Q. How do I configure xinetd under Fedora Core Linux?

ADVERTISEMENTS

A. xinetd, the eXtended InterNET Daemon, is an open-source daemon which runs on many Linux and Unix systems and manages Internet-based connectivity. It offers a more secure extension to or version of inetd, the Internet daemon.

xinetd performs the same function as inetd: it starts programs that provide Internet services. Instead of having such servers started at system initialization time, and be dormant until a connection request arrives, xinetd is he only daemon process started and it listens on all service ports for the services listed in its configuration file. When a request comes in, xinetd starts the appropriate server. Because of the way it operates, xinetd (as well as inetd) is also referred to as a super-server.

Task: xinetd Configuration files location

Following are important configuration files for xinetd:

• /etc/xinetd.conf – The global xinetd configuration file.
• /etc/xinetd.d/ directory – The directory containing all service-specific files such as ftp

Task: Understanding default configuration file

You can view default configuration file with less or cat command:
# less /etc/xinetd.confOR# cat /etc/xinetd.confOutput:

# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/

defaults
{
        instances               = 60
        log_type                = SYSLOG authpriv
        log_on_success          = HOST PID
        log_on_failure          = HOST
        cps                     = 25 30
}

includedir /etc/xinetd.d

Where,

• instances = 60 : Determines the number of servers that can be simultaneously active for a service. So 60 is the maximum number of requests xinetd can handle at once.
• log_type = SYSLOG authpriv: Determines where the service log output is sent. You can send it to SYSLOG at the specified facility (authpriv will send log to /var/log/secure file).
• log_on_success = HOST PID: Force xinetd to log if the connection is successful. It will log HOST name and Process ID to /var/log/secure file.
• log_on_failure = HOST: Force xinetd to log if there is a connection dropped or if the connection is not allowed to /var/log/secure file
• cps = 25 30: Limits the rate of incoming connections. Takes two arguments. The first argument is the number of connections per second to handle. If the rate of incoming connections is higher than this, the service will be temporarily disabled. The second argument is the number of seconds to wait efore re-enabling the service after it has been disabled. The default for this setting is 50 incoming connections and the interval is 10 seconds. This is good to avoid DOS attack against your service.
• includedir /etc/xinetd.d: Read other service specific configuration file this directory.

Task: How to create my own service called foo

Here is sample config file for service called foo located at /etc/xinetd.d/foo
# vi /etc/xinetd.d/foo
And append following text:
service login
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/foo
instances = 20
}


Where,

• socket_type: Sets the network socket type to stream.
• protocol: Sets the protocol type to TCP
• wait: You can set the value to yes or no only. It Defines whether the service is single-threaded (if set to yes) or multi-threaded (if set to no).
• user: User who will run foo server

Task: Stop or restart xinetd

To restart xinetd service type the command:
# /etc/init.d/xinetd restart
To stop xinetd service type the command:
# /etc/init.d/xinetd stop
To stop xinetd service type the command:
# /etc/init.d/xinetd start

Task: Verify that xinetd is running

Type the following command to verify xinetd service is running or NOT:
# /etc/init.d/xinetd statusOutput:

xinetd (pid 6059) is running...

Further readings

• Read man pages of xinetd.conf and xinetd for more information.