\input{gl2.slide-header-beamer}% \errorcontextlines=99 %% Subtopic Number = '1.113.1' %% Title from filename: 'Configure and manage inetd, xinetd, and related services' %% Weight: 4 %% Description: %% Candidates should be able to configure which services are %% available through inetd, use tcpwrappers to allow or deny services on a %% host-by-host basis, manually start, stop, and restart internet services, %% configure basic network services including telnet and ftp. Set a service %% to run as another user instead of the default in inetd.conf. %% Key files, terms, and utilities include: %% /etc/inetd.conf %% /etc/hosts.allow %% /etc/hosts.deny %% /etc/services %% /etc/xinetd.conf %% /etc/xinetd.log \title{1.113.1\\Configure and manage inetd, xinetd, and related services\\Weight 4}% \author[Angus Lees]{Angus Lees \texttt{gus@inodes.org} \and Geoffrey Robertson \texttt{ge@ffrey.com} \and Nick Urbanik \texttt{nicku@nicku.org}\\ {\tiny This document Licensed under GPL---see section~\ref{sec:license}}}% \subtitle{Linux Professional Institute Certification --- 102}% \mode
{\chead{1.113.1}}% \begin{document} \maketitle \mode
{\thispagestyle{empty}} \begin{frame} \frametitle{Outline} \mode {% %\footnotesize \begin{multicols}{2} \tableofcontents \end{multicols} % You might wish to add the option [pausesections] }% \mode
{% \tableofcontents }% \end{frame} \section{Context} \label{sec:context} \begin{frame} \frametitle{Topic 113 Networking Services [24]}% \framesubtitle{Where we are up to}% \begin{description} % \uline depends on \usepackage[normalem]{ulem}: \item[1.113.1] \textbf{\uline{Configure and manage inetd, xinetd, and related services [4]}} \item[1.113.2] Operate and perform basic configuration of sendmail [4] \item[1.113.3] Operate and perform basic configuration of Apache [4] \item[1.113.4] Properly manage the NFS, smb, and nmb daemons [4] \item[1.113.5] Setup and configure basic DNS services [4] \item[1.113.7] Set up secure shell (OpenSSH) [4] \end{description} \end{frame} \section{Objective} \label{sec:objective} \begin{frame} \frametitle{Description of Objective}% \framesubtitle{1.113.1\ \ Configure and manage \texttt{inetd}, \texttt{xinetd}, and related services}% \mode{\Large}% Candidates should be able to configure which services are available through \texttt{inetd}, use tcpwrappers to allow or deny services on a host-by-host basis, manually start, stop, and restart internet services, configure basic network services including \texttt{telnet} and \texttt{ftp}. Set a service to run as another user instead of the default in \texttt{inetd.conf}. \end{frame} \begin{frame} \frametitle{Key files, terms, and utilities include:}% \framesubtitle{1.113.1\ \ Configure and manage \texttt{inetd}, \texttt{xinetd}, and related services}% \mode{\large}% \begin{description} \item[\texttt{/etc/inetd.conf}] --- configuration file for the older \texttt{inetd} \item[\texttt{/etc/hosts.allow}] --- TCP Wrappers configuration file, consulted first \item[\texttt{/etc/hosts.deny}] --- TCP Wrappers configuration file, consulted second \item[\texttt{/etc/services}] --- file mapping service names $\leftrightarrow$ network ports \item[\texttt{/etc/xinetd.conf}] --- configuration file for \texttt{xinetd}, which has built-in support for TCP Wrappers, so is now used more than \texttt{inetd} \item[\texttt{/etc/xinetd.log}] --- a file that appears to exist only in LPI objectives, but see \par% \cmdbox{man 5 xinetd.log} \end{description} \end{frame} % \begin{frame}[fragile] % \frametitle{Configure and manage inetd, xinetd, and related % services} % \framesubtitle{Objective} % Candidates should be able to configure which services are available % through inetd, use tcpwrappers to allow or deny services on a % host-by-host basis, manually start, stop, and restart internet % services, configure basic network services including \textbf{telnet} and % \textbf{ftp}. Set a service to run as another user