DOCSLIB.ORG

1.113.1 Configure and Manage Inetd, Xinetd, and Related Services Weight

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
1.113.1 Configure and Manage Inetd, Xinetd, and Related Services Weight 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 1.113.1 Angus Lees Context Configure and manage inetd, xinetd, and Objective inetd, xinetd related services tcpwrappers Weight 4 xinetd License Of This Linux Professional Institute Certification — 102 Document Angus Lees [email protected] Geoffrey Robertson [email protected] Nick Urbanik [email protected] This document Licensed under GPL—see section 6 2005 July 1.113.1 Configure and manage Outline inetd, xinetd, and related services Weight 4 Angus Lees Context Objective inetd, xinetd tcpwrappers xinetd inetd.conf License Of This Context Document tcpwrappers Objective xinetd inetd, xinetd License Of This Document 1.113.1 Configure and manage Topic 113 Networking Services [24] inetd, xinetd, and Where we are up to related services Weight 4 Angus Lees Context Objective 1.113.1 Configure and manage inetd, xinetd, and inetd, xinetd related services [4] tcpwrappers xinetd 1.113.2 Operate and perform basic configuration of License Of This sendmail [4] Document 1.113.3 Operate and perform basic configuration of Apache [4] 1.113.4 Properly manage the NFS, smb, and nmb daemons [4] 1.113.5 Setup and configure basic DNS services [4] 1.113.7 Set up secure shell (OpenSSH) [4] 1.113.1 Configure and manage Description of Objective inetd, xinetd, and 1.113.1 Configure and manage inetd, xinetd, and related services related services Weight 4 Angus Lees Context Objective inetd, xinetd Candidates should be able to configure tcpwrappers which services are available through xinetd License Of This inetd, use tcpwrappers to allow or deny Document services on a host-by-host basis, manually start, stop, and restart internet services, configure basic network services including telnet and ftp. Set a service to run as another user instead of the default in inetd.conf. 1.113.1 Configure and manage Key files, terms, and utilities include: inetd, xinetd, and 1.113.1 Configure and manage inetd, xinetd, and related services related services Weight 4 /etc/inetd.conf — configuration file for the Angus Lees older inetd Context Objective /etc/hosts.allow — TCP Wrappers inetd, xinetd configuration file, consulted first tcpwrappers xinetd /etc/hosts.deny — TCP Wrappers License Of This configuration file, consulted second Document /etc/services — file mapping service names ↔ network ports /etc/xinetd.conf — configuration file for xinetd, which has built-in support for TCP Wrappers, so is now used more than inetd /etc/xinetd.log — a file that appears to exist only in LPI objectives, but see $ man 5 xinetd.log ←- 1.113.1 Configure and manage inetd/xinetd inetd, xinetd, and related services Weight 4 Angus Lees Context Objective inetd, xinetd I The internet “super-server” inetd.conf I A daemon which listens on many ports and fires off the tcpwrappers appropriate command to handle incoming requests xinetd License Of This I inetd is used in older/smaller systems Document I Controlled through /etc/inetd.conf I xinetd is an enhanced replacement I Controlled through /etc/xinetd.conf... I . and through individual files in directory /etc/xinetd.d/ 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Angus Lees Context Objective Fields are: inetd, xinetd service_name sock_type proto flags user server_path args inetd.conf tcpwrappers # UW-IMAP server imap2 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd xinetd imap3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd License Of This imaps stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd Document # Exim mail server smtp stream tcp nowait mail /usr/sbin/exim exim -bs 1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 Angus Lees Built-in services (often disabled) Context Objective echo stream tcp nowait root internal inetd, xinetd echo dgram udp wait root internal inetd.conf chargen stream tcp nowait root internal tcpwrappers chargen dgram udp wait root internal xinetd License Of This discard stream tcp nowait root internal Document discard dgram udp wait root internal daytime stream tcp nowait root internal daytime dgram udp wait root internal time stream tcp nowait root internal time dgram udp wait root internal 1.113.1 Configure and manage hosts.allow / hosts.deny inetd, xinetd, and “TCP Wrappers” aka tcpd related services Weight 4 Angus Lees Context Objective inetd, xinetd Manpage is hosts_access(5) tcpwrappers # /etc/hosts.allow xinetd License Of This sshd: ALL Document imapd: 10.0.6.19 ALL: 10.0.128.96/255.255.255.224 # /etc/hosts.deny #ALL: PARANOID ALL: ALL 1.113.1 Configure and manage xinetd inetd, xinetd, and related services Weight 4 inetd I Same function as Angus Lees I Has built-in support for TCP Wrappers, so is now used for Context inetd recent distributions instead of Objective I package management system (i.e., dpkg, rpm) drops a inetd, xinetd file into directory tcpwrappers /etc/xinetd.d/ instead of having to edit xinetd License Of This /etc/inetd.conf Document I Here is such a file for the exim mail server to run under xinetd: service smtp { socket_type = stream protocol = tcp wait = no user = mail server = /usr/sbin/exim server_args = -bs } 1.113.1 Configure and manage Topics Covered inetd, xinetd, and related services Weight 4 Angus Lees Context Context Objective inetd, xinetd Objective tcpwrappers xinetd License Of This inetd, xinetd Document inetd.conf tcpwrappers xinetd License Of This Document 1.113.1 Configure and manage License Of This Document inetd, xinetd, and related services Weight 4 Angus Lees Context Objective Copyright c 2005, 2003 Angus Lees <[email protected]>, inetd, xinetd tcpwrappers Geoffrey Robertson <[email protected]> and Nick Urbanik xinetd <[email protected]>. License Of This Permission is granted to make and distribute verbatim copies Document or modified versions of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation—either version 2 of the License or (at your option) any later version..
