Xinetd

From CBLFS
Jump to: navigation, search
Download Source: http://www.xinetd.org/xinetd-2.3.14.tar.gz

Contents

Introduction to Xinetd

xinetd (eXtended InterNET services daemon) is a secure replacement for inetd. According to xinetd's website xinetd allows you to have enhanced access control, prevent denial of service attacks, utilize its enhanced logging capabilities, offload services to a remote host, and enhance user interaction.

Project Homepage: http://www.xinetd.org/

Dependencies

Optional

Non-Multilib

Compile the package:

./configure --prefix=/usr --with-loadavg &&
make

Install the package

make install

Multilib

This package does not provide any libraries so only one installation is needed.

64Bit

CC="gcc ${BUILD64}" ./configure --prefix=/usr --with-loadavg &&
make

Install the package

make install

Configuring

Create a basic configuration file:

cat > /etc/xinetd.conf << "EOF"
# Begin /etc/xinetd
# Configuration file for xinetd
#

defaults
{
      instances       = 60
      log_type        = SYSLOG daemon
      log_on_success  = HOST PID USERID
      log_on_failure  = HOST USERID
      cps             = 25 30
}

# All service files are stored in the /etc/xinetd.d directory
#
includedir /etc/xinetd.d
# End /etc/xinetd
EOF

Create the /etc/xinetd.d directory:

install -v -d -m755 /etc/xinetd.d

Create files within the /etc/xinetd.d directory as placeholders, in case you should need to set up these services at a later date:

cat > /etc/xinetd.d/login << "EOF" &&
# Begin /etc/xinetd.d/login

service login
{
   disable        = yes
   socket_type    = stream
   protocol       = tcp
   wait           = no
   user           = root
   server         = /usr/sbin/in.rlogind
   log_type       = SYSLOG local4 info
}

# End /etc/xinetd.d/login
EOF
cat > /etc/xinetd.d/shell << "EOF" &&
# Begin /etc/xinetd.d/shell

service shell
{
   disable        = yes
   socket_type    = stream
   wait           = no
   user           = root
   instances      = UNLIMITED
   flags          = IDONLY
   log_on_success += USERID
   server         = /usr/sbin/in.rshd
}

# End /etc/xinetd.d/shell
EOF
cat > /etc/xinetd.d/exec << "EOF" &&
# Begin /etc/xinetd.d/exec

service exec
{
   disable        = yes
   socket_type    = stream
   wait           = no
   user           = root
   server         = /usr/sbin/in.rexecd
}

# End /etc/xinetd.d/exec
EOF
cat > /etc/xinetd.d/comsat << "EOF" &&
# Begin /etc/xinetd.d/comsat

service comsat
{
   disable        = yes
   socket_type    = dgram
   wait           = yes
   user           = nobody
   group          = tty
   server         = /usr/sbin/in.comsat
}

# End /etc/xinetd.d/comsat
EOF
cat > /etc/xinetd.d/talk << "EOF" &&
# Begin /etc/xinetd.d/talk

service talk
{
   disable        = yes
   socket_type    = dgram
   wait           = yes
   user           = root
   server         = /usr/sbin/in.talkd
}

# End /etc/xinetd.d/talk
EOF
cat > /etc/xinetd.d/ntalk << "EOF" &&
# Begin /etc/xinetd.d/ntalk

service ntalk
{
   disable        = yes
   socket_type    = dgram
   wait           = yes
   user           = root
   server         = /usr/sbin/in.ntalkd
}

# End /etc/xinetd.d/ntalk
EOF
cat > /etc/xinetd.d/telnet << "EOF" &&
# Begin /etc/xinetd.d/telnet

service telnet
{
   disable        = yes
   socket_type    = stream
   wait           = no
   user           = root
   server         = /usr/sbin/in.telnetd
   bind           = 127.0.0.1
   log_on_failure += USERID
}

service telnet
{
   disable        = yes
   socket_type    = stream
   wait           = no
   user           = root
#  server         = /usr/sbin/in.telnetd
   bind           = 192.231.139.175
   redirect       = 128.138.202.20 23
   log_on_failure += USERID
}

# End /etc/xinetd.d/telnet
EOF
cat > /etc/xinetd.d/ftp << "EOF" &&
# Begin /etc/xinetd.d/ftp

service ftp
{
   disable        = yes
   socket_type    = stream
   wait           = no
   user           = root
   server         = /usr/sbin/in.ftpd
   server_args    = -l
   instances      = 4
   log_on_success += DURATION USERID
   log_on_failure += USERID
   access_times   = 2:00-8:59 12:00-23:59
   nice           = 10
}

# End /etc/xinetd.d/ftp
EOF
cat > /etc/xinetd.d/finger << "EOF" &&
# Begin /etc/xinetd.d/finger

service finger
{
   disable        = yes
   socket_type    = stream
   wait           = no
   user           = nobody
   server         = /usr/sbin/in.fingerd
}

# End /etc/xinetd.d/finger
EOF
cat > /etc/xinetd.d/systat << "EOF" &&
# Begin /etc/xinetd.d/systat

service systat
 {
   disable           = yes
   socket_type       = stream
   wait              = no
   user              = nobody
   server            = /usr/bin/ps
   server_args       = -auwwx
   only_from         = 128.138.209.0
   log_on_success    = HOST
}

