xinetd-2.3.14

Introduction to xinetd

xinetd is the eXtended InterNET services daemon, a secure replacement for inetd.

Package Information

xinetd Dependencies

Optional

TCP Wrapper-7.6 and Avahi

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/xinetd

Installation of xinetd

Install xinetd by running the following commands:

./configure --prefix=/usr --with-loadavg &&
make

This package does not come with a test suite.

Now, as the root user:

make install

Configuring xinetd

Config Files

/etc/xinetd.conf and /etc/xinetd.d/*

Configuration Information

Ensure the path to all daemons is /usr/sbin, rather than the default path of /usr/etc, and install the xinetd configuration files by running the following commands as the root user:

cat > /etc/xinetd.conf << "EOF"
# Begin /etc/xinetd
# Configuration file for xinetd
#

defaults
{
      instances       = 60
      log_type        = SYSLOG daemon
      log_on_success  = HOST PID USERID
      log_on_failure  = HOST USERID
      cps             = 25 30
}

# All service files are stored in the /etc/xinetd.d directory
#
includedir /etc/xinetd.d
# End /etc/xinetd
EOF

All of the following files have the statement, "disable = yes". To activate any of the services, this statement will need to be changed to "disable = no".

[Note]

Note

The following files are listed to demonstrate classic xinetd applications. In many cases, these applications are not needed. In some cases, the applications are considered security risks. For example, telnet, rlogin, rexec, and rsh transmit unencrypted usernames and passwords over the network and can be easily replaced with a more secure alternative: ssh.

install -v -d -m755 /etc/xinetd.d &&
cat > /etc/xinetd.d/login << "EOF" &&
# Begin /etc/xinetd.d/login

service login
{
   disable        = yes
   socket_type    = stream
   protocol       = tcp
   wait           = no
   user           = root
   server         = /usr/sbin/in.rlogind
   log_type       = SYSLOG local4 info
}

# End /etc/xinetd.d/login
EOF
cat > /etc/xinetd.d/shell << "EOF" &&
# Begin /etc/xinetd.d/shell

service shell
{
   disable        = yes
   socket_type    = stream
   wait           = no
   user           = root
   instances      = UNLIMITED
   flags          = IDONLY
   log_on_success += USERID
   server         = /usr/sbin/in.rshd
}

# End /etc/xinetd.d/shell
EOF
cat > /etc/xinetd.d/exec << "EOF" &&
# Begin /etc/xinetd.d/exec

service exec
{
   disable        = yes
   socket_type    = stream
   wait           = no
   user           = root
   server         = /usr/sbin/in.rexecd
}

# End /etc/xinetd.d/exec
EOF
cat > /etc/xinetd.d/comsat << "EOF" &&
# Begin /etc/xinetd.d/comsat

service comsat
{
   disable        = yes
   socket_type    = dgram
   wait           = yes
   user           = nobody
   group          = tty
   server         = /usr/sbin/in.comsat
}

# End /etc/xinetd.d/comsat
EOF
cat > /etc/xinetd.d/talk << "EOF" &&
# Begin /etc/xinetd.d/talk

service talk
{
   disable        = yes
   socket_type    = dgram
   wait           = yes
   user           = root
   server         = /usr/sbin/in.talkd
}

# End /etc/xinetd.d/talk
EOF
cat > /etc/xinetd.d/ntalk << "EOF" &&
# Begin /etc/xinetd.d/ntalk

service ntalk
{
   disable        = yes
   socket_type    = dgram
   wait           = yes
   user           = root
   server         = /usr/sbin/in.ntalkd
}

# End /etc/xinetd.d/ntalk
EOF
cat > /etc/xinetd.d/telnet << "EOF" &&
# Begin /etc/xinetd.d/telnet

service telnet
{
   disable        = yes
   socket_type    = stream
   wait           = no
   user           = root
   server         = /usr/sbin/in.telnetd
   bind           = 127.0.0.1
   log_on_failure += USERID
}

service telnet
{
   disable        = yes
   socket_type    = stream
   wait           = no
   user           = root
#  server         = /usr/sbin/in.telnetd
   bind           = 192.231.139.175
   redirect       = 128.138.202.20 23
   log_on_failure += USERID
}