Load more

Recommended publications
  • CIS IBM AIX 7.1 Benchmark V1.1.0 - 09-20-2013
    CIS IBM AIX 7.1 Benchmark v1.1.0 - 09-20-2013 http://benchmarks.cisecurity.org The CIS Security Benchmarks division provides consensus-oriented information security products, services, tools, metrics, suggestions, and recommendations (the “SB Products”) as a public service to Internet users worldwide. Downloading or using SB Products in any way signifies and confirms your acceptance of and your binding agreement to these CIS Security Benchmarks Terms of Use. CIS SECURITY BENCHMARKS TERMS OF USE BOTH CIS SECURITY BENCHMARKS DIVISION MEMBERS AND NON-MEMBERS MAY: Download, install, and use each of the SB Products on a single computer, and/or Print one or more copies of any SB Product that is in a .txt, .pdf, .doc, .mcw, or .rtf format, but only if each such copy is printed in its entirety and is kept intact, including without limitation the text of these CIS Security Benchmarks Terms of Use. UNDER THE FOLLOWING TERMS AND CONDITIONS: SB Products Provided As Is. CIS is providing the SB Products “as is” and “as available” without: (1) any representations, warranties, or covenants of any kind whatsoever (including the absence of any warranty regarding: (a) the effect or lack of effect of any SB Product on the operation or the security of any network, system, software, hardware, or any component of any of them, and (b) the accuracy, utility, reliability, timeliness, or completeness of any SB Product); or (2) the responsibility to make or notify you of any corrections, updates, upgrades, or fixes. Intellectual Property and Rights Reserved. You are not acquiring any title or ownership rights in or to any SB Product, and full title and all ownership rights to the SB Products remain the exclusive property of CIS.
    [Show full text]
  • Autoconf.Pdf
    Autoconf Creating Automatic Configuration Scripts for version 2.66, 2 July 2010 David MacKenzie Ben Elliston Akim Demaille This manual (2 July 2010) is for GNU Autoconf (version 2.66), a package for creating scripts to configure source code packages using templates and an M4 macro package. Copyright c 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, with the Front-Cover texts being \A GNU Manual," and with the Back-Cover Texts as in (a) below. A copy of the license is included in the section entitled \GNU Free Documentation License." (a) The FSF's Back-Cover Text is: \You have the freedom to copy and modify this GNU manual. Buying copies from the FSF supports it in developing GNU and promoting software freedom." i Table of Contents 1 Introduction::::::::::::::::::::::::::::::::::::: 1 2 The GNU Build System:::::::::::::::::::::::: 3 2.1 Automake:::::::::::::::::::::::::::::::::::::::::::::::::::::: 3 2.2 Gnulib ::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 3 2.3 Libtool::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 4 2.4 Pointers:::::::::::::::::::::::::::::::::::::::::::::::::::::::: 4 3 Making configure Scripts :::::::::::::::::::::: 5 3.1 Writing `configure.ac' ::::::::::::::::::::::::::::::::::::::::
    [Show full text]
  • CIS Ubuntu Linux 18.04 LTS Benchmark
    CIS Ubuntu Linux 18.04 LTS Benchmark v1.0.0 - 08-13-2018 Terms of Use Please see the below link for our current terms of use: https://www.cisecurity.org/cis-securesuite/cis-securesuite-membership-terms-of-use/ 1 | P a g e Table of Contents Terms of Use ........................................................................................................................................................... 1 Overview ............................................................................................................................................................... 12 Intended Audience ........................................................................................................................................ 12 Consensus Guidance ..................................................................................................................................... 13 Typographical Conventions ...................................................................................................................... 14 Scoring Information ..................................................................................................................................... 14 Profile Definitions ......................................................................................................................................... 15 Acknowledgements ...................................................................................................................................... 17 Recommendations ............................................................................................................................................
