xinetd is the eXtended InterNET services daemon, a secure replacement for inetd.
Download (HTTP): http://www.xinetd.org/xinetd-2.3.14.tar.gz
Download (FTP): ftp://ftp.linux.ee/pub/gentoo/distfiles/distfiles/xinetd-2.3.14.tar.gz
Download MD5 sum: 567382d7972613090215c6c54f9b82d9
Download size: 301 KB
Estimated disk space required: 4.4 MB
Estimated build time: less than 0.1 SBU
TCP Wrapper-7.6 and Avahi
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/xinetd
Install xinetd by running the following commands:
./configure --prefix=/usr --with-loadavg && make
This package does not come with a test suite.
Now, as the root
user:
make install
Ensure the path to all daemons is /usr/sbin
, rather than the default path of
/usr/etc
, and install the
xinetd configuration files by
running the following commands as the root
user:
cat > /etc/xinetd.conf << "EOF"
# Begin /etc/xinetd
# Configuration file for xinetd
#
defaults
{
instances = 60
log_type = SYSLOG daemon
log_on_success = HOST PID USERID
log_on_failure = HOST USERID
cps = 25 30
}
# All service files are stored in the /etc/xinetd.d directory
#
includedir /etc/xinetd.d
# End /etc/xinetd
EOF
All of the following files have the statement, "disable = yes". To activate any of the services, this statement will need to be changed to "disable = no".
The following files are listed to demonstrate classic xinetd applications. In many cases, these applications are not needed. In some cases, the applications are considered security risks. For example, telnet, rlogin, rexec, and rsh transmit unencrypted usernames and passwords over the network and can be easily replaced with a more secure alternative: ssh.
install -v -d -m755 /etc/xinetd.d && cat > /etc/xinetd.d/login << "EOF" &&# Begin /etc/xinetd.d/login service login { disable = yes socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/in.rlogind log_type = SYSLOG local4 info } # End /etc/xinetd.d/login
EOF cat > /etc/xinetd.d/shell << "EOF" &&# Begin /etc/xinetd.d/shell service shell { disable = yes socket_type = stream wait = no user = root instances = UNLIMITED flags = IDONLY log_on_success += USERID server = /usr/sbin/in.rshd } # End /etc/xinetd.d/shell
EOF cat > /etc/xinetd.d/exec << "EOF" &&# Begin /etc/xinetd.d/exec service exec { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.rexecd } # End /etc/xinetd.d/exec
EOF cat > /etc/xinetd.d/comsat << "EOF" &&# Begin /etc/xinetd.d/comsat service comsat { disable = yes socket_type = dgram wait = yes user = nobody group = tty server = /usr/sbin/in.comsat } # End /etc/xinetd.d/comsat
EOF cat > /etc/xinetd.d/talk << "EOF" &&# Begin /etc/xinetd.d/talk service talk { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.talkd } # End /etc/xinetd.d/talk
EOF cat > /etc/xinetd.d/ntalk << "EOF" &&# Begin /etc/xinetd.d/ntalk service ntalk { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.ntalkd } # End /etc/xinetd.d/ntalk
EOF cat > /etc/xinetd.d/telnet << "EOF" &&# Begin /etc/xinetd.d/telnet service telnet { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd bind = 127.0.0.1 log_on_failure += USERID } service telnet { disable = yes socket_type = stream wait = no user = root # server = /usr/sbin/in.telnetd bind = 192.231.139.175 redirect = 128.138.202.20 23 log_on_failure += USERID } # End /etc/xinetd.d/telnet
EOF cat > /etc/xinetd.d/ftp << "EOF" &&# Begin /etc/xinetd.d/ftp service ftp { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.ftpd server_args = -l instances = 4 log_on_success += DURATION USERID log_on_failure += USERID access_times = 2:00-8:59 12:00-23:59 nice = 10 } # End /etc/xinetd.d/ftp
EOF cat > /etc/xinetd.d/tftp << "EOF" &&# Begin /etc/xinetd.d/tftp service tftp { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /tftpboot } # End /etc/xinetd.d/tftp
EOF cat > /etc/xinetd.d/finger << "EOF" &&# Begin /etc/xinetd.d/finger service finger { disable = yes socket_type = stream wait = no user = nobody server = /usr/sbin/in.fingerd } # End /etc/xinetd.d/finger
