1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Linux Professional Institute Certification — 102 Angus Lees Context Objective inetd, xinetd tcpwrappers xinetd License Of This Document Angus Lees gus@inodes.org Geoffrey Robertson ge@ffrey.com Nick Urbanik nicku@nicku.org This document Licensed under GPL—see section 6 2005 July Outline 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Angus Lees Context Objective inetd, xinetd tcpwrappers xinetd Context Objective inetd, xinetd inetd.conf tcpwrappers xinetd License Of This Document License Of This Document Topic 113 Networking Services [24] Where we are up to 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Angus Lees Context Objective 1.113.1 Configure and manage inetd, xinetd, and related services [4] 1.113.2 Operate and perform basic configuration of sendmail [4] 1.113.3 Operate and perform basic configuration of Apache [4] 1.113.4 Properly manage the NFS, smb, and nmb daemons [4] 1.113.5 Setup and configure basic DNS services [4] 1.113.7 Set up secure shell (OpenSSH) [4] inetd, xinetd tcpwrappers xinetd License Of This Document Description of Objective 1.113.1 Configure and manage inetd, xinetd, and related services 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Angus Lees Context Objective Candidates should be able to configure which services are available through inetd, use tcpwrappers to allow or deny services on a host-by-host basis, manually start, stop, and restart internet services, configure basic network services including telnet and ftp. Set a service to run as another user instead of the default in inetd.conf. inetd, xinetd tcpwrappers xinetd License Of This Document Key files, terms, and utilities include: 1.113.1 Configure and manage inetd, xinetd, and related services 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Angus Lees Context Objective inetd, xinetd tcpwrappers xinetd License Of This Document /etc/inetd.conf — configuration file for the older inetd /etc/hosts.allow — TCP Wrappers configuration file, consulted first /etc/hosts.deny — TCP Wrappers configuration file, consulted second /etc/services — file mapping service names ↔ network ports /etc/xinetd.conf — configuration file for xinetd, which has built-in support for TCP Wrappers, so is now used more than inetd /etc/xinetd.log — a file that appears to exist only in LPI objectives, but see $ man 5 xinetd.log ← inetd/xinetd 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Angus Lees Context Objective The internet “super-server” A daemon which listens on many ports and fires off the appropriate command to handle incoming requests inetd is used in older/smaller systems Controlled through /etc/inetd.conf inetd, xinetd inetd.conf tcpwrappers xinetd License Of This Document xinetd is an enhanced replacement Controlled through /etc/xinetd.conf. . . . . . and through individual files in directory /etc/xinetd.d/ 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Angus Lees Context Objective Fields are: service_name sock_type proto flags user server_path args # UW-IMAP server imap2 stream tcp imap3 stream tcp imaps stream tcp # Exim mail server smtp stream tcp nowait nowait nowait root root root /usr/sbin/tcpd /usr/sbin/tcpd /usr/sbin/tcpd /usr/sbin/imapd /usr/sbin/imapd /usr/sbin/imapd inetd, xinetd inetd.conf tcpwrappers xinetd License Of This Document nowait mail /usr/sbin/exim exim -bs 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Angus Lees Built-in services (often disabled) echo echo chargen chargen discard discard daytime daytime time time stream dgram stream dgram stream dgram stream dgram stream dgram tcp udp tcp udp tcp udp tcp udp tcp udp nowait wait nowait wait nowait wait nowait wait nowait wait root root root root root root root root root root internal internal internal internal internal internal internal internal internal internal Context Objective inetd, xinetd inetd.conf tcpwrappers xinetd License Of This Document hosts.allow / hosts.deny “TCP Wrappers” aka tcpd 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Angus Lees Context Objective Manpage is hosts_access(5) # /etc/hosts.allow sshd: ALL imapd: 10.0.6.19 ALL: 10.0.128.96/255.255.255.224 # /etc/hosts.deny #ALL: PARANOID ALL: ALL inetd, xinetd tcpwrappers xinetd License Of This Document xinetd Same function as inetd Has built-in support for TCP Wrappers, so is now used for recent distributions instead of inetd package management system (i.e., dpkg, rpm) drops a file into directory /etc/xinetd.d/ instead of having to edit /etc/inetd.conf Here is such a file for the exim mail server to run under xinetd: service smtp { socket_type = stream protocol = tcp wait = no user = mail server = /usr/sbin/exim server_args = -bs } 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Angus Lees Context Objective inetd, xinetd tcpwrappers xinetd License Of This Document Topics Covered 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Angus Lees Context Objective inetd, xinetd Context Objective inetd, xinetd inetd.conf tcpwrappers xinetd License Of This Document tcpwrappers xinetd License Of This Document License Of This Document 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Angus Lees Context Objective Copyright c 2005, 2003 Angus Lees , Geoffrey Robertson and Nick Urbanik . Permission is granted to make and distribute verbatim copies or modified versions of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation—either version 2 of the License or (at your option) any later version. inetd, xinetd tcpwrappers xinetd License Of This Document