# End /etc/xinetd.d/telnet
EOF
cat > /etc/xinetd.d/ftp << "EOF" &&
# Begin /etc/xinetd.d/ftp

service ftp
{
   disable        = yes
   socket_type    = stream
   wait           = no
   user           = root
   server         = /usr/sbin/in.ftpd
   server_args    = -l
   instances      = 4
   log_on_success += DURATION USERID
   log_on_failure += USERID
   access_times   = 2:00-8:59 12:00-23:59
   nice           = 10
}

# End /etc/xinetd.d/ftp
EOF
cat > /etc/xinetd.d/tftp << "EOF" &&
# Begin /etc/xinetd.d/tftp

service tftp
{
   disable        = yes
   socket_type    = dgram
   wait           = yes
   user           = root
   server         = /usr/sbin/in.tftpd
   server_args    = -s /tftpboot
}

# End /etc/xinetd.d/tftp
EOF
cat > /etc/xinetd.d/finger << "EOF" &&
# Begin /etc/xinetd.d/finger

service finger
{
   disable        = yes
   socket_type    = stream
   wait           = no
   user           = nobody
   server         = /usr/sbin/in.fingerd
}

# End /etc/xinetd.d/finger
EOF
cat > /etc/xinetd.d/systat << "EOF" &&
# Begin /etc/xinetd.d/systat

service systat
{
   disable           = yes
   socket_type       = stream
   wait              = no
   user              = nobody
   server            = /usr/bin/ps
   server_args       = -auwwx
   only_from         = 128.138.209.0
   log_on_success    = HOST
}

# End /etc/xinetd.d/systat
EOF
cat > /etc/xinetd.d/netstat << "EOF" &&
# Begin /etc/xinetd.d/netstat

service netstat
{
   disable           = yes
   socket_type       = stream
   wait              = no
   user              = nobody
   server            = /usr/ucb/netstat
   server_args       = -f inet
   only_from         = 128.138.209.0
   log_on_success    = HOST
}

# End /etc/xinetd.d/netstat
EOF
cat > /etc/xinetd.d/echo << "EOF" &&
# Begin /etc/xinetd.d/echo

service echo
{
   disable     = yes
   type        = INTERNAL
   id          = echo-stream
   socket_type = stream
   protocol    = tcp
   user        = root
   wait        = no
}

service echo
{
   disable     = yes
   type        = INTERNAL
   id          = echo-dgram
   socket_type = dgram
   protocol    = udp
   user        = root
   wait        = yes
}

# End /etc/xinetd.d/echo
EOF
cat > /etc/xinetd.d/chargen << "EOF" &&
# Begin /etc/xinetd.d/chargen

service chargen
{
   disable        = yes
   type           = INTERNAL
   id             = chargen-stream
   socket_type    = stream
   protocol       = tcp
   user           = root
   wait           = no
}

service chargen
{
   disable        = yes
   type           = INTERNAL
   id             = chargen-dgram
   socket_type    = dgram
   protocol       = udp
   user           = root
   wait           = yes
}

# End /etc/xinetd.d/chargen
EOF
cat > /etc/xinetd.d/daytime << "EOF" &&
# Begin /etc/xinetd.d/daytime

service daytime
{
   disable        = yes
   type           = INTERNAL
   id             = daytime-stream
   socket_type    = stream
   protocol       = tcp
   user           = root
   wait           = no
}

service daytime
{
   disable        = yes
   type           = INTERNAL
   id             = daytime-dgram
   socket_type    = dgram
   protocol       = udp
   user           = root
   wait           = yes
}

