glfs/server/major/xinetd.xml

756 lines
20 KiB
XML
Raw Normal View History

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY xinetd-download-http "http://www.xinetd.org/xinetd-&xinetd-version;.tar.gz">
<!ENTITY xinetd-download-ftp "ftp://ftp.fu-berlin.de/unix/linux/mirrors/gentoo/distfiles/xinetd-&xinetd-version;.tar.gz">
<!ENTITY xinetd-md5sum "567382d7972613090215c6c54f9b82d9">
<!ENTITY xinetd-size "301 KB">
<!ENTITY xinetd-buildsize "4.4 MB">
<!ENTITY xinetd-time "less than 0.1 SBU">
]>
<sect1 id="xinetd" xreflabel="xinetd-&xinetd-version;">
<?dbhtml filename="xinetd.html"?>
<sect1info>
<othername>$LastChangedBy$</othername>
<date>$Date$</date>
</sect1info>
<title>xinetd-&xinetd-version;</title>
<indexterm zone="xinetd">
<primary sortas="a-Xinetd">Xinetd</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to xinetd</title>
<para><application>xinetd</application> is the eXtended InterNET services
daemon, a secure replacement for <command>inetd</command>.</para>
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>Download (HTTP): <ulink url="&xinetd-download-http;"/></para>
</listitem>
<listitem>
<para>Download (FTP): <ulink url="&xinetd-download-ftp;"/></para>
</listitem>
<listitem>
<para>Download MD5 sum: &xinetd-md5sum;</para>
</listitem>
<listitem>
<para>Download size: &xinetd-size;</para>
</listitem>
<listitem>
<para>Estimated disk space required: &xinetd-buildsize;</para>
</listitem>
<listitem>
<para>Estimated build time: &xinetd-time;</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">xinetd Dependencies</bridgehead>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional"><xref linkend="tcpwrappers"/> and
<ulink url="http://www.avahi.org">Avahi</ulink></para>
<para condition="html" role="usernotes">User Notes:
<ulink url="&blfs-wiki;/xinetd"/></para>
</sect2>
<sect2 role="installation">
<title>Installation of xinetd</title>
<para>Install <application>xinetd</application> by running the following
commands:</para>
<screen><userinput>./configure --prefix=/usr --with-loadavg &amp;&amp;
make</userinput></screen>
<para>This package does not come with a test suite.</para>
<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
<screen role="root"><userinput>make install</userinput></screen>
</sect2>
<sect2 role="configuration">
<title>Configuring xinetd</title>
<sect3 id="xinetd-config">
<title>Config Files</title>
<para><filename>/etc/xinetd.conf</filename> and
<filename class='directory'>/etc/xinetd.d/*</filename></para>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d">/etc/xinetd.d/*</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>Ensure the path to all daemons is
<filename class="directory">/usr/sbin</filename>, rather than the default
path of <filename class="directory">/usr/etc</filename>, and install the
<application>xinetd</application> configuration files by running the
following commands as the <systemitem class="username">root</systemitem>
user:</para>
<screen role="root"><userinput>cat &gt; /etc/xinetd.conf &lt;&lt; "EOF"
<literal># Begin /etc/xinetd
# Configuration file for xinetd
#
defaults
{
instances = 60
log_type = SYSLOG daemon
log_on_success = HOST PID USERID
log_on_failure = HOST USERID
cps = 25 30
}
# All service files are stored in the /etc/xinetd.d directory
#
includedir /etc/xinetd.d
# End /etc/xinetd</literal>
EOF</userinput></screen>
<para>All of the following files have the statement, "disable = yes".
