source: archive/xinetd.xml@ ba91515

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../../general.ent">
  %general-entities;

  <!-- Development seems to be over and the xinetd.og site does not seem to exist any more. -->
  <!-- <!ENTITY xinetd-download-http "http://www.xinetd.org/xinetd-&xinetd-version;.tar.gz"> -->
  <!ENTITY xinetd-download-http " ">
  <!ENTITY xinetd-download-ftp  "&sources-anduin-ftp;/xinetd/xinetd-&xinetd-version;.tar.gz">
  <!ENTITY xinetd-md5sum        "77358478fd58efa6366accae99b8b04c">
  <!ENTITY xinetd-size          "308 KB">
  <!ENTITY xinetd-buildsize     "5.0 MB">
  <!ENTITY xinetd-time          "less than 0.1 SBU">
]>

<sect1 id="xinetd" xreflabel="xinetd-&xinetd-version;">
  <?dbhtml filename="xinetd.html"?>

  <sect1info>
    <othername>$LastChangedBy$</othername>
    <date>$Date$</date>
  </sect1info>

  <title>xinetd-&xinetd-version;</title>

  <indexterm zone="xinetd">
    <primary sortas="a-Xinetd">Xinetd</primary>
  </indexterm>

  <sect2 role="package">
    <title>Introduction to xinetd</title>

    <para><application>xinetd</application> is the eXtended InterNET services
    daemon, a secure replacement for <command>inetd</command>.</para>

    &lfs7a_checked;

    <bridgehead renderas="sect3">Package Information</bridgehead>
    <itemizedlist spacing="compact">
      <listitem>
        <para>Download (HTTP): <ulink url="&xinetd-download-http;"/></para>
      </listitem>
      <listitem>
        <para>Download (FTP): <ulink url="&xinetd-download-ftp;"/></para>
      </listitem>
      <listitem>
        <para>Download MD5 sum: &xinetd-md5sum;</para>
      </listitem>
      <listitem>
        <para>Download size: &xinetd-size;</para>
      </listitem>
      <listitem>
        <para>Estimated disk space required: &xinetd-buildsize;</para>
      </listitem>
      <listitem>
        <para>Estimated build time: &xinetd-time;</para>
      </listitem>
    </itemizedlist>

    <bridgehead renderas="sect3">xinetd Dependencies</bridgehead>

    <bridgehead renderas="sect4">Optional</bridgehead>
    <para role="optional">
      <ulink url="ftp://ftp.porcupine.org/pub/security/">TCP wrappers (deprecated)</ulink>
    </para>

    <para condition="html" role="usernotes">User Notes:
    <ulink url="&blfs-wiki;/xinetd"/></para>

  </sect2>

  <sect2 role="installation">
    <title>Installation of xinetd</title>

    <para>Install <application>xinetd</application> by running the following
    commands:</para>

<screen><userinput>sed -i -e "s/exec_server/child_process/" xinetd/builtins.c       &amp;&amp;
sed -i -e "/register unsigned count/s/register//" xinetd/itox.c  &amp;&amp;
./configure --prefix=/usr --mandir=/usr/share/man --with-loadavg &amp;&amp;
make</userinput></screen>

    <para>This package does not come with a test suite.</para>

    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>

<screen role="root"><userinput>make install</userinput></screen>

  </sect2>

  <sect2 role="commands">
     <title>Command Explanations</title>

     <!-- CVE-2013-4342 https://bugzilla.redhat.com/show_bug.cgi?id=1006100 -->
     <para><command>sed ... xinetd/builtins.c</command>: This command fixes
     a security issue.</para>

     <para><command>sed ... xinetd/itox.c</command>: This command fixes some
     compiler warnings.</para>

  </sect2>

  <sect2 role="configuration">
    <title>Configuring xinetd</title>

    <sect3 id="xinetd-config">
      <title>Config Files</title>

      <para><filename>/etc/xinetd.conf</filename> and
      <filename class="directory">/etc/xinetd.d/*</filename></para>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d">/etc/xinetd.d/*</primary>
      </indexterm>

    </sect3>

    <sect3>
      <title>Configuration Information</title>

      <para>Ensure the path to all daemons is
      <filename class="directory">/usr/sbin</filename>, rather than the default
      path of <filename class="directory">/usr/bin</filename>, and install the
      <application>xinetd</application> configuration files by running the
      following commands as the <systemitem class="username">root</systemitem>
      user:</para>

