Scribd Logo
Carica

Benvenuto in Scribd!

  • Xinetd: Verification

    Caricato da

    Saimir Astrit Hydi
    41 visualizzazioni5 pagine
    xinetd

    Titolo originale

    xinetd

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    xinetd

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    41 visualizzazioni5 pagine

    Xinetd: Verification

    Caricato da

    Saimir Astrit Hydi
    xinetd

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 5

    xinetd

    From Wikipedia, the free encyclopedia


    This article needs additional citations for verification. Please help improve this article
    by adding citations to reliable sources. Unsourced material may be challenged and
    removed. (April 2011) (Learn how and when to remove this template message)
    xinetd
    Developer(s) Rob Braun
    Stable release 2.3.15 / 9 May 2012; 5 years ago
    Written in C, Shell[1]
    Operating system Unix-like
    Type Daemon
    License Open source[2]
    web.archive.org/web/20051227095035/http://www.xinetd.org:80/[dead
    Website link]

    In computer networking, xinetd (extended Internet daemon), an open-source super-server


    daemon,[3] runs on many Unix-like systems and manages Internet-based connectivity.

    It offers a more secure alternative to the older inetd ("the Internet daemon"), which most modern
    Linux distributions have deprecated.[4]

    Contents
    1 Description
    2 Configuration
    3 References
    4 External links

    Description
    xinetd listens for incoming requests over a network and launches the appropriate service for that
    request.[5] Requests are made using port numbers as identifiers and xinetd usually launches
    another daemon to handle the request. It can be used to start services with both privileged and
    non-privileged port numbers.

    xinetd features access control mechanisms such as TCP Wrapper ACLs, extensive logging
    capabilities, and the ability to make services available based on time. It can place limits on the
    number of servers that the system can start, and has deployable defense mechanisms to protect
    against port scanners, among other things.
    On some implementations of Mac OS X, this daemon starts and maintains various Internet-
    related services, including FTP and telnet. As an extended form of inetd, it offers enhanced
    security. It replaced inetd in Mac OS X v10.3, and subsequently launchd replaced it in Mac OS
    X v10.4. However, Apple has retained inetd for compatibility purposes.

    Configuration
    Configuration of xinetd resides in the default configuration file /etc/xinetd.conf and
    configuration of the services it supports reside in configuration files stored in the /etc/xinetd.d
    directory. The configuration for each service usually includes a switch to control whether xinetd
    should enable or disable the service.

    An example configuration file for the RFC 868 time server:

    # default: off
    # description: An RFC 868 time server. This protocol provides a
    # site-independent, machine readable date and time. The Time service sends
    back
    # to the originating source the time in seconds since midnight on January
    first
    # 1900.
    # This is the tcp version.
    service time
    {
    disable = yes
    type = INTERNAL
    id = time-stream
    socket_type = stream
    protocol = tcp
    user = root
    wait = no
    }

    # This is the udp version.


    service time
    {
    disable = yes
    type = INTERNAL
    id = time-dgram
    socket_type = dgram
    protocol = udp
    user = root
    wait = yes
    }

    The lines with the "#" character at the beginning are comments without any effect on the service.
    There are two service versions the first one is based on the Transmission Control Protocol (TCP),
    the second one is based on the User Datagram Protocol (UDP). The type and planned usage of a
    service determines the necessary core protocol. In a simple way, the UDP can not handle huge
    data transmissions, because it lacks the abilities to rearrange packages in a specified order or
    guarantee their integrity, but it is faster than TCP. TCP has these functions, but it is slower.
    There are two column in each versions inside the Braces. The first is the type of option, the
    second is the applied variable.

    The disable option is a switch to run a service or not. In most cases the default state is yes. To
    activate the service change it to no.

    There are three types of services. The type is INTERNAL if the service is provided by xinetd,
    RPC when it based on Remote procedure call, they are commonly listed in the /etc/rpc file, or it
    can be UNLISTED when the service is neither in the /etc/services nor in the /etc/rpc files.

    The id is the unique identifier of the service.

    The socket_type determines the way of data transmission through the service. There are three
    types: stream, dgram and raw. This last one is useful, when we want to establish a service based
    on a non-standard protocol.

    With the user option it is possible to choose a user to be the owner of the running service. It is
    highly recommended to choose a non-root user for security reasons.