To activate any of the services, this statement will need to be changed
to "disable = no".</para>
<note>
<para>The following files are listed to demonstrate classic
<application>xinetd</application> applications. In many cases, these
applications are not needed. In some cases, the applications are
considered security risks. For example, <command>telnet</command>,
<command>rlogin</command>, <command>rexec</command>, and
<command>rsh</command> transmit unencrypted usernames and passwords
over the network and can be easily replaced with a more secure
alternative: <command>ssh</command>.</para>
</note>
<screen role="root"><userinput>install -v -d -m755 /etc/xinetd.d &amp;&amp;
cat &gt; /etc/xinetd.d/login &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/login
service login
{
disable = yes
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.rlogind
log_type = SYSLOG local4 info
}
# End /etc/xinetd.d/login</literal>
EOF
cat &gt; /etc/xinetd.d/shell &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/shell
service shell
{
disable = yes
socket_type = stream
wait = no
user = root
instances = UNLIMITED
flags = IDONLY
log_on_success += USERID
server = /usr/sbin/in.rshd
}
# End /etc/xinetd.d/shell</literal>
EOF
cat &gt; /etc/xinetd.d/exec &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/exec
service exec
{
disable = yes
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.rexecd
}
# End /etc/xinetd.d/exec</literal>
EOF
cat &gt; /etc/xinetd.d/comsat &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/comsat
service comsat
{
disable = yes
socket_type = dgram
wait = yes
user = nobody
group = tty
server = /usr/sbin/in.comsat
}
# End /etc/xinetd.d/comsat</literal>
EOF
cat &gt; /etc/xinetd.d/talk &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/talk
service talk
{
disable = yes
socket_type = dgram
wait = yes
user = root
server = /usr/sbin/in.talkd
}
# End /etc/xinetd.d/talk</literal>
EOF
cat &gt; /etc/xinetd.d/ntalk &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/ntalk
service ntalk
{
disable = yes
socket_type = dgram
wait = yes
user = root
server = /usr/sbin/in.ntalkd
}
# End /etc/xinetd.d/ntalk</literal>
EOF
cat &gt; /etc/xinetd.d/telnet &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/telnet
service telnet
{
disable = yes
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
bind = 127.0.0.1
log_on_failure += USERID
}
service telnet
{
disable = yes
socket_type = stream
wait = no
user = root
# server = /usr/sbin/in.telnetd
bind = 192.231.139.175
redirect = 128.138.202.20 23
log_on_failure += USERID
}
# End /etc/xinetd.d/telnet</literal>
EOF
cat &gt; /etc/xinetd.d/ftp &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/ftp
service ftp
{
disable = yes
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.ftpd
server_args = -l
instances = 4
log_on_success += DURATION USERID
log_on_failure += USERID
access_times = 2:00-8:59 12:00-23:59
nice = 10
}
# End /etc/xinetd.d/ftp</literal>
EOF
cat &gt; /etc/xinetd.d/tftp &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/tftp
service tftp
{
disable = yes
socket_type = dgram
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
}
# End /etc/xinetd.d/tftp</literal>
EOF
cat &gt; /etc/xinetd.d/finger &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/finger
service finger
{
disable = yes
socket_type = stream
wait = no
user = nobody
server = /usr/sbin/in.fingerd
}
# End /etc/xinetd.d/finger</literal>
EOF
cat &gt; /etc/xinetd.d/systat &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/systat
service systat
{
disable = yes
socket_type = stream
wait = no
user = nobody
server = /usr/bin/ps
server_args = -auwwx
only_from = 128.138.209.0
log_on_success = HOST
}
# End /etc/xinetd.d/systat</literal>
EOF
cat &gt; /etc/xinetd.d/netstat &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/netstat
service netstat
{
disable = yes
socket_type = stream
wait = no
user = nobody
server = /usr/ucb/netstat
server_args = -f inet
only_from = 128.138.209.0
log_on_success = HOST
}
# End /etc/xinetd.d/netstat</literal>
EOF
cat &gt; /etc/xinetd.d/echo &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/echo
service echo
{
disable = yes
type = INTERNAL
id = echo-stream
socket_type = stream
protocol = tcp
user = root
wait = no
}
service echo
{
disable = yes
type = INTERNAL
id = echo-dgram
socket_type = dgram
protocol = udp
user = root
wait = yes
}
# End /etc/xinetd.d/echo</literal>
EOF
cat &gt; /etc/xinetd.d/chargen &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/chargen
service chargen
{
disable = yes
type = INTERNAL
id = chargen-stream
socket_type = stream
protocol = tcp
user = root
wait = no
}
service chargen
{
disable = yes
type = INTERNAL
id = chargen-dgram
socket_type = dgram
protocol = udp
user = root
wait = yes
}
# End /etc/xinetd.d/chargen</literal>
EOF
cat &gt; /etc/xinetd.d/daytime &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/daytime
service daytime
{
disable = yes
type = INTERNAL
id = daytime-stream
socket_type = stream
protocol = tcp
user = root
wait = no
}
service daytime
{
disable = yes
type = INTERNAL
id = daytime-dgram
socket_type = dgram
protocol = udp
user = root
wait = yes
}
# End /etc/xinetd.d/daytime</literal>
EOF
cat &gt; /etc/xinetd.d/time &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/time
service time
{
disable = yes
type = INTERNAL
id = time-stream
socket_type = stream
protocol = tcp
user = root
wait = no
}
service time
{
disable = yes
type = INTERNAL
id = time-dgram
socket_type = dgram
protocol = udp
user = root
wait = yes
}
# End /etc/xinetd.d/time</literal>
EOF
cat &gt; /etc/xinetd.d/rstatd &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/rstatd
service rstatd
{
disable = yes
type = RPC
flags = INTERCEPT
rpc_version = 2-4
socket_type = dgram
protocol = udp
server = /usr/sbin/rpc.rstatd
wait = yes
user = root
