2 Configure and manage inetd, xinetd, and related services Candidates should be able to configure which services are available through inetd, use tcpwrappers to allow or deny services on a host-by-host basis, manually start, stop, and restart internet services, configure basic network services including telnet and ftp. Set a service to run as another user instead of the default in inetd.conf. Configure and manage inetd, xinetd, and related services /etc/inetd.conf /etc/hosts.allow /etc/hosts.deny /etc/services /etc/xinetd.conf /etc/xinetd.log inetd/xinetd The internet “super-server” A daemon which listens on many ports and fires off the appropriate command to handle incoming requests Controlled through /etc/inetd.conf xinetd is an enhanced replacement Fields are: service_name sock_type proto flags user server_path args # UW-IMAP server imap2 stream tcp imap3 stream tcp imaps stream tcp # Exim mail server smtp stream tcp nowait nowait nowait nowait root root root mail /usr/sbin/tcpd /usr/sbin/tcpd /usr/sbin/tcpd /usr/sbin/exim /usr/sbin/imapd /usr/sbin/imapd /usr/sbin/imapd exim -bs 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Linux Professional Institute Certification — 102 Angus Lees gus@inodes.org Geoffrey Robertson ge@ffrey.com Nick Urbanik nicku@nicku.org 2005 July Description of Objective Candidates should be able to configure which services are available through inetd, use tcpwrappers to allow or deny services on a host-by-host basis, manually start, stop, and restart internet services, configure basic network services including telnet and ftp. Set a service to run as another user instead of the default in inetd.conf. Key files, terms, and utilities include: Built-in services (often disabled) echo echo chargen chargen discard discard daytime daytime time time stream dgram stream dgram stream dgram stream dgram stream dgram tcp udp tcp udp tcp udp tcp udp tcp udp nowait wait nowait wait nowait wait nowait wait nowait wait root root root root root root root root root root internal internal internal internal internal internal internal internal internal internal /etc/inetd.conf /etc/hosts.allow /etc/hosts.deny /etc/services /etc/xinetd.conf /etc/xinetd.log 3 hosts.allow / hosts.deny “TCP Wrappers” aka tcpd Manpage is hosts_access(5) # /etc/hosts.allow sshd: ALL imapd: 10.0.6.19 ALL: 10.0.128.96/255.255.255.224 # /etc/hosts.deny #ALL: PARANOID ALL: ALL xinetd Same idea—ludicrous number of options service smtp { socket_type protocol wait user server server_args } = = = = = = stream tcp no mail /usr/sbin/exim -bs License Of This Document Copyright c 2005, 2003 Angus Lees , Geoffrey Robertson and Nick Urbanik . Permission is granted to make and distribute verbatim copies or modified versions of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation—either version 2 of the License or (at your option) any later version.