    [Show full text]
  • Freebsd Command Reference
    FreeBSD command reference Command structure Each line you type at the Unix shell consists of a command optionally followed by some arguments , e.g. ls -l /etc/passwd | | | cmd arg1 arg2 Almost all commands are just programs in the filesystem, e.g. "ls" is actually /bin/ls. A few are built- in to the shell. All commands and filenames are case-sensitive. Unless told otherwise, the command will run in the "foreground" - that is, you won't be returned to the shell prompt until it has finished. You can press Ctrl + C to terminate it. Colour code command [args...] Command which shows information command [args...] Command which modifies your current session or system settings, but changes will be lost when you exit your shell or reboot command [args...] Command which permanently affects the state of your system Getting out of trouble ^C (Ctrl-C) Terminate the current command ^U (Ctrl-U) Clear to start of line reset Reset terminal settings. If in xterm, try Ctrl+Middle mouse button stty sane and select "Do Full Reset" exit Exit from the shell logout ESC :q! ENTER Quit from vi without saving Finding documentation man cmd Show manual page for command "cmd". If a page with the same man 5 cmd name exists in multiple sections, you can give the section number, man -a cmd or -a to show pages from all sections. man -k str Search for string"str" in the manual index man hier Description of directory structure cd /usr/share/doc; ls Browse system documentation and examples. Note especially cd /usr/share/examples; ls /usr/share/doc/en/books/handbook/index.html cd /usr/local/share/doc; ls Browse package documentation and examples cd /usr/local/share/examples On the web: www.freebsd.org Includes handbook, searchable mailing list archives System status Alt-F1 ..
    [Show full text]
  • Bootstrap Protocol, BOOTP, Is the Recommended Way to Establish Communications from the Host to the Printer in an Internet Protocol Environment
    BOOTP Bootstrap protocol, BOOTP, is the recommended way to establish communications from the host to the printer in an internet protocol environment. BOOTP obtains booting data from the bootptab file. With the proper information stored in the bootptab file, the printer can find its own name and IP address and boot from the network without any intervention, even for a first time boot. 1. Verify that the bootpd and bootptab files are in the correct directories: UNIX: /etc or /usr/etc directory OS/2: \TCPIP\ETC (for bootptab) and \TCPIP\BIN (for bootpd) LAN Server: MPTN\ETC (for bootptab) and \MPTN\BIN (for bootpd) Type: ls bootp* 2. Edit the hosts file to add the printer internet addresses and names: 128.07.60.30 P340-mktg 128.07.60.31 P340-sales For OS/2, use the TCP/IP Configuration Notebook under the Services tab to add the printer internet addresses and names. 3. Some UNIX hosts may require an explicit update to the arp table to add the new entries. This command is host-specific; check your host documentation for details. arp -s ether P340-mktg 08:00:11:01:00:45 arp -s ether P340-sales 08:00:11:01:00:46 The ether switch indicates that you are providing an Ethernet address. 4. Set up the bootptab file. 5. Start or restart the inetd or bootpd daemon. For OS/2 Warp, LAN Server 4.0, and UNIX, use the bootpd daemon. Here is a sample bootptab file; check your host system documentation to see which fields your implementation of BOOTP supports.
