xinetd daemon
The xinetd daemon is a TCP wrapped super service which controls access to a subset of popular network services including FTP, IMAP, and telnet. It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.
When a client host attempts to connect to a network service controlled by xinetd , the super service receives the request and checks for any TCP wrappers access control rules. If access is allowed, xinetd verifies that the connection is allowed under its own access rules for that service and that the service is not consuming more than its allotted amount of resources or in breach of any defined rules. It then starts an instance of the requested service and passes control of the connection to it. Once the connection is established, xinetd does not interfere further with communication between the client host and the server.
The /etc/xinetd.conf File
The /etc/xinetd.conf file contains general configuration settings which effect every service under xinetd’s control. It is read once when the xinetd service is started, so for configuration changes to take effect, the administrator must restart the xinetd service. Below is a sample /etc/xinetd.conf file:
# cat /etc/xinetd.conf
#
# This is the master xinetd configuration file. Settings in the
# default section will be inherited by all service configurations
# unless explicitly overridden in the service configuration. See
# xinetd.conf in the man pages for a more detailed explanation of
# these attributes.
defaults
{
# The next two items are intended to be a quick access place to
# temporarily enable or disable services.
#
# enabled =
# disabled =
# Define general logging characteristics.
log_type = SYSLOG daemon info
log_on_failure = HOST
log_on_success = PID HOST DURATION EXIT
# Define access restriction defaults
#
# no_access =
# only_from =
# max_load = 0
cps = 50 10
instances = 50
per_source = 10
# Address and networking defaults
#
# bind =
# mdns = yes
v6only = no
# setup environmental attributes
#
# passenv =
groups = yes
umask = 002
# Generally, banners are not used. This sets up their global defaults
#
# banner =
# banner_fail =
# banner_success =
}
includedir /etc/xinetd.d
Below are most commonly used attributes in /etc/xinetd.conf file and their meaning.
- instances – Sets the maximum number of requests xinetd can handle at once.
- log_type – Configures xinetd to use the authpriv log facility, which writes log entries to the /var/log/secure file. Adding a directive such as FILE /var/log/xinetdlog would create a custom log file called xinetdlog in the /var/log/ directory.
- log_on_success – Configures xinetd to log if the connection is successful. By default, the remote host’s IP address and the process ID of server processing the request are recorded.
- log_on_failure – Configures xinetd to log if there is a connection failure or if the connection is not allowed.
- cps – Configures xinetd to allow no more than 25 connections per second to any given service. If this limit is reached, the service is retired for 30 seconds.
- includedir /etc/xinetd.d/ – Includes options declared in the service-specific configuration files located in the /etc/xinetd.d/ directory.