# End /etc/xinetd.d/daytime
EOF
cat > /etc/xinetd.d/time << "EOF" &&
# Begin /etc/xinetd.d/time

service time
{
   disable        = yes
   type           = INTERNAL
   id             = time-stream
   socket_type    = stream
   protocol       = tcp
   user           = root
   wait           = no
}


service time
{
   disable        = yes
   type           = INTERNAL
   id             = time-dgram
   socket_type    = dgram
   protocol       = udp
   user           = root
   wait           = yes
}

# End /etc/xinetd.d/time
EOF
cat > /etc/xinetd.d/rstatd << "EOF" &&
# Begin /etc/xinetd.d/rstatd

service rstatd
{
   disable     = yes
   type        = RPC
   flags       = INTERCEPT
   rpc_version = 2-4
   socket_type = dgram
   protocol    = udp
   server      = /usr/sbin/rpc.rstatd
   wait        = yes
   user        = root
}

# End /etc/xinetd.d/rstatd
EOF
cat > /etc/xinetd.d/rquotad << "EOF" &&
# Begin /etc/xinetd.d/rquotad

service rquotad
{
   disable     = yes
   type        = RPC
   rpc_version = 1
   socket_type = dgram
   protocol    = udp
   wait        = yes
   user        = root
   server      = /usr/sbin/rpc.rstatd
}

# End /etc/xinetd.d/rquotad
EOF
cat > /etc/xinetd.d/rusersd << "EOF" &&
# Begin /etc/xinetd.d/rusersd

service rusersd
{
   disable     = yes
   type        = RPC
   rpc_version = 1-2
   socket_type = dgram
   protocol    = udp
   wait        = yes
   user        = root
   server      = /usr/sbin/rpc.rusersd
}

# End /etc/xinetd.d/rusersd
EOF
cat > /etc/xinetd.d/sprayd << "EOF" &&
# Begin /etc/xinetd.d/sprayd

service sprayd
{
   disable      = yes
   type         = RPC
   rpc_version  = 1
   socket_type  = dgram
   protocol     = udp
   wait         = yes
   user         = root
   server       = /usr/sbin/rpc.sprayd
}

# End /etc/xinetd.d/sprayd
EOF
cat > /etc/xinetd.d/walld << "EOF" &&
# Begin /etc/xinetd.d/walld

service walld
{
   disable      = yes
   type         = RPC
   rpc_version  = 1
   socket_type  = dgram
   protocol     = udp
   wait         = yes
   user         = nobody
   group        = tty
   server       = /usr/sbin/rpc.rwalld
}

# End /etc/xinetd.d/walld
EOF
cat > /etc/xinetd.d/irc << "EOF"
# Begin /etc/xinetd.d/irc

service irc
{
   disable      = yes
   socket_type  = stream
   wait         = no
   user         = root
   flags        = SENSOR
   type         = INTERNAL
   bind         = 192.168.1.30
   deny_time    = 60
}

# End /etc/xinetd.d/irc
EOF

The format of the /etc/xinetd.conf is documented in the xinetd.conf.5 man page. Further information can be found at http://www.xinetd.org.

Boot Script

As the root user, install the /etc/rc.d/init.d/xinetd init script included in the blfs-bootscripts-20060910 package.

make install-xinetd

As the root user, use the new boot script to start xinetd:

/etc/rc.d/init.d/xinetd start

Checking the /var/log/daemon.log file should prove quite entertaining. This file may contain entries similar to the following:

Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rlogind is not
executable [line=29]
Aug 22 21:40:21 dps10 xinetd[2696]: Error parsing attribute server -
DISABLING SERVICE [line=29]
Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rshd is not
executable [line=42]

These errors are because most of the servers xinetd is trying to control are not installed yet.

Contents

Installed Programs: itox, xconv.pl, and xinetd
Installed Libraries: None
Installed Directories: /etc/xinetd.d/

Short Descriptions

itox

is a utility used for converting inetd.conf files to xinetd.conf format.

xconv.pl

is a Perl script used for converting inetd.conf files to xinetd.conf format, similar to itox.

xinetd

is the Internet services daemon.

Last updated on 2006-06-21 11:26:07 -0500