xinetd daemon

The xinetd daemon is a TCP wrapped super service which controls access to a subset of popular network services including FTP, IMAP, and telnet. It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.

 

When a client host attempts to connect to a network service controlled by xinetd , the super service receives the request and checks for any TCP wrappers access control rules. If access is allowed, xinetd verifies that the connection is allowed under its own access rules for that service and that the service is not consuming more than its allotted amount of resources or in breach of any defined rules. It then starts an instance of the requested service and passes control of the connection to it. Once the connection is established, xinetd does not interfere further with communication between the client host and the server.

 

The /etc/xinetd.d/ Directory

 

The files in the /etc/xinetd.d/ directory contains the configuration files for each service managed by xinetd and the names of the files correlate to the service. As with xinetd.conf, these files are read only when the xinetd service is started. For any changes to take effect, the administrator must restart the xinetd service.

# ls -lrt /etc/xinetd.d/
total 60
-rw-r--r--. 1 root root  332 Mar 28  2014 rsync
-rw-------  1 root root 1150 Dec 16  2015 time-stream
-rw-------  1 root root 1149 Dec 16  2015 time-dgram
-rw-------  1 root root 1212 Dec 16  2015 tcpmux-server
-rw-------  1 root root 1150 Dec 16  2015 echo-stream
-rw-------  1 root root 1148 Dec 16  2015 echo-dgram
-rw-------  1 root root 1159 Dec 16  2015 discard-stream
-rw-------  1 root root 1157 Dec 16  2015 discard-dgram
-rw-------  1 root root 1159 Dec 16  2015 daytime-stream
-rw-------  1 root root 1157 Dec 16  2015 daytime-dgram
-rw-------  1 root root 1159 Dec 16  2015 chargen-stream
-rw-------  1 root root 1157 Dec 16  2015 chargen-dgram
-rw-------. 1 root root  429 Aug 22 00:56 rsh
-rw-------. 1 root root  376 Aug 22 00:56 rlogin
-rw-------. 1 root root  359 Aug 22 00:56 rexec

 

The format of files in the /etc/xinetd.d/ directory use the same conventions as /etc/xinetd.conf. The primary reason being the configuration for each service is stored in a separate file is to make customization easier and less likely to effect other services.

 

To gain an understanding of how these files are structured, consider the /etc/xinetd.d/rsync file:

# cat /etc/xinetd.d/rsync 
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
#	allows crc checksumming etc.
service rsync
{
	disable	= yes
	flags		= IPv6
	socket_type     = stream
	wait            = no
	user            = root
	server          = /usr/bin/rsync
	server_args     = --daemon
	log_on_failure  += USERID
} 

 

These lines control various aspects of the rsync service:

 

service – Defines the service name, usually one listed in the /etc/services file.

disable – Defines whether or not the service is active.

flags – Sets any of a number of attributes for the connection.

socket_type – Sets the network socket type to stream.

wait – Defines whether the service is single-threaded (yes) or multi-threaded (no).

user – Defines what user ID the process process will run under.

server – Defines the binary executable to be launched.

server_args – Defines arguments if any to be passed to binary executable to be launched.

log_on_failure – Defines logging parameters for log_on_failure in addition to those already defined in xinetd.conf.

 

 

Răspunsul a fost util? 0 utilizatori au considerat informația utilă (0 Voturi)