# End /etc/xinetd.d/systat
EOF
cat > /etc/xinetd.d/netstat << "EOF" &&
# Begin /etc/xinetd.d/netstat

service netstat
{
   disable           = yes
   socket_type       = stream
   wait              = no
   user              = nobody
   server            = /usr/ucb/netstat
   server_args       = -f inet
   only_from         = 128.138.209.0
   log_on_success    = HOST
}

# End /etc/xinetd.d/netstat
EOF
cat > /etc/xinetd.d/echo << "EOF" &&
# Begin /etc/xinetd.d/echo

service echo
{
   disable     = yes
   type        = INTERNAL
   id          = echo-stream
   socket_type = stream
   protocol    = tcp
   user        = root
   wait        = no
}

service echo
{
   disable     = yes
   type        = INTERNAL
   id          = echo-dgram
   socket_type = dgram
   protocol    = udp
   user        = root
   wait        = yes
}

# End /etc/xinetd.d/echo
EOF
cat > /etc/xinetd.d/chargen << "EOF" &&
# Begin /etc/xinetd.d/chargen

service chargen
{
   disable        = yes
   type           = INTERNAL
   id             = chargen-stream
   socket_type    = stream
   protocol       = tcp
   user           = root
   wait           = no
}

service chargen
{
   disable        = yes
   type           = INTERNAL
   id             = chargen-dgram
   socket_type    = dgram
   protocol       = udp
   user           = root
   wait           = yes
}

# End /etc/xinetd.d/chargen
EOF
cat > /etc/xinetd.d/daytime << "EOF" &&
# Begin /etc/xinetd.d/daytime

service daytime
{
   disable        = yes
   type           = INTERNAL
   id             = daytime-stream
   socket_type    = stream
   protocol       = tcp
   user           = root
   wait           = no
}

service daytime
{
   disable        = yes
   type           = INTERNAL
   id             = daytime-dgram
   socket_type    = dgram
   protocol       = udp
   user           = root
   wait           = yes
}

# End /etc/xinetd.d/daytime
EOF
cat > /etc/xinetd.d/time << "EOF" &&
# Begin /etc/xinetd.d/time

service time
{
   disable        = yes
   type           = INTERNAL
   id             = time-stream
   socket_type    = stream
   protocol       = tcp
   user           = root
   wait           = no
}


service time
{
   disable        = yes
   type           = INTERNAL
   id             = time-dgram
   socket_type    = dgram
   protocol       = udp
   user           = root
   wait           = yes
}

# End /etc/xinetd.d/time
EOF
 cat > /etc/xinetd.d/rstatd << "EOF" &&
# Begin /etc/xinetd.d/rstatd

service rstatd
{
   disable     = yes
   type        = RPC
   flags       = INTERCEPT
   rpc_version = 2-4
   socket_type = dgram
   protocol    = udp
   server      = /usr/sbin/rpc.rstatd
   wait        = yes
   user        = root
}

# End /etc/xinetd.d/rstatd
EOF
cat > /etc/xinetd.d/rquotad << "EOF" &&
# Begin /etc/xinetd.d/rquotad

service rquotad
{
   disable     = yes
   type        = RPC
   rpc_version = 1
   socket_type = dgram
   protocol    = udp
   wait        = yes
   user        = root
   server      = /usr/sbin/rpc.rquotad
}

# End /etc/xinetd.d/rquotad
EOF
cat > /etc/xinetd.d/rusersd << "EOF" &&
# Begin /etc/xinetd.d/rusersd

service rusersd
{
   disable     = yes
   type        = RPC
   rpc_version = 1-2
   socket_type = dgram
   protocol    = udp
   wait        = yes
   user        = root
   server      = /usr/sbin/rpc.rusersd
}

# End /etc/xinetd.d/rusersd
EOF
cat > /etc/xinetd.d/sprayd << "EOF" &&
# Begin /etc/xinetd.d/sprayd

service sprayd
{
   disable      = yes
   type         = RPC
   rpc_version  = 1
   socket_type  = dgram
   protocol     = udp
   wait         = yes
   user         = root
   server       = /usr/sbin/rpc.sprayd
}

# End /etc/xinetd.d/sprayd
EOF
cat > /etc/xinetd.d/walld << "EOF" &&
# Begin /etc/xinetd.d/walld

service walld
{
   disable      = yes
   type         = RPC
   rpc_version  = 1
   socket_type  = dgram
   protocol     = udp
   wait         = yes
   user         = nobody
   group        = tty
   server       = /usr/sbin/rpc.rwalld
}

# End /etc/xinetd.d/walld
EOF
cat > /etc/xinetd.d/irc << "EOF"
# Begin /etc/xinetd.d/irc

service irc
{
   disable      = yes
   socket_type  = stream
   wait         = no
   user         = root
   flags        = SENSOR
   type         = INTERNAL
   bind         = 192.168.1.30
   deny_time    = 60
}

# End /etc/xinetd.d/irc
EOF

Other pages that configure a service:

BootScript

Install the init script included in the bootscripts package.

make install-xinetd
Personal tools