
- service:代表一个后台服务进程,比如 mysqld。这是最常用的一类。
- socket:此类配置单元封装系统和互联网中的一个套接字。当下,systemd支持流式,数据报和连续包的 AF_INET,AF_INET6,AF_UNIX socket。每个套接字配置单元都有一个相应的服务配置单元,相应的服务在第一个“连接”进入套接字时就会启动(例如:nscd.socket在有新连接后便启动nscd.service)。
- device:此类配置单元封装一个存在于Linux设备树中的设备。每个使用udev规则标记的设备都将会在systemd中作为一个设备配置单元出现。
- mount:此类配置单元封装文件系统结构层次中的一个挂载点。systemd将对这个挂载点进行监控和管理。比如,可以在启动时自动将其挂载,可以在某些条件下自动卸载。systemd会将/etc/fstab中的条目都转换为挂载点,并在开机时处理。
- automount:此类配置单元封装系统结构层次中的一个自挂载点。每个自挂载配置单元对应一个挂载配置单元,当该自动挂载点被访问时,systemd执行挂载点中定义的挂载行为。
- Swap:和挂载配置单元类似,交换配置单元用来管理交换分区。用户可以用交换配置单元来定义系统中的交换分区,可以让这些交换分区在启动时被激活。
- target:此类配置单元为其他配置单元进行逻辑分组。它们本身实际上并不做什么,只是引用其他配置单元而已,这样便可以对配置单元做一个统一的控制,就可以实现大家都非常熟悉的运行级别的概念。比如,想让系统进入图形化模式,需要运行许多服务和配置命令,这些操作都由一个个的配置单元表示,将所有的这些配置单元组合为一个目标(target),就表示需要将这些配置单元全部执行一遍,以便进入目标所代表的系统运行状态(例如:multi-user.target相当于在传统使用sysv的系统中运行级别5)。
- timer:定时器配置单元用来定时触发用户定义的操作。这类配置单元取代了atd,crond等传统的定时服务
8.2 列出状态为inactive的unit,列出状态为active的service
//列出状态为inactive的unit
[root@localhost etc]# systemctl list-units --all --state=inactive
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.mount loaded inactive dead Arbitrary Executable File Formats File System
sys-fs-fuse-connections.mount loaded inactive dead FUSE Control File System
tmp.mount loaded inactive dead Temporary Directory
systemd-ask-password-console.path loaded inactive dead Dispatch Password Requests to Console Directory Watch
cpupower.service loaded inactive dead Configure CPU power related settings
● display-manager.service not-found inactive dead display-manager.service
dm-event.service loaded inactive dead Device-mapper event daemon
dracut-shutdown.service loaded inactive dead Restore /run/initramfs
//列出状态为active的service
[root@localhost etc]# systemctl list-units --all --type=service
UNIT LOAD ACTIVE SUB DESCRIPTION
auditd.service loaded active running Security Auditing Service
chronyd.service loaded active running NTP client/server
cpupower.service loaded inactive dead Configure CPU power related settings
crond.service loaded active running Command Scheduler
dbus.service loaded active running D-Bus System Message Bus
● display-manager.service not-found inactive dead display-manager.service
dm-event.service loaded inactive dead Device-mapper event daemon
dracut-shutdown.service loaded inactive dead Restore /run/initramfs
ebtables.service loaded inactive dead Ethernet Bridge Filtering tables
emergency.service loaded inactive dead Emergency Shell
9. target介绍
9.1 列出系统中所有target
[root@localhost etc]# systemctl list-unit-files --type=target
UNIT FILE STATE
basic.target static
bluetooth.target static
cryptsetup-pre.target static
cryptsetup.target static
ctrl-alt-del.target disabled
default.target enabled
emergency.target static
final.target static
getty-pre.target static
getty.target static
graphical.target static
halt.target disabled
hibernate.target static
hybrid-sleep.target static
initrd-fs.target static
initrd-root-fs.target static
initrd-switch-root.target static
initrd.target static
9.2 查看指定target下面有哪些unit
[root@localhost etc]# systemctl list-dependencies basic.target
basic.target
● ├─microcode.service
● ├─rhel-dmesg.service
● ├─[email protected]
● ├─paths.target
● ├─slices.target
● │ ├─-.slice
● │ └─system.slice
● ├─sockets.target
● │ ├─dbus.socket
● │ ├─dm-event.socket
● │ ├─systemd-initctl.socket
● │ ├─systemd-journald.socket
● │ ├─systemd-shutdownd.socket
● │ ├─systemd-udevd-control.socket
● │ └─systemd-udevd-kernel.socket
● ├─sysinit.target
● │ ├─dev-hugepages.mount
● │ ├─dev-mqueue.mount
● │ ├─kmod-static-nodes.service
● │ ├─lvm2-lvmetad.socket
9.3 查看系统默认的target
[root@localhost etc]# systemctl get-default
multi-user.target9.4查看哪个服务属于哪个target
[root@localhost etc]# cat /usr/lib/systemd/system/sshd.service
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service
[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s
//这里可以看到属于哪个target
[Install]
WantedBy=multi-user.target