}
# End /etc/xinetd.d/rstatd</literal>
EOF
cat &gt; /etc/xinetd.d/rquotad &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/rquotad
service rquotad
{
disable = yes
type = RPC
rpc_version = 1
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/rpc.rstatd
}
# End /etc/xinetd.d/rquotad</literal>
EOF
cat &gt; /etc/xinetd.d/rusersd &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/rusersd
service rusersd
{
disable = yes
type = RPC
rpc_version = 1-2
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/rpc.rusersd
}
# End /etc/xinetd.d/rusersd</literal>
EOF
cat &gt; /etc/xinetd.d/sprayd &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/sprayd
service sprayd
{
disable = yes
type = RPC
rpc_version = 1
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/rpc.sprayd
}
# End /etc/xinetd.d/sprayd</literal>
EOF
cat &gt; /etc/xinetd.d/walld &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/walld
service walld
{
disable = yes
type = RPC
rpc_version = 1
socket_type = dgram
protocol = udp
wait = yes
user = nobody
group = tty
server = /usr/sbin/rpc.rwalld
}
# End /etc/xinetd.d/walld</literal>
EOF
cat &gt; /etc/xinetd.d/irc &lt;&lt; "EOF"
<literal># Begin /etc/xinetd.d/irc
service irc
{
disable = yes
socket_type = stream
wait = no
user = root
flags = SENSOR
type = INTERNAL
bind = 192.168.1.30
deny_time = 60
}
# End /etc/xinetd.d/irc</literal>
EOF</userinput></screen>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-login">/etc/xinetd.d/login</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-shell">/etc/xinetd.d/shell</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-exec">/etc/xinetd.d/exec</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-comsat">/etc/xinetd.d/comsat</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-talk">/etc/xinetd.d/talk</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-ntalk">/etc/xinetd.d/ntalk</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-telnet">/etc/xinetd.d/telnet</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-ftp">/etc/xinetd.d/ftp</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-tftp">/etc/xinetd.d/tftp</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-systat">/etc/xinetd.d/systat</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-finger">/etc/xinetd.d/finger</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-netstat">/etc/xinetd.d/netstat</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-echo">/etc/xinetd.d/echo</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-chargen">/etc/xinetd.d/chargen</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-daytime">/etc/xinetd.d/daytime</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-time">/etc/xinetd.d/time</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-rstatd">/etc/xinetd.d/rstatd</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-rquotad">/etc/xinetd.d/rquotad</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-ruserd">/etc/xinetd.d/ruserd</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-sprayd">/etc/xinetd.d/sprayd</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-walld">/etc/xinetd.d/walld</primary>
</indexterm>
<indexterm zone="xinetd xinetd-config">
<primary sortas="e-etc-xinetd.d-irc">/etc/xinetd.d/irc</primary>
</indexterm>
<para>The format of the <filename>/etc/xinetd.conf</filename> is
documented in the <filename>xinetd.conf.5</filename> man page. Further
information can be found at <ulink url="http://www.xinetd.org"/>.</para>
</sect3>
<sect3 id="xinetd-init">
<title>Boot Script</title>
<para>As the <systemitem class="username">root</systemitem> user, install
the <filename>/etc/rc.d/init.d/xinetd</filename> init script included in
the <xref linkend="bootscripts"/> package.</para>
<indexterm zone="xinetd xinetd-init">
<primary sortas="f-xinetd">xinetd</primary>
</indexterm>
<screen role="root"><userinput>make install-xinetd</userinput></screen>
<para>As the <systemitem class="username">root</systemitem> user,
use the new boot script to start <command>xinetd</command>:</para>
<screen role="root"><userinput>/etc/rc.d/init.d/xinetd start</userinput></screen>
<para>Checking the <filename>/var/log/daemon.log</filename> file
should prove quite entertaining. This file may contain entries
similar to the following:</para>
<screen><literal>Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rlogind is not
executable [line=29]
Aug 22 21:40:21 dps10 xinetd[2696]: Error parsing attribute server -
DISABLING SERVICE [line=29]
Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rshd is not
executable [line=42]</literal></screen>
<para>These errors are because most of the servers
<command>xinetd</command> is trying to control are not
installed yet.</para>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>itox, xconv.pl, and xinetd</seg>
<seg>None</seg>
<seg>/etc/xinetd.d/</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="itox">
<term><command>itox</command></term>
<listitem>
<para>is a utility used for converting
<filename>inetd.conf</filename> files to
<filename>xinetd.conf</filename> format.</para>
<indexterm zone="xinetd itox">
<primary sortas="b-itox">itox</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="xconv.pl">
<term><command>xconv.pl</command></term>
<listitem>
<para>is a <application>Perl</application> script used for
converting <filename>inetd.conf</filename> files to
<filename>xinetd.conf</filename> format, similar to
<command>itox</command>.</para>
<indexterm zone="xinetd xconv.pl">
<primary sortas="b-xconv.pl">xconv.pl</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="xinetd-prog">
<term><command>xinetd</command></term>
<listitem>
<para>is the Internet services daemon.</para>
<indexterm zone="xinetd xinetd-prog">
<primary sortas="b-xinetd">xinetd</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>