xinetd is the eXtended InterNET services daemon, a secure replacement for inetd.
Download (HTTP): http://www.xinetd.org/xinetd-2.3.14.tar.gz
Download (FTP): ftp://ftp.linux.ee/pub/gentoo/distfiles/distfiles/xinetd-2.3.14.tar.gz
Download MD5 sum: 567382d7972613090215c6c54f9b82d9
Download size: 301 KB
Estimated disk space required: 4.4 MB
Estimated build time: less than 0.1 SBU
TCP Wrapper-7.6 and Avahi
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/xinetd
Install xinetd by running the following commands:
./configure --prefix=/usr --with-loadavg && make
This package does not come with a test suite.
Now, as the root user:
make install
Ensure the path to all daemons is /usr/sbin, rather than the default path of
/usr/etc, and install the
xinetd configuration files by
running the following commands as the root user:
cat > /etc/xinetd.conf << "EOF"
# Begin /etc/xinetd
# Configuration file for xinetd
#
defaults
{
instances = 60
log_type = SYSLOG daemon
log_on_success = HOST PID USERID
log_on_failure = HOST USERID
cps = 25 30
}
# All service files are stored in the /etc/xinetd.d directory
#
includedir /etc/xinetd.d
# End /etc/xinetd
EOF
All of the following files have the statement, "disable = yes". To activate any of the services, this statement will need to be changed to "disable = no".
![[Note]](../images/note.png)
The following files are listed to demonstrate classic xinetd applications. In many cases, these applications are not needed. In some cases, the applications are considered security risks. For example, telnet, rlogin, rexec, and rsh transmit unencrypted usernames and passwords over the network and can be easily replaced with a more secure alternative: ssh.
install -v -d -m755 /etc/xinetd.d && cat > /etc/xinetd.d/login << "EOF" &&# Begin /etc/xinetd.d/login service login { disable = yes socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/in.rlogind log_type = SYSLOG local4 info } # End /etc/xinetd.d/loginEOF cat > /etc/xinetd.d/shell << "EOF" &&# Begin /etc/xinetd.d/shell service shell { disable = yes socket_type = stream wait = no user = root instances = UNLIMITED flags = IDONLY log_on_success += USERID server = /usr/sbin/in.rshd } # End /etc/xinetd.d/shellEOF cat > /etc/xinetd.d/exec << "EOF" &&# Begin /etc/xinetd.d/exec service exec { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.rexecd } # End /etc/xinetd.d/execEOF cat > /etc/xinetd.d/comsat << "EOF" &&# Begin /etc/xinetd.d/comsat service comsat { disable = yes socket_type = dgram wait = yes user = nobody group = tty server = /usr/sbin/in.comsat } # End /etc/xinetd.d/comsatEOF cat > /etc/xinetd.d/talk << "EOF" &&# Begin /etc/xinetd.d/talk service talk { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.talkd } # End /etc/xinetd.d/talkEOF cat > /etc/xinetd.d/ntalk << "EOF" &&# Begin /etc/xinetd.d/ntalk service ntalk { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.ntalkd } # End /etc/xinetd.d/ntalkEOF cat > /etc/xinetd.d/telnet << "EOF" &&# Begin /etc/xinetd.d/telnet service telnet { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd bind = 127.0.0.1 log_on_failure += USERID } service telnet { disable = yes socket_type = stream wait = no user = root # server = /usr/sbin/in.telnetd bind = 192.231.139.175 redirect = 128.138.202.20 23 log_on_failure += USERID } # End /etc/xinetd.d/telnetEOF cat > /etc/xinetd.d/ftp << "EOF" &&# Begin /etc/xinetd.d/ftp service ftp { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.ftpd server_args = -l instances = 4 log_on_success += DURATION USERID log_on_failure += USERID access_times = 2:00-8:59 12:00-23:59 nice = 10 } # End /etc/xinetd.d/ftpEOF cat > /etc/xinetd.d/tftp << "EOF" &&# Begin /etc/xinetd.d/tftp service tftp { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /tftpboot } # End /etc/xinetd.d/tftpEOF cat > /etc/xinetd.d/finger << "EOF" &&# Begin /etc/xinetd.d/finger service finger { disable = yes socket_type = stream wait = no user = nobody server = /usr/sbin/in.fingerd } # End /etc/xinetd.d/fingerEOF cat > /etc/xinetd.d/systat << "EOF" &&# Begin /etc/xinetd.d/systat service systat { disable = yes socket_type = stream wait = no user = nobody server = /usr/bin/ps server_args = -auwwx only_from = 128.138.209.0 log_on_success = HOST } # End /etc/xinetd.d/systatEOF cat > /etc/xinetd.d/netstat << "EOF" &&# Begin /etc/xinetd.d/netstat service netstat { disable = yes socket_type = stream wait = no user = nobody server = /usr/ucb/netstat server_args = -f inet only_from = 128.138.209.0 log_on_success = HOST } # End /etc/xinetd.d/netstatEOF cat > /etc/xinetd.d/echo << "EOF" &&# Begin /etc/xinetd.d/echo service echo { disable = yes type = INTERNAL id = echo-stream socket_type = stream protocol = tcp user = root wait = no } service echo { disable = yes type = INTERNAL id = echo-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/echoEOF cat > /etc/xinetd.d/chargen << "EOF" &&# Begin /etc/xinetd.d/chargen service chargen { disable = yes type = INTERNAL id = chargen-stream socket_type = stream protocol = tcp user = root wait = no } service chargen { disable = yes type = INTERNAL id = chargen-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/chargenEOF cat > /etc/xinetd.d/daytime << "EOF" &&# Begin /etc/xinetd.d/daytime service daytime { disable = yes type = INTERNAL id = daytime-stream socket_type = stream protocol = tcp user = root wait = no } service daytime { disable = yes type = INTERNAL id = daytime-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/daytimeEOF cat > /etc/xinetd.d/time << "EOF" &&# Begin /etc/xinetd.d/time service time { disable = yes type = INTERNAL id = time-stream socket_type = stream protocol = tcp user = root wait = no } service time { disable = yes type = INTERNAL id = time-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/timeEOF cat > /etc/xinetd.d/rstatd << "EOF" &&# Begin /etc/xinetd.d/rstatd service rstatd { disable = yes type = RPC flags = INTERCEPT rpc_version = 2-4 socket_type = dgram protocol = udp server = /usr/sbin/rpc.rstatd wait = yes user = root } # End /etc/xinetd.d/rstatdEOF cat > /etc/xinetd.d/rquotad << "EOF" &&# Begin /etc/xinetd.d/rquotad service rquotad { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.rstatd } # End /etc/xinetd.d/rquotadEOF cat > /etc/xinetd.d/rusersd << "EOF" &&# Begin /etc/xinetd.d/rusersd service rusersd { disable = yes type = RPC rpc_version = 1-2 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.rusersd } # End /etc/xinetd.d/rusersdEOF cat > /etc/xinetd.d/sprayd << "EOF" &&# Begin /etc/xinetd.d/sprayd service sprayd { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.sprayd } # End /etc/xinetd.d/spraydEOF cat > /etc/xinetd.d/walld << "EOF" &&# Begin /etc/xinetd.d/walld service walld { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = nobody group = tty server = /usr/sbin/rpc.rwalld } # End /etc/xinetd.d/walldEOF cat > /etc/xinetd.d/irc << "EOF"# Begin /etc/xinetd.d/irc service irc { disable = yes socket_type = stream wait = no user = root flags = SENSOR type = INTERNAL bind = 192.168.1.30 deny_time = 60 } # End /etc/xinetd.d/ircEOF
The format of the /etc/xinetd.conf
is documented in the xinetd.conf.5
man page. Further information can be found at http://www.xinetd.org.
As the root user, install the
/etc/rc.d/init.d/xinetd init script
included in the blfs-bootscripts-20080816 package.
make install-xinetd
As the root user, use the new
boot script to start xinetd:
/etc/rc.d/init.d/xinetd start
Checking the /var/log/daemon.log
file should prove quite entertaining. This file may contain
entries similar to the following:
Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rlogind is not
executable [line=29]
Aug 22 21:40:21 dps10 xinetd[2696]: Error parsing attribute server -
DISABLING SERVICE [line=29]
Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rshd is not
executable [line=42]
These errors are because most of the servers xinetd is trying to control are not installed yet.
Last updated on 2007-07-14 18:27:07 -0500