Difference between revisions of "Xinetd"
(→BootScript) |
|||
Line 496: | Line 496: | ||
make install-xinetd | make install-xinetd | ||
+ | |||
+ | [[Category:Network Utilities]] |
Revision as of 16:17, 19 March 2009
Download Source: | http://www.xinetd.org/xinetd-2.3.14.tar.gz |
---|
Contents
Introduction to Xinetd
xinetd (eXtended InterNET services daemon) is a secure replacement for inetd. According to xinetd's website xinetd allows you to have enhanced access control, prevent denial of service attacks, utilize its enhanced logging capabilities, offload services to a remote host, and enhance user interaction.
Project Homepage: http://www.xinetd.org/
Dependencies
Optional
- TCP Wrappers
- Howl or (Avahi with Howl Compat Libs)
Non-Multilib
Compile the package:
./configure --prefix=/usr --with-loadavg && make
Install the package
make install
Multilib
This package does not provide any libraries so only one installation is needed.
32Bit
Compile the package:
CC="gcc ${BUILD32}" ./configure --prefix=/usr --with-loadavg && make
Install the package
make install
N32
CC="gcc ${BUILDN32}" ./configure --prefix=/usr --with-loadavg && make
Install the package
make install
64Bit
CC="gcc ${BUILD64}" ./configure --prefix=/usr --with-loadavg && make
Install the package
make install
Configuring
Create a basic configuration file:
cat > /etc/xinetd.conf << "EOF" # Begin /etc/xinetd # Configuration file for xinetd # defaults { instances = 60 log_type = SYSLOG daemon log_on_success = HOST PID USERID log_on_failure = HOST USERID cps = 25 30 } # All service files are stored in the /etc/xinetd.d directory # includedir /etc/xinetd.d # End /etc/xinetd EOF
Create the /etc/xinetd.d directory:
install -v -d -m755 /etc/xinetd.d
Create files within the /etc/xinetd.d directory as placeholders, in case you should need to set up these services at a later date:
cat > /etc/xinetd.d/login << "EOF" && # Begin /etc/xinetd.d/login service login { disable = yes socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/in.rlogind log_type = SYSLOG local4 info } # End /etc/xinetd.d/login EOF cat > /etc/xinetd.d/shell << "EOF" && # Begin /etc/xinetd.d/shell service shell { disable = yes socket_type = stream wait = no user = root instances = UNLIMITED flags = IDONLY log_on_success += USERID server = /usr/sbin/in.rshd } # End /etc/xinetd.d/shell EOF cat > /etc/xinetd.d/exec << "EOF" && # Begin /etc/xinetd.d/exec service exec { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.rexecd } # End /etc/xinetd.d/exec EOF cat > /etc/xinetd.d/comsat << "EOF" && # Begin /etc/xinetd.d/comsat service comsat { disable = yes socket_type = dgram wait = yes user = nobody group = tty server = /usr/sbin/in.comsat } # End /etc/xinetd.d/comsat EOF cat > /etc/xinetd.d/talk << "EOF" && # Begin /etc/xinetd.d/talk service talk { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.talkd } # End /etc/xinetd.d/talk EOF cat > /etc/xinetd.d/ntalk << "EOF" && # Begin /etc/xinetd.d/ntalk service ntalk { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.ntalkd } # End /etc/xinetd.d/ntalk EOF cat > /etc/xinetd.d/telnet << "EOF" && # Begin /etc/xinetd.d/telnet service telnet { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd bind = 127.0.0.1 log_on_failure += USERID } service telnet { disable = yes socket_type = stream wait = no user = root # server = /usr/sbin/in.telnetd bind = 192.231.139.175 redirect = 128.138.202.20 23 log_on_failure += USERID } # End /etc/xinetd.d/telnet EOF cat > /etc/xinetd.d/ftp << "EOF" && # Begin /etc/xinetd.d/ftp service ftp { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.ftpd