From 1f672c11335fde1e7968987cd35484d0ff9e7092 Mon Sep 17 00:00:00 2001 From: Bruce Dubbs Date: Fri, 1 Apr 2005 05:31:37 +0000 Subject: [PATCH] Update to xinetd configuration files from patch by John Gnew git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3614 af4574ff-66df-0310-9fd7-8a98e5e911e0 --- general/genlib/fam.xml | 15 +- introduction/welcome/changelog.xml | 4 + server/mail/qpopper.xml | 13 +- server/other/cvsserver.xml | 12 +- server/other/leafnode.xml | 11 +- server/other/samba3.xml | 12 +- server/other/svnserver.xml | 10 +- server/other/xinetd.xml | 450 ++++++++++++++++++++++++++++- 8 files changed, 499 insertions(+), 28 deletions(-) diff --git a/general/genlib/fam.xml b/general/genlib/fam.xml index f9ba96c090..cae923323d 100644 --- a/general/genlib/fam.xml +++ b/general/genlib/fam.xml @@ -115,12 +115,15 @@ following command: echo "sgi_fam/1-2 stream rpc/tcp wait root /usr/sbin/famd fam" \ >> /etc/inetd.conf -If you use xinetd, add an entry to -/etc/xinetd.conf with the following command (be -sure the "nogroup" group exists): +If you use xinetd, the following command will create +the FAM file as +/etc/xinetd.d/sgi_fam: +(be sure the "nogroup" group exists): -cat >> /etc/xinetd.conf << "EOF" - # description: FAM - file alteration monitor +cat >> /etc/xinetd.d/sgi_fam << "EOF" +# Begin /etc/xinetd.d/sgi_fam + +# description: FAM - file alteration monitor service sgi_fam { type = RPC UNLISTED @@ -133,6 +136,8 @@ sure the "nogroup" group exists): rpc_version = 2 rpc_number = 391002 } + +# End /etc/xinetd.d/sgi_fam EOF If you do not have an inetd daemon installed and have diff --git a/introduction/welcome/changelog.xml b/introduction/welcome/changelog.xml index 8415f60daf..e4a9108393 100644 --- a/introduction/welcome/changelog.xml +++ b/introduction/welcome/changelog.xml @@ -22,6 +22,10 @@ who wrote what. +March 31st, 2005 [bdubbs]: Updated the install instructions +for xinetd to use /etc/xinetd.d/ directory structure. Patch by John Gnew. + + March 31st, 2005 [randy]: Updated to libxml2-2.6.18 and libxslt-1.1.13. diff --git a/server/mail/qpopper.xml b/server/mail/qpopper.xml index 39c2ff1c41..5a10f679e0 100644 --- a/server/mail/qpopper.xml +++ b/server/mail/qpopper.xml @@ -100,13 +100,14 @@ killall inetd || inetd Issue a killall -HUP inetd to reread the changed inetd.conf file. -If you use xinetd, the following command will add the -Qpopper entry to -/etc/xinetd.conf: +If you use xinetd, the following command will create the +Qpopper file as /etc/xinetd.d/pop3: -/etc/xinetd.conf +/etc/xinetd.d/pop3 + +cat >> /etc/xinetd.d/pop3 << "EOF" +# Begin /etc/xinetd.d/pop3 -cat >> /etc/xinetd.conf << "EOF" service pop3 { port = 110 @@ -116,6 +117,8 @@ service pop3 user = root server = /usr/sbin/popper } + +# End /etc/xinetd.d/pop3 EOF Issue a killall -HUP xinetd to reread the changed diff --git a/server/other/cvsserver.xml b/server/other/cvsserver.xml index 034062f820..1399142c2b 100644 --- a/server/other/cvsserver.xml +++ b/server/other/cvsserver.xml @@ -88,7 +88,7 @@ echo anonymous: > /srv/cvsroot/CVSROOT/passwd && echo anonymous > /srv/cvsroot/CVSROOT/readers If you use inetd, the following command will add the -pserver entry to /etc/inetd.conf: +CVS entry to /etc/inetd.conf: echo "2401 stream tcp nowait root /usr/bin/cvs cvs -f \ --allow-root=/srv/cvsroot pserver" >> /etc/inetd.conf @@ -96,10 +96,12 @@ pserver entry to /etc/inetd.conf: Issue a killall -HUP inetd to reread the changed inetd.conf file. -If you use xinetd, the following command will add the -pserver entry to /etc/xinetd.conf: +If you use xinetd, the following command will create the +CVS file as /etc/xinetd.d/cvspserver: + +cat >> /etc/xinetd.d/cvspserver << "EOF" +# Begin /etc/xinetd.d/cvspserver -cat >> /etc/xinetd.conf << "EOF" service cvspserver { port = 2401 @@ -111,6 +113,8 @@ pserver entry to /etc/xinetd.conf: server = /usr/bin/cvs server_args = -f --allow-root=/srv/cvsroot pserver } + +# End /etc/xinetd.d/cvspserver EOF Issue a /etc/rc.d/init.d/xinetd reload to reread the changed xinetd.conf file. diff --git a/server/other/leafnode.xml b/server/other/leafnode.xml index 808080e62b..50e2e5739c 100644 --- a/server/other/leafnode.xml +++ b/server/other/leafnode.xml @@ -159,11 +159,12 @@ command: Issue a killall -HUP inetd to reread the changed inetd.conf file. -Alternatively, Leafnode may be configured to -use xinetd by adding an entry to the -/etc/xinetd.conf file with the following command: +If you use xinetd, the following command will create the +Leafnode file as /etc/xinetd.d/nntp: + +cat >> /etc/xinetd.d/nntp << "EOF" +# Begin /etc/xinetd.d/nntp -cat >> /etc/xinetd.conf << "EOF" service nntp { flags = NAMEINARGS NOLIBWRAP @@ -176,6 +177,8 @@ use xinetd by adding an entry to the instances = 7 per_source = 3 } + +# End /etc/xinetd.d/nntp EOF Issue a killall -HUP xinetd to reread the diff --git a/server/other/samba3.xml b/server/other/samba3.xml index a7e3aeb805..3f6d14cbf6 100644 --- a/server/other/samba3.xml +++ b/server/other/samba3.xml @@ -249,12 +249,14 @@ swat_tunnel entry to /etc/inetd.conf (as user root): Issue a killall -HUP inetd to reread the changed inetd.conf file. -If xinetd is used, the following command issued as -the root user will add the swat_tunnel entry to -/etc/xinetd.conf (you may need to modify or remove the +If you use xinetd, the following command will create the +Samba file as /etc/xinetd.d/swat_tunnel: +(you may need to modify or remove the only_from line to include the desired host[s]): -cat >> /etc/xinetd.conf << "EOF" +cat >> /etc/xinetd.d/swat_tunnel << "EOF" +# Begin /etc/xinetd.d/swat_tunnel + service swat_tunnel { port = 902 @@ -265,6 +267,8 @@ service swat_tunnel server = /usr/sbin/swat log_on_failure += USERID } + +# End /etc/xinetd.d/swat_tunnel EOF Issue a killall -HUP xinetd to reread the diff --git a/server/other/svnserver.xml b/server/other/svnserver.xml index 5da4117986..3fb392b0a9 100644 --- a/server/other/svnserver.xml +++ b/server/other/svnserver.xml @@ -203,10 +203,12 @@ authentication, you do not need to run svn stream tcp nowait svn /usr/bin/svnserve svnserve -i EOF -If you use xinetd, add the following -lines to the /etc/xinetd.conf file: +If you use xinetd, the following command will create the +Subversion server file as /etc/xinetd.d/svn: + +cat >> /etc/xinetd.d/svn << "EOF" +# Begin /etc/xinetd.d/svn -cat >> /etc/xinetd.conf << "EOF" service svn { port = 3690 @@ -217,6 +219,8 @@ service svn server = /usr/bin/svnserve server_args = -i -r /srv/svn/repositories } + +# End /etc/xinetd.d/svn EOF Finally, if you wish to simply start the sever at diff --git a/server/other/xinetd.xml b/server/other/xinetd.xml index 261b1b272b..1030324c7d 100644 --- a/server/other/xinetd.xml +++ b/server/other/xinetd.xml @@ -79,10 +79,454 @@ make Ensure the path to all daemons is /usr/sbin, rather than the default path of /usr/etc, and install the -xinetd configuration file by running the following -command as the root user: +xinetd configuration files by running the following +commands as the root user: + +cat > /etc/xinetd.conf << "EOF" +# Begin /etc/xinetd +# Configuration file for xinetd +# + +defaults +{ + instances = 60 + log_type = SYSLOG daemon + log_on_success = HOST PID USERID + log_on_failure = HOST USERID + cps = 25 30 +} + +# All service files are stored in the /etc/xinetd.d directory +# +includedir /etc/xinetd.d +# End /etc/xinetd +EOF +All of the following files have the statement, "disable = yes". To activate +any of the services, this statement will need to be changed to "disable = no". + +The following files are listed to demonstrate classic +xinetd applications. In many cases, these +applications are not needed. In some cases, the applications are +considered security risks. For example, telnet, rlogin, rexec, and rsh +transmit unencrypted usernames and passwords over the network and can be easily +replaced with a more secure alternative: ssh. + +install -d -m755 /etc/xinetd.d && +cat > /etc/xinetd.d/login << "EOF" && +# Begin /etc/xinetd.d/login + +service login +{ + disable = yes + socket_type = stream + protocol = tcp + wait = no + user = root + server = /usr/sbin/in.rlogind + log_type = SYSLOG local4 info +} + +# End /etc/xinetd.d/login +EOF +cat > /etc/xinetd.d/shell << "EOF" && +# Begin /etc/xinetd.d/shell + +service shell +{ + disable = yes + socket_type = stream + wait = no + user = root + instances = UNLIMITED + flags = IDONLY + log_on_success += USERID + server = /usr/sbin/in.rshd +} + +# End /etc/xinetd.d/shell +EOF +cat > /etc/xinetd.d/exec << "EOF" && +# Begin /etc/xinetd.d/exec + +service exec +{ + disable = yes + socket_type = stream + wait = no + user = root + server = /usr/sbin/in.rexecd +} + +# End /etc/xinetd.d/exec +EOF +cat > /etc/xinetd.d/comsat << "EOF" && +# Begin /etc/xinetd.d/comsat + +service comsat +{ + disable = yes + socket_type = dgram + wait = yes + user = nobody + group = tty + server = /usr/sbin/in.comsat +} + +# End /etc/xinetd.d/comsat +EOF +cat > /etc/xinetd.d/talk << "EOF" && +# Begin /etc/xinetd.d/talk + +service talk +{ + disable = yes + socket_type = dgram + wait = yes + user = root + server = /usr/sbin/in.talkd +} + +# End /etc/xinetd.d/talk +EOF +cat > /etc/xinetd.d/ntalk << "EOF" && +# Begin /etc/xinetd.d/ntalk + +service ntalk +{ + disable = yes + socket_type = dgram + wait = yes + user = root + server = /usr/sbin/in.ntalkd +} + +# End /etc/xinetd.d/ntalk +EOF +cat > /etc/xinetd.d/telnet << "EOF" && +# Begin /etc/xinetd.d/telnet + +service telnet +{ + disable = yes + socket_type = stream + wait = no + user = root + server = /usr/sbin/in.telnetd + bind = 127.0.0.1 + log_on_failure += USERID +} + +service telnet +{ + disable = yes + socket_type = stream + wait = no + user = root +# server = /usr/sbin/in.telnetd + bind = 192.231.139.175 + redirect = 128.138.202.20 23 + log_on_failure += USERID +} + +# End /etc/xinetd.d/telnet +EOF +cat > /etc/xinetd.d/ftp << "EOF" && +# Begin /etc/xinetd.d/ftp + +service ftp +{ + disable = yes + socket_type = stream + wait = no + user = root + server = /usr/sbin/in.ftpd + server_args = -l + instances = 4 + log_on_success += DURATION USERID + log_on_failure += USERID + access_times = 2:00-8:59 12:00-23:59 + nice = 10 +} + +# End /etc/xinetd.d/ftp +EOF +cat > /etc/xinetd.d/tftp << "EOF" && +# Begin /etc/xinetd.d/tftp + +service tftp +{ + disable = yes + socket_type = dgram + wait = yes + user = root + server = /usr/sbin/in.tftpd + server_args = -s /tftpboot +} + +# End /etc/xinetd.d/tftp +EOF +cat > /etc/xinetd.d/finger << "EOF" && +# Begin /etc/xinetd.d/finger + +service finger +{ + disable = yes + socket_type = stream + wait = no + user = nobody + server = /usr/sbin/in.fingerd +} + +# End /etc/xinetd.d/finger +EOF +cat > /etc/xinetd.d/systat << "EOF" && +# Begin /etc/xinetd.d/systat + +service systat +{ + disable = yes + socket_type = stream + wait = no + user = nobody + server = /usr/bin/ps + server_args = -auwwx + only_from = 128.138.209.0 + log_on_success = HOST +} + +# End /etc/xinetd.d/systat +EOF +cat > /etc/xinetd.d/netstat << "EOF" && +# Begin /etc/xinetd.d/netstat + +service netstat +{ + disable = yes + socket_type = stream + wait = no + user = nobody + server = /usr/ucb/netstat + server_args = -f inet + only_from = 128.138.209.0 + log_on_success = HOST +} + +# End /etc/xinetd.d/netstat +EOF +cat > /etc/xinetd.d/echo << "EOF" && +# Begin /etc/xinetd.d/echo + +service echo +{ + disable = yes + type = INTERNAL + id = echo-stream + socket_type = stream + protocol = tcp + user = root + wait = no +} + +service echo +{ + disable = yes + type = INTERNAL + id = echo-dgram + socket_type = dgram + protocol = udp + user = root + wait = yes +} + +# End /etc/xinetd.d/echo +EOF +cat > /etc/xinetd.d/chargen << "EOF" && +# Begin /etc/xinetd.d/chargen + +service chargen +{ + disable = yes + type = INTERNAL + id = chargen-stream + socket_type = stream + protocol = tcp + user = root + wait = no +} + +service chargen +{ + disable = yes + type = INTERNAL + id = chargen-dgram + socket_type = dgram + protocol = udp + user = root + wait = yes +} + +# End /etc/xinetd.d/chargen +EOF +cat > /etc/xinetd.d/daytime << "EOF" && +# Begin /etc/xinetd.d/daytime + +service daytime +{ + disable = yes + type = INTERNAL + id = daytime-stream + socket_type = stream + protocol = tcp + user = root + wait = no +} + +service daytime +{ + disable = yes + type = INTERNAL + id = daytime-dgram + socket_type = dgram + protocol = udp + user = root + wait = yes +} + +# End /etc/xinetd.d/daytime +EOF +cat > /etc/xinetd.d/time << "EOF" && +# Begin /etc/xinetd.d/time + +service time +{ + disable = yes + type = INTERNAL + id = time-stream + socket_type = stream + protocol = tcp + user = root + wait = no +} + + +service time +{ + disable = yes + type = INTERNAL + id = time-dgram + socket_type = dgram + protocol = udp + user = root + wait = yes +} + +# End /etc/xinetd.d/time +EOF +cat > /etc/xinetd.d/rstatd << "EOF" && +# Begin /etc/xinetd.d/rstatd + +ervice rstatd +{ + disable = yes + type = RPC + flags = INTERCEPT + rpc_version = 2-4 + socket_type = dgram + protocol = udp + server = /usr/sbin/rpc.rstatd + wait = yes + user = root +} + +# End /etc/xinetd.d/rstatd +EOF +cat > /etc/xinetd.d/rquotad << "EOF" && +# Begin /etc/xinetd.d/rquotad + +service rquotad +{ + disable = yes + type = RPC + rpc_version = 1 + socket_type = dgram + protocol = udp + wait = yes + user = root + server = /usr/sbin/rpc.rstatd +} + +# End /etc/xinetd.d/rquotad +EOF +cat > /etc/xinetd.d/rusersd << "EOF" && +# Begin /etc/xinetd.d/rusersd + +service rusersd +{ + disable = yes + type = RPC + rpc_version = 1-2 + socket_type = dgram + protocol = udp + wait = yes + user = root + server = /usr/sbin/rpc.rusersd +} + +# End /etc/xinetd.d/rusersd +EOF +cat > /etc/xinetd.d/sprayd << "EOF" && +# Begin /etc/xinetd.d/sprayd + +service sprayd +{ + disable = yes + type = RPC + rpc_version = 1 + socket_type = dgram + protocol = udp + wait = yes + user = root + server = /usr/sbin/rpc.sprayd +} + +# End /etc/xinetd.d/sprayd +EOF +cat > /etc/xinetd.d/walld << "EOF" && +# Begin /etc/xinetd.d/walld + +service walld +{ + disable = yes + type = RPC + rpc_version = 1 + socket_type = dgram + protocol = udp + wait = yes + user = nobody + group = tty + server = /usr/sbin/rpc.rwalld +} + +# End /etc/xinetd.d/walld +EOF +cat > /etc/xinetd.d/irc << "EOF" +# Begin /etc/xinetd.d/irc + +service irc +{ + disable = yes + socket_type = stream + wait = no + user = root + flags = SENSOR + type = INTERNAL + bind = 192.168.1.30 + deny_time = 60 +} + +# End /etc/xinetd.d/irc +EOF -sed -e 's/etc/sbin/g' xinetd/sample.conf > /etc/xinetd.conf The format of the /etc/xinetd.conf is