% DO NOT EDIT GENERATED AUTOMATICALLY FROM gl2.113.1.slides.tex
\input{gl2.slide-header-beamer}% DO NOT EDIT GENERATED AUTOMATICALLY FROM gl2.113.1.slides.tex
\errorcontextlines=99
%% Subtopic Number = '1.113.1'
%% Title from filename: 'Configure and manage inetd, xinetd, and related services'
%% Weight: 4
%% Description:
%% Candidates should be able to configure which services are
%%        available through inetd, use tcpwrappers to allow or deny services on a
%%        host-by-host basis, manually start, stop, and restart internet services,
%%        configure basic network services including telnet and ftp. Set a service
%%        to run as another user instead of the default in inetd.conf.
%% Key files, terms, and utilities include:
%%        /etc/inetd.conf
%%        /etc/hosts.allow
%%        /etc/hosts.deny
%%        /etc/services
%%        /etc/xinetd.conf
%%        /etc/xinetd.log
\title{1.113.1\\Configure and manage inetd, xinetd, and related services\\Weight 4}
\author[Geoff Robertson]{Angus Lees \texttt{gus@inodes.org} \and Geoffrey Robertson \texttt{ge@ffrey.com} \and Nick Urbanik \texttt{nicku@nicku.org}}
\subtitle{Linux Professional Institute Certification --- 102}


\begin{document}
\maketitle

\begin{frame}
  %% GENERATED SLIDE
  \frametitle{Description of Objective}
  \framesubtitle{1.113.1\ \ Configure and manage inetd, xinetd, and related services}
  \Large{}Candidates should be able to configure which services are
       available through inetd, use tcpwrappers to allow or deny services on a
       host-by-host basis, manually start, stop, and restart internet services,
       configure basic network services including telnet and ftp. Set a service
       to run as another user instead of the default in inetd.conf.

\end{frame}

\begin{frame}[fragile]
  %% GENERATED SLIDE
  \frametitle{Key files, terms, and utilities include:}
\begin{semiverbatim}\large
/etc/inetd.conf
/etc/hosts.allow
/etc/hosts.deny
/etc/services
/etc/xinetd.conf
/etc/xinetd.log
\end{semiverbatim}
\end{frame}


\begin{frame}[fragile]

\frametitle{Configure and manage inetd, xinetd, and related
services}
\framesubtitle{Objective}

Candidates should be able to configure which services are available
through inetd, use tcpwrappers to allow or deny services on a
host-by-host basis, manually start, stop, and restart internet
services, configure basic network services including \textbf{telnet} and
\textbf{ftp}. Set a service to run as another user instead of the
default in \texttt{inetd.conf}.

\end{frame}


\begin{frame}[fragile]

\frametitle{Configure and manage inetd, xinetd, and related
services}
\framesubtitle{Key files, terms and utilities}
\begin{semiverbatim}
/etc/inetd.conf
/etc/hosts.allow
/etc/hosts.deny
/etc/services
/etc/xinetd.conf
/etc/xinetd.log
\end{semiverbatim}
\end{frame}


\begin{frame}[fragile]

\frametitle{inetd/xinetd}

The internet ``super-server''

A daemon which listens on many ports and fires off the appropriate
command to handle incoming requests

Controlled through \texttt{/etc/inetd.conf}

\textbf{xinetd} is an enhanced replacement

\end{frame}


\begin{frame}[fragile]

\framesubtitle{inetd.conf}

Fields are:

\textit{service\_name} \textit{sock\_type} \textit{proto} \textit{flags}
\textit{user} \textit{server\_path} \textit{args}

\scriptsize
\begin{semiverbatim}
# UW-IMAP server
imap2  stream  tcp  nowait  root  /usr/sbin/tcpd  /usr/sbin/imapd
imap3  stream  tcp  nowait  root  /usr/sbin/tcpd  /usr/sbin/imapd
imaps  stream  tcp  nowait  root  /usr/sbin/tcpd  /usr/sbin/imapd

# Exim mail server
smtp   stream  tcp  nowait  mail  /usr/sbin/exim  exim -bs
\end{semiverbatim}
\end{frame}


\begin{frame}[fragile]

\framesubtitle{inetd.conf -- Internal services}

Built-in services (often disabled)

\begin{semiverbatim}
echo     stream  tcp  nowait  root  internal
echo     dgram   udp  wait    root  internal
chargen  stream  tcp  nowait  root  internal
chargen  dgram   udp  wait    root  internal
discard  stream  tcp  nowait  root  internal
discard  dgram   udp  wait    root  internal
daytime  stream  tcp  nowait  root  internal
daytime  dgram   udp  wait    root  internal
time     stream  tcp  nowait  root  internal
time     dgram   udp  wait    root  internal
\end{semiverbatim}
\end{frame}


\begin{frame}[fragile]

\frametitle{hosts.allow / hosts.deny}

``TCP Wrappers'' aka \textbf{tcpd}

Manpage is \texttt{hosts\_access}(5)

\begin{semiverbatim}
# /etc/hosts.allow
sshd:  ALL
imapd: 10.0.6.19
ALL:   10.0.128.96/255.255.255.224
\end{semiverbatim}

\begin{semiverbatim}
# /etc/hosts.deny
#ALL:  PARANOID
ALL:   ALL
\end{semiverbatim}
\end{frame}


\begin{frame}[fragile]

\frametitle{xinetd}

Same idea---ludicrous number of options

\begin{semiverbatim}
service smtp
\{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = mail
        server          = /usr/sbin/exim
        server_args     = -bs
\}
\end{semiverbatim}

\end{frame}

\begin{frame}
  \frametitle{License Of This Document}
  Copyright \copyright\ 2005, 2003 Angus Lees <gus@inodes.org>, Geoffrey Robertson <ge@ffrey.com> and Nick Urbanik <nicku@nicku.org>. Permission is granted to make
and distribute verbatim copies or modified versions of this document
provided that this copyright notice and this permission notice are
preserved on all copies under the terms of the GNU General Public
License as published by the Free Software Foundation---either version
2 of the License or (at your option) any later version.

\end{frame}
\end{document}