Professional Documents
Culture Documents
OVERVIEW
inetd
TCP Wrappers
xinetd
TCP WRAPPERS
Controlling access to network services
is one of the most important security t
asks facing a server administrator.
TCP wrappers add an additional layer of
protection by defining which hosts are
allowed or not allowed to connect to "w
rapped" network services.
hosts.deny
ALL : ALL
in.telnetd : news.cwcim.org
/etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
ALL : localhost
in.telnetd : cwcim.org
in.fingerd : staff.cwcim.org
This configuration allows any service for the local machine, allows
telnet for any machine on the cwcim.org network,
allows finger for any machine on the staff.cwcim.org network.
/etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
ALL : ALL
in.telnetd : news.cwcim.org
Anything else is denied. Note that second line doesn't do anything because
second line of hosts.allow lets any machine on cwcim.org network use
telnet.
XINETD FUNCTIONS
The xinetd daemon is a TCP-wrapper-enable
d super server which controls access to a
subset of popular network services includ
ing POP3, IMAP, and Telnet.
It also provides service-specific configu
ration options for access control, enhanc
ed logging, redirection, and resource uti
lization control.
Sample /etc/xinetd.conf
defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d
/etc/xinetd.d/telnet
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}
CONTROLLING XINETD
The starting and stopping of the xinetd
daemon is controlled by the scripts in t
he /etc/init.d directory and its behavio
r at boot time is controlled by chkconfi
g.
We can start/stop/restart xinetd after b
ootup by using the following commands:
# service xinetd start | stop | restart