% $Header: /cvsroot/lcdp/lpic/general-linux-2/slides/gl2.113.1.slides.tex,v 1.1 2003/10/25 04:33:06 anguslees Exp $ \input{gl2.slide-header.tex} \begin{document} \begin{slide} \begin{center} \LARGE \textsf{-- General Linux 2 -- \\ } \LARGE Configure and manage inetd, xinetd, and related services \\[2mm] \large \textsf{(Linux Professional Institute Certification)}\\[1mm] \normalsize\end{center} \vfill \tiny Copyright \copyright\ 2003 Angus Lees. Permission is granted to make and distribute verbatim copies or modified versions of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation---either version 2 of the License or (at your option) any later version. \begin{verbatim} $Id: gl2.113.1.slides.tex,v 1.1 2003/10/25 04:33:06 anguslees Exp $ \end{verbatim} \end{slide} \begin{slide} \slideheading{Configure and manage inetd, xinetd, and related services} \slidesubheading{Objective} Candidates should be able to configure which services are available through inetd, use tcpwrappers to allow or deny services on a host-by-host basis, manually start, stop, and restart internet services, configure basic network services including \textbf{telnet} and \textbf{ftp}. Set a service to run as another user instead of the default in \texttt{inetd.conf}. \end{slide} \begin{slide} \Slideheading{Configure and manage inetd, xinetd, and related services} \slidesubheading{Key files, terms and utilities} \begin{alltt} /etc/inetd.conf /etc/hosts.allow /etc/hosts.deny /etc/services /etc/xinetd.conf /etc/xinetd.log \end{alltt} \end{slide} \begin{slide} \slideheading{inetd/xinetd} The internet ``super-server'' A daemon which listens on many ports and fires off the appropriate command to handle incoming requests Controlled through \texttt{/etc/inetd.conf} \textbf{xinetd} is an enhanced replacement \end{slide} \begin{slide} \slidesubheading{inetd.conf} Fields are: \textit{service\_name} \textit{sock\_type} \textit{proto} \textit{flags} \textit{user} \textit{server\_path} \textit{args} \scriptsize \begin{alltt} # UW-IMAP server imap2 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd imap3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd imaps stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd # Exim mail server smtp stream tcp nowait mail /usr/sbin/exim exim -bs \end{alltt} \end{slide} \begin{slide} \slidesubheading{inetd.conf -- Internal services} Built-in services (often disabled) \begin{alltt} echo stream tcp nowait root internal echo dgram udp wait root internal chargen stream tcp nowait root internal chargen dgram udp wait root internal discard stream tcp nowait root internal discard dgram udp wait root internal daytime stream tcp nowait root internal daytime dgram udp wait root internal time stream tcp nowait root internal time dgram udp wait root internal \end{alltt} \end{slide} \begin{slide} \slideheading{hosts.allow / hosts.deny} ``TCP Wrappers'' aka \textbf{tcpd} Manpage is \texttt{hosts\_access}(5) \begin{alltt} # /etc/hosts.allow sshd: ALL imapd: 10.0.6.19 ALL: 10.0.128.96/255.255.255.224 \end{alltt} \begin{alltt} # /etc/hosts.deny #ALL: PARANOID ALL: ALL \end{alltt} \end{slide} \begin{slide} \slideheading{xinetd} Same idea---ludicrous number of options \begin{alltt} service smtp \{ socket_type = stream protocol = tcp wait = no user = mail server = /usr/sbin/exim server_args = -bs \} \end{alltt} \end{slide} \end{document} % LocalWords: inetd xinetd