Inventory the system’s active services and targets, then validate operational control by safely restarting SSH. Disable and hard-block a non-approved service, then apply unit changes correctly using manager reload and re-exec.
You are on a production server that runs multiple services. Your team lead asks you to confirm the default boot target, review loaded services, validate SSH health, and remove a non-approved web service from startup. You also need to apply systemd configuration changes correctly after unit edits.
This is baseline service-control work. You gather evidence, make controlled changes, and prove the manager and units are in the state you think they are.
status is your single view for health, unit file location, and recent logs.
daemon-reload re-reads unit files; daemon-reexec re-executes the
manager process.
systemctl get-default
The default target is the intended boot mode. It is the first quick check when you need to understand what the system is supposed to be doing at startup.
multi-user.target
systemctl list-units --type=service
This is runtime state: what systemd currently has loaded, active, and running. Use it to confirm what is actually on the box right now.
UNIT LOAD ACTIVE SUB DESCRIPTION
ssh.service loaded active running OpenBSD Secure Shell server
cron.service loaded active running Regular background program processing daemon
systemd-journald.service loaded active running Journal Service
... (truncated)
systemctl status ssh
status shows whether the unit is active, where it is defined, and the most recent log lines. This
is where you confirm “healthy” versus “running but degraded.”
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled)
Active: active (running) since Fri 2025-07-18 10:22:13 UTC; 3h 22min ago
Docs: man:sshd(8)
man:sshd_config(5)
Restarting SSH can disrupt remote access. In a real change window, ensure you have a fallback session or console access before you restart.
sudo systemctl restart ssh
Restart is a controlled way to prove you can operate the unit. After restart, verify the unit is still active and that your session remains stable.
# No output on success
sudo systemctl disable apache2
Disabling removes the startup linkage so the unit does not come up on reboot. It does not prevent a manual start by an operator or dependency.
Removed /etc/systemd/system/multi-user.target.wants/apache2.service.
sudo systemctl mask apache2
Masking is stronger than disabling. It prevents the unit from being started, even manually, by linking it to
/dev/null.
Created symlink /etc/systemd/system/apache2.service → /dev/null.
sudo systemctl daemon-reload
Use daemon-reload after editing unit files or drop-ins so systemd re-reads definitions. Without
this, you can be operating on stale configuration.
# No output on success
sudo systemctl daemon-reexec
daemon-reexec re-executes the systemd manager process itself. Use it when manager-level behavior
changes must be picked up without a reboot.
# No output on success
The service name may differ by distro. Confirm the unit name with
systemctl list-unit-files --type=service | grep -i ssh
and retry using the exact unit name.
This is an operational failure. Use console access or a second session for safety when operating on remote access services. Validate configuration before restart in change windows.
Disable affects startup, not current runtime. If you need it stopped now, use a stop operation, then confirm
state with systemctl status.
Some services are templated or have alias units. Confirm the real unit name, then mask the correct unit file.
Use systemctl cat <unit> to see what is being loaded.
daemon-reload re-reads unit files, but does not restart services. If you changed unit content, you
may still need a controlled restart to apply runtime behavior.
This lab can leave the web service disabled and masked. If this was a controlled exercise, revert those changes so the system returns to its original policy state.
systemctl status ssh
systemctl get-default
systemctl list-units --type=service
sudo systemctl unmask apache2
sudo systemctl enable apache2
The system target and service inventory look normal, SSH remains healthy, and the web service policy is set to the expected state for your environment.
systemctl get-default : Prints the default boot target (intended boot mode).
systemctl list-units --type=service : Lists loaded service units and their runtime state.
--type=service : Restricts output to service units.systemctl status <unit> : Shows unit health, recent log lines, and unit file location.
systemctl restart <unit> : Restarts a unit immediately (may disrupt active connections).
systemctl disable <unit> : Prevents a unit from starting at boot by removing enablement links.
systemctl mask <unit> : Hard-blocks a unit from starting by linking it to /dev/null.
systemctl unmask <unit> : Removes a mask so the unit can be started again.
systemctl enable <unit> : Enables a unit to start at boot by creating target wants links.
systemctl daemon-reload : Re-reads unit files after changes to unit definitions or drop-ins.
systemctl daemon-reexec : Re-executes the systemd manager process to pick up manager-level changes.