Howto: configure xinetd service under Linux or UNIX systems

Posted on in Categories , , last updated October 21, 2007

Q. How do I configure xinetd under Fedora Core Linux?

A. xinetd, the eXtended InterNET Daemon, is an open-source daemon which runs on many Linux and Unix systems and manages Internet-based connectivity. It offers a more secure extension to or version of inetd, the Internet daemon.

xinetd performs the same function as inetd: it starts programs that provide Internet services. Instead of having such servers started at system initialization time, and be dormant until a connection request arrives, xinetd is he only daemon process started and it listens on all service ports for the services listed in its configuration file. When a request comes in, xinetd starts the appropriate server. Because of the way it operates, xinetd (as well as inetd) is also referred to as a super-server.

Task: xinetd Configuration files location

Following are important configuration files for xinetd:

  • /etc/xinetd.conf – The global xinetd configuration file.
  • /etc/xinetd.d/ directory – The directory containing all service-specific files such as ftp

Task: Understanding default configuration file

You can view default configuration file with less or cat command:
# less /etc/xinetd.confOR# cat /etc/xinetd.confOutput:

# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/

defaults
{
        instances               = 60
        log_type                = SYSLOG authpriv
        log_on_success          = HOST PID
        log_on_failure          = HOST
        cps                     = 25 30
}

includedir /etc/xinetd.d

Where,

  • instances = 60 : Determines the number of servers that can be simultaneously active for a service. So 60 is the maximum number of requests xinetd can handle at once.
  • log_type = SYSLOG authpriv: Determines where the service log output is sent. You can send it to SYSLOG at the specified facility (authpriv will send log to /var/log/secure file).
  • log_on_success = HOST PID: Force xinetd to log if the connection is successful. It will log HOST name and Process ID to /var/log/secure file.
  • log_on_failure = HOST: Force xinetd to log if there is a connection dropped or if the connection is not allowed to /var/log/secure file
  • cps = 25 30: Limits the rate of incoming connections. Takes two arguments. The first argument is the number of connections per second to handle. If the rate of incoming connections is higher than this, the service will be temporarily disabled. The second argument is the number of seconds to wait efore re-enabling the service after it has been disabled. The default for this setting is 50 incoming connections and the interval is 10 seconds. This is good to avoid DOS attack against your service.
  • includedir /etc/xinetd.d: Read other service specific configuration file this directory.

Task: How to create my own service called foo

Here is sample config file for service called foo located at /etc/xinetd.d/foo
# vi /etc/xinetd.d/foo
And append following text:
service login
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/foo
instances = 20
}

Where,

  • socket_type: Sets the network socket type to stream.
  • protocol: Sets the protocol type to TCP
  • wait: You can set the value to yes or no only. It Defines whether the service is single-threaded (if set to yes) or multi-threaded (if set to no).
  • user: User who will run foo server

Task: Stop or restart xinetd

To restart xinetd service type the command:
# /etc/init.d/xinetd restart
To stop xinetd service type the command:
# /etc/init.d/xinetd stop
To stop xinetd service type the command:
# /etc/init.d/xinetd start

Task: Verify that xinetd is running

Type the following command to verify xinetd service is running or NOT:
# /etc/init.d/xinetd statusOutput:

xinetd (pid 6059) is running...

Further readings

  • Read man pages of xinetd.conf and xinetd for more information.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

22 comment

  1. Hi i have increased the instacnes to 100 so it is working when i am connecting the server throutht the telnet port with maximum 100 sessions the same is now working in the LAN when the session is only 40 is any other settings needed to be changes
    .

    1. Please help.

      I am running RHEL 5.5.

      I have always used chkconfig for service startups in the past.

      Very wierd. Whenever I type chkconfig –list it returns nothing. Like there are no services started up at all. This is obviously not possible since I can ssh into the server. Further more I cannot run the command “service sshd status”. It returns an error as though sshd doesn’t exist. Then i checked the /etc/init/d directory there is nothing there. Finally I found all my services startup files here: /etc/rc.d/init.d. But I have no idea how to change what services start up or not. I believe this has something to do with xinetd service. But I am completely lost. I need to start up ntpd but there is no chkconfig for ntpd. Please help and please explain what happened to chkconfig and all the service startup files. Why are they now in the /etc/rc.d/init.d directory.

  2. I am not getting its log file
    i checked /var/log/ but secure file is not there.
    [email protected]:~# /etc/init.d/xinetd restart
    * Stopping internet superserver xinetd [ OK ]
    * Starting internet superserver xinetd [ OK ]
    [email protected]:~# /etc/init.d/xinetd status
    * xinetd is running
    [email protected]:~#

  3. can I add log_type to files in xinetd.d?

    example:
    I want a new log file created only for a mysql service that runs on xinetd. Currently it spews info to the /var/log/messages and clogs it up.

    i added this to /etc/xinetd.d/mysqlchk:
    log_type = SYSLOG xinetd

    and I added this to /etc/rsyslog.d/xinetd:
    xinetd.* /var/log/xinetd.log

    Will this work?

  4. Hi Justin
    I’m trying this at the moment for pxc.
    log_type = FILE /var/log/xinetdlog
    xinetd restart

    It works but then because xinetd does not rotate logs itself it grows out of control and would need xinetd restart to hangup on the log file.

    Amended to use redirection in syslog using
    :programname, isequal, “xinetd” /var/log/xinetdlog
    in /etc/rsyslog.d/xinetd.conf
    But this is now logging to both messages and xinetdlog.

    If you find a better way or someone know’s what I’m doing wrong please respond.
    Iain

Leave a Comment