    [Show full text]
  • 01 Introduction to System Services
    Certification Introduction to System Services UNIT 1 Introduction to System Services 1 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. Objectives • Understand how services are managed • Learn common traits among services • Introduce service fault analysis methods 2 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. Agenda • Service management concepts • System V-managed services • xinetd managed services • The /etc/sysconfig files • Fault Analysis 3 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. Service Management • Services are managed several ways: • by init • by System V scripts • by direct command • by xinetd 4 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. Services Managed by init • Typically non-TCP/IP services, for example dial-in modems • Provides respawn capability • Configured in /etc/inittab 5 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. System V Service Management • Processes are “wrapped” by System V (‘SysV’) initialization script methods • More than one script, and several configuration files are often used, per service • The service command is a “wrapper of wrappers” • /etc/init.d/cups start • service cups start 6 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. chkconfig • Manages service definitions in run levels • To start the cups service on boot: chkconfig cups on • Does not modify current run state of System V services • List run level definitions with chkconfig --list 7 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. xinetd Managed Services • Services are started by xinetd in response to incoming request • Activated with chkconfig: chkconfig cups-lpd on • Uses files in /etc/xinetd.d/ 8 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc.
    [Show full text]
  • NAME DESCRIPTION Manpag.Es Fedora 31
    fedora 31 manpag.es XINETD.CONF(5) XINETD.CONF(5) NAME xinetd.conf − Extended Internet Services Daemon configuration file DESCRIPTION xinetd.conf is the configuration file that determines the services provided by xinetd.Any line whose first non-white-space character is a ’#’ is considered a comment line. Empty lines are ignored. The file contains entries of the form: service <service_name> { <attribute> <assign_op> <value> <value> ... ... } The assignment operator, assign_op, can be one of ’=’, ’+=’, ’-=’. The majority of attributes support only the simple assignment operator, ’=’. Attributes whose value is a set of values support all assign- ment operators. Forsuch attributes, ’+=’ means adding a value to the set and ’-=’ means removing a value from the set. Alist of these attributes will be givenafter all the attributes are described. Each entry defines a service identified by the service_name.The following is a list of available attributes: id This attribute is used to uniquely identify a service. This is useful because there exist services that can use different protocols and need to be described with differ- ent entries in the configuration file. By default, the service id is the same as the service name. type Anycombination of the following values may be used: RPC if this is an RPC service INTERNAL if this is a service provided by xinetd. TCPMUX/TCPMUXPLUS if this is a service that will be started according to the RFC 1078 protocol on the TCPMUX well-known port. See the section describing TCPMUX services below. UNLISTED if this is a service not listed in a standard system file (like /etc/rpc for RPC services, or /etc/services for non-RPC services).
    [Show full text]
  • Network Programming TDC 561 Lecture # 5: Multiservice and Multiprotocols Servers
    Network Programming TDC 561 Lecture # 5: Multiservice and Multiprotocols Servers Dr. Ehab S. Al-Shaer School of Computer Science & Telecommunication DePaul University Chicago, IL 1 select() Review int select( int maxfd, fd_set *readset, fd_set *writeset, fd_set *excepset, const struct timeval *timeout); maxfd : highest number assigned to a descriptor. readset: set of descriptors we want to read from. writeset: set of descriptors we want to write to. excepset: descriptors to watch for exceptions. timeout: maximum time select should wait 2 Dr. Ehab Al-Shaer/Network Programming select() Review ❂ select() components (e.g., p. 143) • passive (original) mailbox, afds: FD_SET and FD_CLR • active (operational) mailbox, rfds:FD_ISSET ❂ When to use it • I/O Multiplexing • Non-blocking • High-precision timer 3 Dr. Ehab Al-Shaer/Network Programming 1 Multiprotocol Servers ❂ Provides a single service using TCP or UDP ❂ Motivation • less overhead • No need for replication control • maintainability • extendibility for more protocols 4 Dr. Ehab Al-Shaer/Network Programming Multiprotocol Servers ❂ Algorithm 1. Create a passive UDP socket (usock) and passive TCP socket (tsock), Bind to a port 2. Use select() to monitor usock and tsock 3. 3. If tsock is READY 3.1. Accept connections 3.2. Read and Write 3.3. Close if finish 4. If usock is READY 4.1. Receive and Send 5. Go to 2 ❂ Example (daytimed.c, P. 150) • Is it truly concurrent? 5 •No read in tsock,Dr. Ehab and Al-Shaer/Network no close Programmingin usock, WHY? Multiservice Servers ❂ A single server that provides multiple services ❂ Motivation • less execution overhead • less code ❂ Algorithm for connectionless servers 1.
