Should i use xinetd

Actually, a few words about how xinetd does access control. First of all, xinetd controls connections, not packets. Don't rely on xinetd to be a firewall to break portscanning.

A resourceful intruder will be able to use this information to gather access-control lists for your various services. Luckily, this can be logged by xinetd, and your paranoia sensors should go off when you review your logs. Secondly, xinetd, as of 2. Previously, it used to do lookups at startup, but this has been changed. Using access control is really quite simple. You can use network numbers, such as Host names and IP addresses of hosts also can be used here.

Use the directive 0. Again, networks or hosts can be specified. Let's have a look at some basic applications of this information. The first service we'll look at is the echo service, which is internal to both inetd and xinetd. Echo runs as root, is a tcp stream and is handled internally. The id directive of echo-stream would show up in the logs. Again, anyone can connect to it, but we specify an executable to run as nobody to return the information.

This one doesn't extend the previous example by much. We now look at another service for secure shell version 1. This was done to prevent resource exhaustion by sshd. The logging directive understands several values that can be used to get information about your server see Table 2.

Why should I use xinetd? Re: Why should I use xinetd? Registered: Posts: Website. What is xinetd? Here are the reasons: 1 It can do access control on all services based on: a. Atom topic feed Powered by FluxBB. The attributes available for the services section is different for each of three categories of service. These are:. However, this attribute is not mandatory and is often left out.

When writing an attribute specification, all fields are separated by spaces or carriage returns — you do not use any form of separator or punctuation in the definition. Used when calling tcpd. Using these attributes again will overwrite any values set for them in the defaults section. The two time ranges are separated by a space. The time definitions use the hour clock format.

The services definition uses the service name as its identifier by default. However, you might want to create several copies of a service and give each different attributes.

However, the id attribute enables this operating strategy. One very common usage of this scenario would be when you want to create different FTP servers for internal and external access. By this method, you can keep your file storage for the office completely separate from the downloadable files that you make available to the general public.

From then on, xinetd can distinguish between the two. The scenario of creating different services for internal and external users can be greatly helped by the bind attribute. It usually means to associate a connection to a port, thus creating an id for the session. However, it is safer to leave those restrictions in. So, the full definition of your internal and external FTP servers would be:.

This strategy requires that your FTP server has a static IP address allocated to it for public access. Although the above scenario works when a single computer is used for both internal and external access, you can also allocate the addresses of separate computers for each FTP instance.

These services are a security weakness because they can be used by hackers to gain information about your network and server. Therefore, it is better to disable them. You can do this with the disabled attribute, which goes into your defaults definition.

Just include the following line in your defaults section to remove these facilities:. You start xinetd at the command line. The program can be run with the following options:. If you have a Linux computer, you might have xinetd installed already. You can check by running xinetd -version. It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.

A daemon is a long-running background process that answers requests for services. The term originated with Unix, but most operating systems use daemons in some form or another. Some examples include inetd , httpd , nfsd , sshd , named , and lpd. Part of the new features of SLES 15 is that xinetd is removed and only used systemd.

In SLE 15, xinetd and yast2-inetd have been removed, in favor of systemd sockets.