Introducción a xinetd
xinetd es el eXtended InterNET services Daemon (Demonio extendido de servicios de Internet), un sustituto seguro para inetd.
-
Descarga (HTTP): http://www.xinetd.org/xinetd-2.3.13.tar.gz
-
Suma MD5 del paquete: 4295b5fe12350f09b5892b363348ac8b
-
Tamaño del paquete: 291 KB
-
Estimación del espacio necesario en disco: 4.12 MB
-
Tiempo estimado de construcción: 0.11 SBU
Instalación de xinetd
Instala xinetd ejecutando los siguientes comandos:
./configure --prefix=/usr &&
make
Ahora, como usuario root:
make install
Configuración de xinetd
Asegurate de que la ruta para todos los demonios sea /usr/sbin, en lugar de la ruta por defecto /usr/etc, e instala los ficheros de configuración de xinetd ejecutando los siguientes comandos como usuario root:
cat > /etc/xinetd.conf << "EOF" # Begin /etc/xinetd # Configuration file for xinetd # defaults { instances = 60 log_type = SYSLOG daemon log_on_success = HOST PID USERID log_on_failure = HOST USERID cps = 25 30 } # All service files are stored in the /etc/xinetd.d directory # includedir /etc/xinetd.d # End /etc/xinetd EOF
Todos los ficheros siguientes tienen la sentencia "disable = yes". Para activar cualquiera de los servicios necesitarás cambiar la sentencia a "disable = no".
![[Nota]](../images/note.png)
Nota
Los ficheros siguientes se listan para mostrar aplicaciones xinetd clásicas. En muchos casos estas aplicaciones no son necesarias. En algunos casos, las aplicaciones están consideradas como riesgos de seguridad. Por ejemplo, telnet, rlogin, rexec y rsh transmiten contraseñas sin encriptar por la red y pueden ser reemplazados facilmente con una alternativa más segura: ssh.
install -d -m755 /etc/xinetd.d && cat > /etc/xinetd.d/login << "EOF" && # Begin /etc/xinetd.d/login service login { disable = yes socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/in.rlogind log_type = SYSLOG local4 info } # End /etc/xinetd.d/login EOF cat > /etc/xinetd.d/shell << "EOF" && # Begin /etc/xinetd.d/shell service shell { disable = yes socket_type = stream wait = no user = root instances = UNLIMITED flags = IDONLY log_on_success += USERID server = /usr/sbin/in.rshd } # End /etc/xinetd.d/shell EOF cat > /etc/xinetd.d/exec << "EOF" && # Begin /etc/xinetd.d/exec service exec { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.rexecd } # End /etc/xinetd.d/exec EOF cat > /etc/xinetd.d/comsat << "EOF" && # Begin /etc/xinetd.d/comsat service comsat { disable = yes socket_type = dgram wait = yes user = nobody group = tty server = /usr/sbin/in.comsat } # End /etc/xinetd.d/comsat EOF cat > /etc/xinetd.d/talk << "EOF" && # Begin /etc/xinetd.d/talk service talk { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.talkd } # End /etc/xinetd.d/talk EOF cat > /etc/xinetd.d/ntalk << "EOF" && # Begin /etc/xinetd.d/ntalk service ntalk { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.ntalkd } # End /etc/xinetd.d/ntalk EOF cat > /etc/xinetd.d/telnet << "EOF" && # Begin /etc/xinetd.d/telnet service telnet { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd bind = 127.0.0.1 log_on_failure += USERID } service telnet { disable = yes socket_type = stream wait = no user = root # server = /usr/sbin/in.telnetd bind = 192.231.139.175 redirect = 128.138.202.20 23 log_on_failure += USERID } # End /etc/xinetd.d/telnet EOF cat > /etc/xinetd.d/ftp << "EOF" && # Begin /etc/xinetd.d/ftp service ftp { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.ftpd server_args = -l instances = 4 log_on_success += DURATION USERID log_on_failure += USERID access_times = 2:00-8:59 12:00-23:59 nice = 10 } # End /etc/xinetd.d/ftp EOF cat > /etc/xinetd.d/tftp << "EOF" && # Begin /etc/xinetd.d/tftp service tftp { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /tftpboot } # End /etc/xinetd.d/tftp EOF cat > /etc/xinetd.d/finger << "EOF" && # Begin /etc/xinetd.d/finger service finger { disable = yes socket_type = stream wait = no user = nobody server = /usr/sbin/in.fingerd } # End /etc/xinetd.d/finger EOF cat > /etc/xinetd.d/systat << "EOF" && # Begin /etc/xinetd.d/systat service systat { disable = yes socket_type = stream wait = no user = nobody server = /usr/bin/ps server_args = -auwwx only_from = 128.138.209.0 log_on_success = HOST } # End /etc/xinetd.d/systat EOF cat > /etc/xinetd.d/netstat << "EOF" && # Begin /etc/xinetd.d/netstat service netstat { disable = yes socket_type = stream wait = no user = nobody server = /usr/ucb/netstat server_args = -f inet only_from = 128.138.209.0 log_on_success = HOST } # End /etc/xinetd.d/netstat EOF cat > /etc/xinetd.d/echo << "EOF" && # Begin /etc/xinetd.d/echo service echo { disable = yes type = INTERNAL id = echo-stream socket_type = stream protocol = tcp user = root wait = no } service echo { disable = yes type = INTERNAL id = echo-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/echo EOF cat > /etc/xinetd.d/chargen << "EOF" && # Begin /etc/xinetd.d/chargen service chargen { disable = yes type = INTERNAL id = chargen-stream socket_type = stream protocol = tcp user = root wait = no } service chargen { disable = yes type = INTERNAL id = chargen-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/chargen EOF cat > /etc/xinetd.d/daytime << "EOF" && # Begin /etc/xinetd.d/daytime service daytime { disable = yes type = INTERNAL id = daytime-stream socket_type = stream protocol = tcp user = root wait = no } service daytime { disable = yes type = INTERNAL id = daytime-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/daytime EOF cat > /etc/xinetd.d/time << "EOF" && # Begin /etc/xinetd.d/time service time { disable = yes type = INTERNAL id = time-stream socket_type = stream protocol = tcp user = root wait = no } service time { disable = yes type = INTERNAL id = time-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/time EOF cat > /etc/xinetd.d/rstatd << "EOF" && # Begin /etc/xinetd.d/rstatd ervice rstatd { disable = yes type = RPC flags = INTERCEPT rpc_version = 2-4 socket_type = dgram protocol = udp server = /usr/sbin/rpc.rstatd wait = yes user = root } # End /etc/xinetd.d/rstatd EOF cat > /etc/xinetd.d/rquotad << "EOF" && # Begin /etc/xinetd.d/rquotad service rquotad { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.rstatd } # End /etc/xinetd.d/rquotad EOF cat > /etc/xinetd.d/rusersd << "EOF" && # Begin /etc/xinetd.d/rusersd service rusersd { disable = yes type = RPC rpc_version = 1-2 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.rusersd } # End /etc/xinetd.d/rusersd EOF cat > /etc/xinetd.d/sprayd << "EOF" && # Begin /etc/xinetd.d/sprayd service sprayd { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.sprayd } # End /etc/xinetd.d/sprayd EOF cat > /etc/xinetd.d/walld << "EOF" && # Begin /etc/xinetd.d/walld service walld { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = nobody group = tty server = /usr/sbin/rpc.rwalld } # End /etc/xinetd.d/walld EOF cat > /etc/xinetd.d/irc << "EOF" # Begin /etc/xinetd.d/irc service irc { disable = yes socket_type = stream wait = no user = root flags = SENSOR type = INTERNAL bind = 192.168.1.30 deny_time = 60 } # End /etc/xinetd.d/irc EOF
El formato de /etc/xinetd.conf está documentado en la página de manual xinetd.conf.5. Puedes encontrar mas información en http://www.xinetd.org.
Instala el guión de inicio /etc/rc.d/init.d/xinetd incluido en el paquete blfs-bootscripts-20050313.
make install-xinetd
Como usuario root, utiliza el nuevo guión de arranque para iniciar xinetd:
/etc/rc.d/init.d/xinetd start
La comprobación del fichero /var/log/daemon.log puede resultar entretenida. Este fichero puede contener entradas similares a las siguientes:
Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rlogind is not executable [line=29] Aug 22 21:40:21 dps10 xinetd[2696]: Error parsing attribute server - DISABLING SERVICE [line=29] Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rshd is not executable [line=42]
Estos errores se deben a que muchos de los servidores que xinetd intenta controlar no se han instalado aún.
Contenido
Last updated on 2005-04-15 21:38:34 +0200