– General Linux 2 – Configure and manage inetd, xinetd, and related services (Linux Professional Institute Certification) Copyright c 2003 Angus Lees. Permission is granted to make and distribute verbatim copies or modified versions of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation—either version 2 of the License or (at your option) any later version. $Id: gl2.113.1.slides.tex,v 1.1 2003/10/25 04:33:06 anguslees Exp $ 1 Configure and manage inetd, xinetd, and related ser Objective Candidates should be able to configure which services are available through inetd, use tcpwrappers to allow or deny services on a host-by-host basis, manually start, stop, and restart internet services, configure basic network services including telnet and ftp. Set a service to run as another user instead of the default in inetd.conf. 2 Configure and manage inetd, xinetd, and related ser Key files, terms and utilities /etc/inetd.conf /etc/hosts.allow /etc/hosts.deny /etc/services /etc/xinetd.conf /etc/xinetd.log 3 inetd/xinetd The internet “super-server” A daemon which listens on many ports and fires off the appropriate command to handle incoming requests Controlled through /etc/inetd.conf xinetd is an enhanced replacement 4 inetd.conf Fields are: service name sock type proto flags user server path args # UW-IMAP server imap2 stream tcp imap3 stream tcp imaps stream tcp # Exim mail server smtp stream tcp nowait nowait nowait root root root /usr/sbin/tcpd /usr/sbin/tcpd /usr/sbin/tcpd /usr/sbin/imapd /usr/sbin/imapd /usr/sbin/imapd nowait mail /usr/sbin/exim exim -bs 5 inetd.conf – Internal services Built-in services (often disabled) echo echo chargen chargen discard discard daytime daytime time time stream dgram stream dgram stream dgram stream dgram stream dgram tcp udp tcp udp tcp udp tcp udp tcp udp nowait wait nowait wait nowait wait nowait wait nowait wait root root root root root root root root root root internal internal internal internal internal internal internal internal internal internal 6 hosts.allow / hosts.deny “TCP Wrappers” aka tcpd Manpage is hosts access(5) # /etc/hosts.allow sshd: ALL imapd: 10.0.6.19 ALL: 10.0.128.96/255.255.255.224 # /etc/hosts.deny #ALL: PARANOID ALL: ALL 7 xinetd Same idea—ludicrous number of options service smtp { socket_type protocol wait user server server_args } = = = = = = stream tcp no mail /usr/sbin/exim -bs 8