server_args = -l instances = 4 log_on_success += DURATION USERID log_on_failure += USERID access_times = 2:00-8:59 12:00-23:59 nice = 10 } # End /etc/xinetd.d/ftp EOF cat > /etc/xinetd.d/finger << "EOF" && # Begin /etc/xinetd.d/finger service finger { disable = yes socket_type = stream wait = no user = nobody server = /usr/sbin/in.fingerd } # End /etc/xinetd.d/finger EOF cat > /etc/xinetd.d/systat << "EOF" && # Begin /etc/xinetd.d/systat service systat { disable = yes socket_type = stream wait = no user = nobody server = /usr/bin/ps server_args = -auwwx only_from = 128.138.209.0 log_on_success = HOST } # End /etc/xinetd.d/systat EOF cat > /etc/xinetd.d/netstat << "EOF" && # Begin /etc/xinetd.d/netstat service netstat { disable = yes socket_type = stream wait = no user = nobody server = /usr/ucb/netstat server_args = -f inet only_from = 128.138.209.0 log_on_success = HOST } # End /etc/xinetd.d/netstat EOF cat > /etc/xinetd.d/echo << "EOF" && # Begin /etc/xinetd.d/echo service echo { disable = yes type = INTERNAL id = echo-stream socket_type = stream protocol = tcp user = root wait = no } service echo { disable = yes type = INTERNAL id = echo-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/echo EOF cat > /etc/xinetd.d/chargen << "EOF" && # Begin /etc/xinetd.d/chargen service chargen { disable = yes type = INTERNAL id = chargen-stream socket_type = stream protocol = tcp user = root wait = no } service chargen { disable = yes type = INTERNAL id = chargen-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/chargen EOF cat > /etc/xinetd.d/daytime << "EOF" && # Begin /etc/xinetd.d/daytime service daytime { disable = yes type = INTERNAL id = daytime-stream socket_type = stream protocol = tcp user = root wait = no } service daytime { disable = yes type = INTERNAL id = daytime-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/daytime EOF cat > /etc/xinetd.d/time << "EOF" && # Begin /etc/xinetd.d/time service time { disable = yes type = INTERNAL id = time-stream socket_type = stream protocol = tcp user = root wait = no } service time { disable = yes type = INTERNAL id = time-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/time EOF cat > /etc/xinetd.d/rstatd << "EOF" && # Begin /etc/xinetd.d/rstatd service rstatd { disable = yes type = RPC flags = INTERCEPT rpc_version = 2-4 socket_type = dgram protocol = udp server = /usr/sbin/rpc.rstatd wait = yes user = root } # End /etc/xinetd.d/rstatd EOF cat > /etc/xinetd.d/rquotad << "EOF" && # Begin /etc/xinetd.d/rquotad service rquotad { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.rquotad } # End /etc/xinetd.d/rquotad EOF cat > /etc/xinetd.d/rusersd << "EOF" && # Begin /etc/xinetd.d/rusersd service rusersd { disable = yes type = RPC rpc_version = 1-2 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.rusersd } # End /etc/xinetd.d/rusersd EOF cat > /etc/xinetd.d/sprayd << "EOF" && # Begin /etc/xinetd.d/sprayd service sprayd { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.sprayd } # End /etc/xinetd.d/sprayd EOF cat > /etc/xinetd.d/walld << "EOF" && # Begin /etc/xinetd.d/walld service walld { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = nobody group = tty server = /usr/sbin/rpc.rwalld } # End /etc/xinetd.d/walld EOF cat > /etc/xinetd.d/irc << "EOF" # Begin /etc/xinetd.d/irc service irc { disable = yes socket_type = stream wait = no user = root flags = SENSOR type = INTERNAL bind = 192.168.1.30 deny_time = 60 } # End /etc/xinetd.d/irc EOF
Other pages that configure a service:
BootScript
Install the init script included in the bootscripts package.
make install-xinetd