xinetd daemon
The xinetd
daemon is a TCP wrapped super service which controls access to a subset of popular network services including FTP, IMAP, and telnet. It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.
When a client host attempts to connect to a network service controlled by xinetd , the super service receives the request and checks for any TCP wrappers access control rules. If access is allowed, xinetd verifies that the connection is allowed under its own access rules for that service and that the service is not consuming more than its allotted amount of resources or in breach of any defined rules. It then starts an instance of the requested service and passes control of the connection to it. Once the connection is established, xinetd does not interfere further with communication between the client host and the server.
The /etc/xinetd.d/ Directory
The files in the /etc/xinetd.d/
directory contains the configuration files for each service managed by xinetd and the names of the files correlate to the service. As with xinetd.conf, these files are read only when the xinetd service is started. For any changes to take effect, the administrator must restart the xinetd service.
# ls -lrt /etc/xinetd.d/ total 60 -rw-r--r--. 1 root root 332 Mar 28 2014 rsync -rw------- 1 root root 1150 Dec 16 2015 time-stream -rw------- 1 root root 1149 Dec 16 2015 time-dgram -rw------- 1 root root 1212 Dec 16 2015 tcpmux-server -rw------- 1 root root 1150 Dec 16 2015 echo-stream -rw------- 1 root root 1148 Dec 16 2015 echo-dgram -rw------- 1 root root 1159 Dec 16 2015 discard-stream -rw------- 1 root root 1157 Dec 16 2015 discard-dgram -rw------- 1 root root 1159 Dec 16 2015 daytime-stream -rw------- 1 root root 1157 Dec 16 2015 daytime-dgram -rw------- 1 root root 1159 Dec 16 2015 chargen-stream -rw------- 1 root root 1157 Dec 16 2015 chargen-dgram -rw-------. 1 root root 429 Aug 22 00:56 rsh -rw-------. 1 root root 376 Aug 22 00:56 rlogin -rw-------. 1 root root 359 Aug 22 00:56 rexec
The format of files in the /etc/xinetd.d/ directory use the same conventions as /etc/xinetd.conf
. The primary reason being the configuration for each service is stored in a separate file is to make customization easier and less likely to effect other services.
To gain an understanding of how these files are structured, consider the /etc/xinetd.d/rsync file:
# cat /etc/xinetd.d/rsync # default: off # description: The rsync server is a good addition to an ftp server, as it \ # allows crc checksumming etc. service rsync { disable = yes flags = IPv6 socket_type = stream wait = no user = root server = /usr/bin/rsync server_args = --daemon log_on_failure += USERID }
These lines control various aspects of the rsync service:
service
– Defines the service name, usually one listed in the /etc/services file.
disable
– Defines whether or not the service is active.
flags
– Sets any of a number of attributes for the connection.
socket_type
– Sets the network socket type to stream.
wait
– Defines whether the service is single-threaded (yes) or multi-threaded (no).
user
– Defines what user ID the process process will run under.
server
– Defines the binary executable to be launched.
server_args
– Defines arguments if any to be passed to binary executable to be launched.
log_on_failure
– Defines logging parameters for log_on_failure in addition to those already defined in xinetd.conf.