<screen role="root"><userinput>cat &gt; /etc/xinetd.conf &lt;&lt; "EOF"
<literal># Begin /etc/xinetd
# Configuration file for xinetd

defaults
{
      instances       = 60
      log_type        = SYSLOG daemon
      log_on_success  = HOST PID USERID
      log_on_failure  = HOST USERID
      cps             = 25 30
}

# All service files are stored in the /etc/xinetd.d directory

includedir /etc/xinetd.d

# End /etc/xinetd</literal>
EOF</userinput></screen>

      <para>All of the following files have the statement, "disable = yes".
      To activate any of the services, this statement will need to be changed
      to "disable = no".</para>

      <note>
        <para>The following files are listed to demonstrate several
        <application>xinetd</application> applications. In many cases, these
        applications are not needed. Some classic applications are
        considered security risks. For example, <command>telnet</command>,
        <command>rlogin</command>, <command>rexec</command>, and
        <command>rsh</command> transmit unencrypted usernames and passwords
        over the network and can be easily replaced with a more secure
        alternative: <command>ssh</command>.</para>
      </note>

<screen role="root"><?dbfo keep-together="auto"?><userinput>install -v -d -m755 /etc/xinetd.d &amp;&amp;

cat &gt; /etc/xinetd.d/systat &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/systat

service systat
{
   disable           = yes
   socket_type       = stream
   wait              = no
   user              = nobody
   server            = /bin/ps
   server_args       = -auwwx
   only_from         = 128.138.209.0
   log_on_success    = HOST
}

# End /etc/xinetd.d/systat</literal>
EOF

cat &gt; /etc/xinetd.d/echo &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/echo

service echo
{
   disable     = yes
   type        = INTERNAL
   id          = echo-stream
   socket_type = stream
   protocol    = tcp
   user        = root
   wait        = no
}

service echo
{
   disable     = yes
   type        = INTERNAL
   id          = echo-dgram
   socket_type = dgram
   protocol    = udp
   user        = root
   wait        = yes
}

# End /etc/xinetd.d/echo</literal>
EOF

cat &gt; /etc/xinetd.d/chargen &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/chargen

service chargen
{
   disable        = yes
   type           = INTERNAL
   id             = chargen-stream
   socket_type    = stream
   protocol       = tcp
   user           = root
   wait           = no
}

service chargen
{
   disable        = yes
   type           = INTERNAL
   id             = chargen-dgram
   socket_type    = dgram
   protocol       = udp
   user           = root
   wait           = yes
}

# End /etc/xinetd.d/chargen</literal>
EOF

cat &gt; /etc/xinetd.d/daytime &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/xinetd.d/daytime

service daytime
{
   disable        = yes
   type           = INTERNAL
   id             = daytime-stream
   socket_type    = stream
   protocol       = tcp
   user           = root
   wait           = no
}

service daytime
{
   disable        = yes
   type           = INTERNAL
   id             = daytime-dgram
   socket_type    = dgram
   protocol       = udp
   user           = root
   wait           = yes
}

# End /etc/xinetd.d/daytime</literal>
EOF
<!-- The last one without && -->
cat &gt; /etc/xinetd.d/time &lt;&lt; "EOF"
<literal># Begin /etc/xinetd.d/time

service time
{
   disable        = yes
   type           = INTERNAL
   id             = time-stream
   socket_type    = stream
   protocol       = tcp
   user           = root
   wait           = no
}

service time
{
   disable        = yes
   type           = INTERNAL
   id             = time-dgram
   socket_type    = dgram
   protocol       = udp
   user           = root
   wait           = yes
}

# End /etc/xinetd.d/time</literal>
EOF</userinput></screen>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-login">/etc/xinetd.d/login</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-shell">/etc/xinetd.d/shell</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-exec">/etc/xinetd.d/exec</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-comsat">/etc/xinetd.d/comsat</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-talk">/etc/xinetd.d/talk</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-ntalk">/etc/xinetd.d/ntalk</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-telnet">/etc/xinetd.d/telnet</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-ftp">/etc/xinetd.d/ftp</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-tftp">/etc/xinetd.d/tftp</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-systat">/etc/xinetd.d/systat</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-finger">/etc/xinetd.d/finger</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-netstat">/etc/xinetd.d/netstat</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-echo">/etc/xinetd.d/echo</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-chargen">/etc/xinetd.d/chargen</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-daytime">/etc/xinetd.d/daytime</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-time">/etc/xinetd.d/time</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-rstatd">/etc/xinetd.d/rstatd</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-rquotad">/etc/xinetd.d/rquotad</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-ruserd">/etc/xinetd.d/ruserd</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-sprayd">/etc/xinetd.d/sprayd</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-walld">/etc/xinetd.d/walld</primary>
      </indexterm>