    When the wait is on yes the xinetd will not receive request for the service if it has a connection.
    So the number of connections is limited to one. It provides very good protection when we want
    to establish only one connection per time.

    There are many more options available for xinetd. In most Linux distributions the full list of
    possible options and their description is accessible with a "man xinetd.conf" command.

    To apply the new configuration a SIGHUP signal must be sent to the xinetd process to make it
    re-read the configuration files. This can be achieved with the following command: kill -
    SIGHUP "PID". PID is the actual process identifier number of the xinetd, which can be obtained
    with the command pgrep xinetd.[6][7]

    References
    1.

    "xinetd-org/xinetd". Retrieved 2014-07-10.


    "COPYRIGHT". 2003-02-19. Retrieved 2014-07-10.
    Wells, Nicholas (2000). "4: Using Simple Network Services". Guide to Linux Installation
    and Administration. 1. Boston, Massachusetts: Cengage Learning EMEA. p. 167.
    ISBN 9780619000974. Retrieved 2017-07-03. [...] the superserver (also called a metaserver)
    [...] listens on multiple network ports and starts the appropriate service when a client connection
    arrives for that port. The most widely used superserver program is called inetd, for Internet
    daemon. Another superserver that is gaining in popularity is xinetd, for extended Internet
    daemon [...].
    Smith, Roderick W. (2001). "Networking". Linux Study Guide. Sybex Press. p. 365. ISBN 0-
    7821-2939-0.
    Negus, C. (2002). "Running Network Services". Red hat Linux 8 Bible. Wiley Publishing
    Inc. p. 1007. ISBN 0-7645-4968-5.
    Linux man page: xinetd.conf(5) http://linux.die.net/man/5/xinetd.conf
    Pere, Lszl (2005). "Hlozati szolgltatsok". GNU/Linux rendszerek zemeltetse II.
    Kiskapu Kft. (Hungary). pp. 107136. ISBN 963-9301-98-1.

    XINETD - Extended Internet Daemon


    April 16, 2017

    I was recently looking into ways to provide ssh access inside linux network namespaces and
    came across xinetd. So I decided to dig more into it. Noting it down here so that I can refer it
    back.

    XINETD
    Its basically a daemon that listens for network requests and services them by spawning more
    processes.

    The master configuration for xinetd lives in /etc/xinetd.conf. Each service managed by
    xinetd has a configuration file in /etc/xinetd.d/.

    Each network service is listed in /etc/services that xinetd could potentially manage.

    Lets look at an example from one of the services in /etc/xinetd.d/ to see how it works:

    An echo service
    This was a default service that was present on my RHEL6 box. There were lots of settings in this
    file which were basically commented. Most of them were self explanatory, so I have omitted
    them for brevity.

    $ sudo cat /etc/xinetd.d/echo-stream


    # This is the configuration for the tcp/stream echo service.

    service echo
    {
    # This is for quick on or off of the service
    disable = yes

    # The next attributes are mandatory for all services


    id = echo-stream
    type = INTERNAL
    wait = no
    socket_type = stream
    # protocol = socket type is usually enough

    echo service simply provides an echo service (duh). But what port does it listen to? The port can
    be checked in /etc/services file, search for echo in file, and on my machine it had an entry
    that looked like this:

    $ sudo cat /etc/services | grep echo


    echo 7/tcp

    The connection will fail, if you try to connect to this port, since the disabled is set to yes in the
    above configuration file.

    $ telnet 172.22.210.126 7
    Trying 172.22.210.126...
    telnet: connect to address 172.22.210.126: Connection refused
    telnet: Unable to connect to remote host

    Lets enable the service by setting disable = no in /etc/xinetd.d/echo-stream. In addition,


    youd need to restart the xinetd service.

    $ sudo service xinetd restart


    Stopping xinetd: [ OK ]
    Starting xinetd: [ OK ]

    Now again, lets try to connect to service.

    $ telnet 172.22.210.126 7
    Trying 172.22.210.126...
    Connected to angoyal-ld2.linkedin.biz.
    Escape character is '^]'.
    hola <---- I said hola to Server.
    hola ----> Server said hola back.
    ^]
    telnet> q
    Connection closed.

    Sweet.

    You can use xinetd to run your own network service and have full control. I have some ideas
    which Ill document if they work.

    So long.

    Potrebbero piacerti anche