    [Show full text]
  • UNIX System Servicesplanning
    z/OS Version 2 Release 3 UNIX System Services Planning IBM GA32-0884-30 Note Before using this information and the product it supports, read the information in “Notices” on page 409. This edition applies to Version 2 Release 3 of z/OS (5650-ZOS) and to all subsequent releases and modifications until otherwise indicated in new editions. Last updated: 2019-03-26 © Copyright International Business Machines Corporation 1996, 2018. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents List of Figures...................................................................................................... xv List of Tables......................................................................................................xvii About this document...........................................................................................xix Using this document..................................................................................................................................xix z/OS information........................................................................................................................................xix Discussion list.......................................................................................................................................xix How to send your comments to IBM.....................................................................xxi If you have a technical problem................................................................................................................xxi
    [Show full text]
  • IBM I: TCP/IP Troubleshooting • a Default Route (*DFTROUTE) Allows Packets to Travel to Hosts That Are Not Directly Connected to Your Network
    IBM i Version 7.2 Networking TCP/IP troubleshooting IBM Note Before using this information and the product it supports, read the information in “Notices” on page 71. This document may contain references to Licensed Internal Code. Licensed Internal Code is Machine Code and is licensed to you under the terms of the IBM License Agreement for Machine Code. © Copyright International Business Machines Corporation 1997, 2013. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents TCP/IP troubleshooting......................................................................................... 1 PDF file for TCP/IP troubleshooting............................................................................................................ 1 Troubleshooting tools and techniques........................................................................................................1 Tools to verify your network structure...................................................................................................1 Tools for tracing data and jobs.............................................................................................................15 Troubleshooting tips............................................................................................................................ 31 Advanced troubleshooting tools..........................................................................................................66 Troubleshooting problems related
    [Show full text]
  • (VI.) Connections: How CUPS Talks to Servers, Clients and Printers
    Linux Printing Tutorial at Linux−Kongress 2002 Cologne, Germany: (VI.) Connections: How CUPS talks to Print Servers, Print Clients and Printers (VI.) Connections: How CUPS talks to Servers, Clients and Printers Table of Contents (VI.) Connections: How CUPS talks to Print Servers, Print Clients and Printers...................1 CUPS in heterogeneous networks.....................................................................................................1 Receiving print data − CUPS as a print server..................................................................................3 IPP − Internet printing protocol............................................................................................3 LPD − Unix clients...............................................................................................................4 SMB/CIFS − Windows clients.............................................................................................5 AppleTalk/NetATalk − Mac clients.....................................................................................5 Sending print data − The CUPS backends........................................................................................6 Local printers: Parallel, USB, serial, FireWire, SCSI..........................................................6 HP's multi−function devices.................................................................................................8 IPP − Internet printing protocol............................................................................................8
    [Show full text]
  • Securing Your Linux System for the Internet
    Securing your Linux System for the Internet SHARE 98 Nashville, TN Session 5512 Abstract ! You've gotten your Linux system installed, and are ready to connect it to the Internet. What should you do now? What can you expect to happen when you plug it into the net? What tools are available to make sure your system is secure? If you don't know the answers to these questions, then this session is for you. The Speaker Harold Pritchett The University of Georgia (706) 542-5110 [email protected] Disclaimer Everybody has lawyers: The ideas and concepts set forth in this presentation are solely those of the respective authors, and not of the companies and or vendors referenced within and these organizations do not endorse, guarantee, or otherwise certify any such ideas or concepts in application or usage. This material should be verified for applicability and correctness in each user environment. No warranty of any kind available. Introduction ! Who am I? ! What makes me qualified to talk about this subject? ! 25 Years working with computers ! 10 Years experience with Unix ! Unix Security Administrator ! Security Incident Handling Team for UGA The One Minute Security Manager ! Common Sense Security ! Passwords ! Use good passwords ! Use a Shadow password file ! Check for accounts without passwords ! Superuser accounts ! root ! root equivalent accounts The One Minute Security Manager ! Common Sense Security (cont) ! File Permissions ! Read, Write, Execute ! User, group, others ! The “chmod” command ! The “umask” command The One Minute Security Manager
    [Show full text]