      <indexterm zone="xinetd xinetd-config">
        <primary sortas="e-etc-xinetd.d-irc">/etc/xinetd.d/irc</primary>
      </indexterm>

      <para>The format of the <filename>/etc/xinetd.conf</filename> is
      documented in the <filename>xinetd.conf.5</filename> man page.
      <!-- 13-12-12 the http://www.xinetd.org is broken
      Further
      information can be found at <ulink url="http://www.xinetd.org"/>.
      -->
     </para>

    </sect3>

    <sect3  id="xinetd-init">
      <title><phrase revision="sysv">Boot Script</phrase>
             <phrase revision="systemd">Systemd Unit</phrase></title>

      <para>As the <systemitem class="username">root</systemitem> user, install
      the <phrase revision="sysv"><filename>/etc/rc.d/init.d/xinetd</filename>
      init script</phrase>
      <phrase revision="systemd"><filename>xinetd.service</filename>
      unit</phrase> included in
      the <xref linkend="bootscripts" revision="sysv"/>
      <xref linkend="systemd-units" revision="systemd"/> package.</para>

      <indexterm zone="xinetd xinetd-init">
        <primary sortas="f-xinetd">xinetd</primary>
      </indexterm>

<screen role="root"><userinput>make install-xinetd</userinput></screen>

      <para>As the <systemitem class="username">root</systemitem> user,
      use the <phrase revision="sysv">new boot script</phrase>
      <phrase revision="systemd"><command>systemctl</command> command</phrase>
      to start <command>xinetd</command>:</para>

<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/xinetd start</userinput></screen>

<screen role="root" revision="systemd"><userinput>systemctl start xinetd</userinput></screen>

      <para>Check the
      <phrase revision="sysv"><filename>/var/log/daemon.log</filename></phrase>
      <phrase revision="systemd"><command>journalctl</command> output</phrase>
      to ensure the appropriate services are started. If no services are
      enabled, the program will not start without the
      <option>-stayalive</option> option.</para>

<!--
<screen><literal>Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rlogind is not
executable [line=29]
Aug 22 21:40:21 dps10 xinetd[2696]: Error parsing attribute server -
DISABLING SERVICE [line=29]
Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rshd is not
executable [line=42]</literal></screen>

      <para>These errors are because most of the servers
      <command>xinetd</command> is trying to control are not
      installed yet.</para>
-->
    </sect3>

  </sect2>

  <sect2 role="content">
    <title>Contents</title>

    <segmentedlist>
      <segtitle>Installed Programs</segtitle>
      <segtitle>Installed Libraries</segtitle>
      <segtitle>Installed Directories</segtitle>

      <seglistitem>
        <seg>itox, xconv.pl, and xinetd</seg>
        <seg>None</seg>
        <seg>/etc/xinetd.d/</seg>
      </seglistitem>
    </segmentedlist>

    <variablelist>
      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
      <?dbfo list-presentation="list"?>
      <?dbhtml list-presentation="table"?>

      <varlistentry id="itox">
        <term><command>itox</command></term>
        <listitem>
          <para>is a utility used for converting
          <filename>inetd.conf</filename> files to
          <filename>xinetd.conf</filename> format.</para>
          <indexterm zone="xinetd itox">
            <primary sortas="b-itox">itox</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="xconv.pl">
        <term><command>xconv.pl</command></term>
        <listitem>
          <para>is a <application>Perl</application> script used for
          converting <filename>inetd.conf</filename> files to
          <filename>xinetd.conf</filename> format, similar to
          <command>itox</command>.</para>
          <indexterm zone="xinetd xconv.pl">
            <primary sortas="b-xconv.pl">xconv.pl</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="xinetd-prog">
        <term><command>xinetd</command></term>
        <listitem>
          <para>is the Internet services daemon.</para>
          <indexterm zone="xinetd xinetd-prog">
            <primary sortas="b-xinetd">xinetd</primary>
          </indexterm>
        </listitem>
      </varlistentry>

    </variablelist>

  </sect2>

</sect1>