EOF cat > /etc/xinetd.d/systat << "EOF" &&# Begin /etc/xinetd.d/systat service systat { disable = yes socket_type = stream wait = no user = nobody server = /usr/bin/ps server_args = -auwwx only_from = 128.138.209.0 log_on_success = HOST } # End /etc/xinetd.d/systat
EOF cat > /etc/xinetd.d/netstat << "EOF" &&# Begin /etc/xinetd.d/netstat service netstat { disable = yes socket_type = stream wait = no user = nobody server = /usr/ucb/netstat server_args = -f inet only_from = 128.138.209.0 log_on_success = HOST } # End /etc/xinetd.d/netstat
EOF cat > /etc/xinetd.d/echo << "EOF" &&# Begin /etc/xinetd.d/echo service echo { disable = yes type = INTERNAL id = echo-stream socket_type = stream protocol = tcp user = root wait = no } service echo { disable = yes type = INTERNAL id = echo-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/echo
EOF cat > /etc/xinetd.d/chargen << "EOF" &&# Begin /etc/xinetd.d/chargen service chargen { disable = yes type = INTERNAL id = chargen-stream socket_type = stream protocol = tcp user = root wait = no } service chargen { disable = yes type = INTERNAL id = chargen-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/chargen
EOF cat > /etc/xinetd.d/daytime << "EOF" &&# Begin /etc/xinetd.d/daytime service daytime { disable = yes type = INTERNAL id = daytime-stream socket_type = stream protocol = tcp user = root wait = no } service daytime { disable = yes type = INTERNAL id = daytime-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/daytime
EOF cat > /etc/xinetd.d/time << "EOF" &&# Begin /etc/xinetd.d/time service time { disable = yes type = INTERNAL id = time-stream socket_type = stream protocol = tcp user = root wait = no } service time { disable = yes type = INTERNAL id = time-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/time
EOF cat > /etc/xinetd.d/rstatd << "EOF" &&# Begin /etc/xinetd.d/rstatd service rstatd { disable = yes type = RPC flags = INTERCEPT rpc_version = 2-4 socket_type = dgram protocol = udp server = /usr/sbin/rpc.rstatd wait = yes user = root } # End /etc/xinetd.d/rstatd
EOF cat > /etc/xinetd.d/rquotad << "EOF" &&# Begin /etc/xinetd.d/rquotad service rquotad { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.rstatd } # End /etc/xinetd.d/rquotad
EOF cat > /etc/xinetd.d/rusersd << "EOF" &&# Begin /etc/xinetd.d/rusersd service rusersd { disable = yes type = RPC rpc_version = 1-2 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.rusersd } # End /etc/xinetd.d/rusersd
EOF cat > /etc/xinetd.d/sprayd << "EOF" &&# Begin /etc/xinetd.d/sprayd service sprayd { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.sprayd } # End /etc/xinetd.d/sprayd
EOF cat > /etc/xinetd.d/walld << "EOF" &&# Begin /etc/xinetd.d/walld service walld { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = nobody group = tty server = /usr/sbin/rpc.rwalld } # End /etc/xinetd.d/walld
EOF cat > /etc/xinetd.d/irc << "EOF"# Begin /etc/xinetd.d/irc service irc { disable = yes socket_type = stream wait = no user = root flags = SENSOR type = INTERNAL bind = 192.168.1.30 deny_time = 60 } # End /etc/xinetd.d/irc
EOF
The format of the /etc/xinetd.conf
is documented in the xinetd.conf.5
man page. Further information can be found at http://www.xinetd.org.
As the root
user, install the
/etc/rc.d/init.d/xinetd
init script
included in the blfs-bootscripts-20080816 package.
make install-xinetd
As the root
user, use the new
boot script to start xinetd:
/etc/rc.d/init.d/xinetd start
Checking the /var/log/daemon.log
file should prove quite entertaining. This file may contain
entries similar to the following:
Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rlogind is not
executable [line=29]
Aug 22 21:40:21 dps10 xinetd[2696]: Error parsing attribute server -
DISABLING SERVICE [line=29]
Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rshd is not
executable [line=42]
These errors are because most of the servers xinetd is trying to control are not installed yet.
Last updated on 2007-07-14 18:27:07 -0500