How to configure xinetd ?

Resolution

The configuration files for xinetd are as follows:

• /etc/xinetd.conf - The global xinetd configuration file.

• /etc/xinetd.d/ directory - The directory containing all service-specific files.

The xinetd daemon is a TCP wrapped super service which controls access to a subset of popular network services including FTP, IMAP, and Telnet. It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.

When a client host attempts to connect to a network service controlled by xinetd , the super service receives the request and checks for any TCP wrappers access control rules. If access is allowed, xinetd verifies that the connection is allowed under its own access rules for that service and that the service is not consuming more than its allotted amount of resources or in breach of any defined rules. It then starts an instance of the requested service and passes control of the connection to it. Once the connection is established, xinetd does not interfere further with communication between the client host and the server.

The /etc/xinetd.conf File

The /etc/xinetd.conf file contains general configuration settings which effect every service under xinetd's control. It is read once when the xinetd service is started, so for configuration changes to take effect, the administrator must restart the xinetd service. Below is a sample /etc/xinetd.conf file:

defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d

These lines control the following aspects of xinetd:

• instances - Sets the maximum number of requests xinetd can handle at once.

• log_type - Configures xinetd to use the authpriv log facility, which writes log entries to the /var/log/secure file. Adding a directive such as FILE /var/log/xinetdlog would create a custom log file called xinetdlog in the /var/log/ directory.

• log_on_success - Configures xinetd to log if the connection is successful. By default, the remote host's IP address and the process ID of server processing the request are recorded.

• log_on_failure - Configures xinetd to log if there is a connection failure or if the connection is not allowed.

• cps - Configures xinetd to allow no more than 25 connections per second to any given service. If this limit is reached, the service is retired for 30 seconds.

• includedir /etc/xinetd.d/ - Includes options declared in the service-specific configuration files located in the /etc/xinetd.d/ directory .

Note: Often, both the log_on_success and log_on_failure settings in /etc/xinetd.conf are further modified in the service-specific log files. For this reason, more information may appear in a given service's log than the /etc/xinetd.conf file may indicate.

The /etc/xinetd.d/ Directory

The files in the /etc/xinetd.d/ directory contains the configuration files for each service managed by xinetd and the names of the files correlate to the service. As with xinetd.conf , this file is read only when the xinetd service is started. For any changes to take effect, the administrator must restart the xinetd service.

The format of files in the /etc/xinetd.d/ directory use the same conventions as /etc/xinetd.conf . The primary reason the configuration for each service is stored in a separate file is to make customization easier and less likely to effect other services.

To gain an understanding of how these files are structured, consider the /etc/xinetd.d/telnet file:

service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}

These lines control various aspects of the telnet service:

• service - Defines the service name, usually one listed in the /etc/services file.

• flags - Sets any of a number of attributes for the connection. REUSE instructs xinetd to reuse the socket for a Telnet connection.

• socket_type - Sets the network socket type to stream.

• wait - Defines whether the service is single-threaded (yes) or multi-threaded (no).

• user - Defines what user ID the process process will run under.

• server - Defines the binary executable to be launched.

• log_on_failure - Defines logging parameters for log_on_failure in addition to those already defined in xinetd.conf .

• disable - Defines whether or not the service is active.