instead of the % default in \texttt{inetd.conf}. % \end{frame} % \begin{frame}[fragile] % \frametitle{Configure and manage inetd, xinetd, and related % services} % \framesubtitle{Key files, terms and utilities} % \begin{semiverbatim} % /etc/inetd.conf % /etc/hosts.allow % /etc/hosts.deny % /etc/services % /etc/xinetd.conf % /etc/xinetd.log % \end{semiverbatim} % \end{frame} \section{inetd, xinetd} \label{sec:inetd-xinetd} \begin{frame} \frametitle{\texttt{inetd}/\texttt{xinetd}} \begin{itemize} \item The internet ``super-server'' \item A daemon which listens on many ports and fires off the appropriate command to handle incoming requests \item \texttt{inetd} is used in older/smaller systems \begin{itemize} \item Controlled through \texttt{/etc/inetd.conf} \end{itemize} \item \textbf{xinetd} is an enhanced replacement \begin{itemize} \item Controlled through \texttt{/etc/xinetd.conf}\ldots \item \ldots\,and through individual files in directory \texttt{/etc/xinetd.d/} \end{itemize} \end{itemize} \end{frame} \subsection{\texttt{inetd.conf}} \label{sec:inetd.conf} \begin{frame}[fragile] \framesubtitle{inetd.conf} Fields are:\par\noindent% \textit{service\_name} \textit{sock\_type} \textit{proto} \textit{flags} \textit{user} \textit{server\_path} \textit{args} \scriptsize \begin{semiverbatim} # UW-IMAP server imap2 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd imap3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd imaps stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd # Exim mail server smtp stream tcp nowait mail /usr/sbin/exim exim -bs \end{semiverbatim} \end{frame} \begin{frame}[fragile] \framesubtitle{inetd.conf -- Internal services}% Built-in services (often disabled) \par% \begin{semiverbatim} echo stream tcp nowait root internal echo dgram udp wait root internal chargen stream tcp nowait root internal chargen dgram udp wait root internal discard stream tcp nowait root internal discard dgram udp wait root internal daytime stream tcp nowait root internal daytime dgram udp wait root internal time stream tcp nowait root internal time dgram udp wait root internal \end{semiverbatim} \end{frame} \section{tcpwrappers} \label{sec:tcpwrappers} \begin{frame}[fragile] \frametitle{hosts.allow / hosts.deny}% \framesubtitle{``TCP Wrappers'' aka \textbf{tcpd}}% Manpage is \texttt{hosts\_access}(5) \begin{semiverbatim} # /etc/hosts.allow sshd: ALL imapd: 10.0.6.19 ALL: 10.0.128.96/255.255.255.224 \end{semiverbatim} \par \begin{semiverbatim} # /etc/hosts.deny #ALL: PARANOID ALL: ALL \end{semiverbatim} \end{frame} \section{xinetd} \label{sec:xinetd} \begin{frame}[fragile] \frametitle{xinetd} \begin{itemize} \item Same function as \texttt{inetd} \item Has built-in support for TCP Wrappers, so is now used for recent distributions instead of \texttt{inetd} \item package management system (i.e., \texttt{dpkg}, \texttt{rpm}) drops a file into directory \sloppypar\texttt{/etc/xinetd.d/} instead of having to edit \texttt{/etc/inetd.conf} \item Here is such a file for the \texttt{exim} mail server to run under \texttt{xinetd}: \begin{semiverbatim} service smtp \{ socket_type = stream protocol = tcp wait = no user = mail server = /usr/sbin/exim server_args = -bs \} \end{semiverbatim} \end{itemize} \end{frame} \mode {% \begin{frame} \frametitle{Topics Covered} %\footnotesize %\begin{multicols}{2} \tableofcontents[pausesections,pausesubsections] %\end{multicols} % You might wish to add the option [pausesections] \end{frame} } \section{License Of This Document} \label{sec:license} \begin{frame} \frametitle{License Of This Document}% \raggedright% Copyright \copyright\ 2005, 2003 Angus Lees , Geoffrey Robertson and Nick Urbanik . \par Permission is granted to make and distribute verbatim copies or modified versions of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation---either version 2 of the License or (at your option) any later version. \end{frame} \end{document}