1. Context 1.113.1 2 1 Context Topic 113 Networking Services [24] 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Linux Professional Institute Certification — 102 1.113.1 Configure and manage inetd, xinetd, and related services [4] 1.113.2 Operate and perform basic configuration of sendmail [4] 1.113.3 Operate and perform basic configuration of Apache [4] 1.113.4 Properly manage the NFS, smb, and nmb daemons [4] 1.113.5 Setup and configure basic DNS services [4] 1.113.7 Set up secure shell (OpenSSH) [4] Angus Lees gus@inodes.org Geoffrey Robertson ge@ffrey.com Nick Urbanik nicku@nicku.org This document Licensed under GPL—see section 6 2 Objective 2005 July Outline Description of Objective Candidates should be able to configure which services are available through inetd, use tcpwrappers to allow or deny services on a host-by-host basis, manually start, stop, and restart internet services, configure basic network services including telnet and ftp. Set a service to run as another user instead of the default in inetd.conf. Key files, terms, and utilities include: /etc/inetd.conf — configuration file for the older inetd Contents 1 2 3 Context Objective inetd, xinetd 3.1 inetd.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . tcpwrappers xinetd License Of This Document 2 2 3 3 4 4 4 /etc/hosts.allow — TCP Wrappers configuration file, consulted first /etc/hosts.deny — TCP Wrappers configuration file, consulted second /etc/services — file mapping service names ↔ network ports /etc/xinetd.conf — configuration file for xinetd, which has built-in support for TCP Wrappers, so is now used more than inetd /etc/xinetd.log — a file that appears to exist only in LPI objectives, but see 4 5 6 $ man 5 xinetd.log ← 3. inetd, xinetd 1.113.1 3 4. tcpwrappers 1.113.1 4 3 inetd, xinetd • The internet “super-server” • A daemon which listens on many ports and fires off the appropriate command to handle incoming requests • inetd is used in older/smaller systems – Controlled through /etc/inetd.conf • xinetd is an enhanced replacement – Controlled through /etc/xinetd.conf. . . – . . . and through individual files in directory /etc/xinetd.d/ 4 tcpwrappers inetd/xinetd hosts.allow / hosts.deny Manpage is hosts_access(5) # /etc/hosts.allow sshd: ALL imapd: 10.0.6.19 ALL: 10.0.128.96/255.255.255.224 # /etc/hosts.deny #ALL: PARANOID ALL ALL: 5 xinetd • Same function as inetd • Has built-in support for TCP Wrappers, so is now used for recent distributions instead of inetd • package management system (i.e., dpkg, rpm) drops a file into directory /etc/xinetd.d/ instead of having to edit /etc/inetd.conf 3.1 inetd.conf Fields are: service_name sock_type proto flags user server_path args # UW-IMAP server imap2 stream tcp imap3 stream tcp imaps stream tcp # Exim mail server smtp stream tcp nowait nowait nowait root root root /usr/sbin/tcpd /usr/sbin/tcpd /usr/sbin/tcpd /usr/sbin/imapd /usr/sbin/imapd /usr/sbin/imapd xinetd nowait mail /usr/sbin/exim exim -bs • Here is such a file for the exim mail server to run under xinetd: Built-in services (often disabled) echo echo chargen chargen discard discard daytime daytime time time stream dgram stream dgram stream dgram stream dgram stream dgram tcp udp tcp udp tcp udp tcp udp tcp udp nowait wait nowait wait nowait wait nowait wait nowait wait root root root root root root root root root root internal internal internal internal internal internal internal internal internal internal service smtp { socket_type protocol wait user server server_args } = = = = = = stream tcp no mail /usr/sbin/exim -bs 6 License Of This Document License Of This Document Copyright c 2005, 2003 Angus Lees , Geoffrey Robertson and Nick Urbanik . 6. License Of This Document 1.113.1 5 Permission is granted to make and distribute verbatim copies or modified versions of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation—either version 2 of the License or (at your option) any later version.