%general-entities; ]> $LastChangedBy$ $Date$ Xinetd xinetd is the eXtended InterNET services Daemon, a secure replacement for inetd. Download (HTTP): Download (FTP): Download MD5 sum: &xinetd-md5sum; Download size: &xinetd-size; Estimated disk space required: &xinetd-buildsize; Estimated build time: &xinetd-time; Install xinetd by running the following commands: ./configure --prefix=/usr && make Now, as the root user: make install /etc/xinetd.conf /etc/xinetd.conf Ensure the path to all daemons is /usr/sbin, rather than the default path of /usr/etc, and install the xinetd configuration files by running the following commands as the root user: cat > /etc/xinetd.conf << "EOF" # Begin /etc/xinetd # Configuration file for xinetd # defaults { instances = 60 log_type = SYSLOG daemon log_on_success = HOST PID USERID log_on_failure = HOST USERID cps = 25 30 } # All service files are stored in the /etc/xinetd.d directory # includedir /etc/xinetd.d # End /etc/xinetd EOF All of the following files have the statement, "disable = yes". To activate any of the services, this statement will need to be changed to "disable = no". The following files are listed to demonstrate classic xinetd applications. In many cases, these applications are not needed. In some cases, the applications are considered security risks. For example, telnet, rlogin, rexec, and rsh transmit unencrypted usernames and passwords over the network and can be easily replaced with a more secure alternative: ssh. install -d -m755 /etc/xinetd.d && cat > /etc/xinetd.d/login << "EOF" && # Begin /etc/xinetd.d/login service login { disable = yes socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/in.rlogind log_type = SYSLOG local4 info } # End /etc/xinetd.d/login EOF cat > /etc/xinetd.d/shell << "EOF" && # Begin /etc/xinetd.d/shell service shell { disable = yes socket_type = stream wait = no user = root instances = UNLIMITED flags = IDONLY log_on_success += USERID server = /usr/sbin/in.rshd } # End /etc/xinetd.d/shell EOF cat > /etc/xinetd.d/exec << "EOF" && # Begin /etc/xinetd.d/exec service exec { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.rexecd } # End /etc/xinetd.d/exec EOF cat > /etc/xinetd.d/comsat << "EOF" && # Begin /etc/xinetd.d/comsat service comsat { disable = yes socket_type = dgram wait = yes user = nobody group = tty server = /usr/sbin/in.comsat } # End /etc/xinetd.d/comsat EOF cat > /etc/xinetd.d/talk << "EOF" && # Begin /etc/xinetd.d/talk service talk { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.talkd } # End /etc/xinetd.d/talk EOF cat > /etc/xinetd.d/ntalk << "EOF" && # Begin /etc/xinetd.d/ntalk service ntalk { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.ntalkd } # End /etc/xinetd.d/ntalk EOF cat > /etc/xinetd.d/telnet << "EOF" && # Begin /etc/xinetd.d/telnet service telnet { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd bind = 127.0.0.1 log_on_failure += USERID } service telnet { disable = yes socket_type = stream wait = no user = root # server = /usr/sbin/in.telnetd bind = 192.231.139.175 redirect = 128.138.202.20 23 log_on_failure += USERID } # End /etc/xinetd.d/telnet EOF cat > /etc/xinetd.d/ftp << "EOF" && # Begin /etc/xinetd.d/ftp service ftp { disable = yes socket_type = stream wait = no user = root server = /usr/sbin/in.ftpd server_args = -l instances = 4 log_on_success += DURATION USERID log_on_failure += USERID access_times = 2:00-8:59 12:00-23:59 nice = 10 } # End /etc/xinetd.d/ftp EOF cat > /etc/xinetd.d/tftp << "EOF" && # Begin /etc/xinetd.d/tftp service tftp { disable = yes socket_type = dgram wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /tftpboot } # End /etc/xinetd.d/tftp EOF cat > /etc/xinetd.d/finger << "EOF" && # Begin /etc/xinetd.d/finger service finger { disable = yes socket_type = stream wait = no user = nobody server = /usr/sbin/in.fingerd } # End /etc/xinetd.d/finger EOF cat > /etc/xinetd.d/systat << "EOF" && # Begin /etc/xinetd.d/systat service systat { disable = yes socket_type = stream wait = no user = nobody server = /usr/bin/ps server_args = -auwwx only_from = 128.138.209.0 log_on_success = HOST } # End /etc/xinetd.d/systat EOF cat > /etc/xinetd.d/netstat << "EOF" && # Begin /etc/xinetd.d/netstat service netstat { disable = yes socket_type = stream wait = no user = nobody server = /usr/ucb/netstat server_args = -f inet only_from = 128.138.209.0 log_on_success = HOST } # End /etc/xinetd.d/netstat EOF cat > /etc/xinetd.d/echo << "EOF" && # Begin /etc/xinetd.d/echo service echo { disable = yes type = INTERNAL id = echo-stream socket_type = stream protocol = tcp user = root wait = no } service echo { disable = yes type = INTERNAL id = echo-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/echo EOF cat > /etc/xinetd.d/chargen << "EOF" && # Begin /etc/xinetd.d/chargen service chargen { disable = yes type = INTERNAL id = chargen-stream socket_type = stream protocol = tcp user = root wait = no } service chargen { disable = yes type = INTERNAL id = chargen-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/chargen EOF cat > /etc/xinetd.d/daytime << "EOF" && # Begin /etc/xinetd.d/daytime service daytime { disable = yes type = INTERNAL id = daytime-stream socket_type = stream protocol = tcp user = root wait = no } service daytime { disable = yes type = INTERNAL id = daytime-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/daytime EOF cat > /etc/xinetd.d/time << "EOF" && # Begin /etc/xinetd.d/time service time { disable = yes type = INTERNAL id = time-stream socket_type = stream protocol = tcp user = root wait = no } service time { disable = yes type = INTERNAL id = time-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/time EOF cat > /etc/xinetd.d/rstatd << "EOF" && # Begin /etc/xinetd.d/rstatd ervice rstatd { disable = yes type = RPC flags = INTERCEPT rpc_version = 2-4 socket_type = dgram protocol = udp server = /usr/sbin/rpc.rstatd wait = yes user = root } # End /etc/xinetd.d/rstatd EOF cat > /etc/xinetd.d/rquotad << "EOF" && # Begin /etc/xinetd.d/rquotad service rquotad { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.rstatd } # End /etc/xinetd.d/rquotad EOF cat > /etc/xinetd.d/rusersd << "EOF" && # Begin /etc/xinetd.d/rusersd service rusersd { disable = yes type = RPC rpc_version = 1-2 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.rusersd } # End /etc/xinetd.d/rusersd EOF cat > /etc/xinetd.d/sprayd << "EOF" && # Begin /etc/xinetd.d/sprayd service sprayd { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/rpc.sprayd } # End /etc/xinetd.d/sprayd EOF cat > /etc/xinetd.d/walld << "EOF" && # Begin /etc/xinetd.d/walld service walld { disable = yes type = RPC rpc_version = 1 socket_type = dgram protocol = udp wait = yes user = nobody group = tty server = /usr/sbin/rpc.rwalld } # End /etc/xinetd.d/walld EOF cat > /etc/xinetd.d/irc << "EOF" # Begin /etc/xinetd.d/irc service irc { disable = yes socket_type = stream wait = no user = root flags = SENSOR type = INTERNAL bind = 192.168.1.30 deny_time = 60 } # End /etc/xinetd.d/irc EOF The format of the /etc/xinetd.conf is documented in the xinetd.conf.5 man page. Further information can be found at . As the root user, install the /etc/rc.d/init.d/xinetd init script included in the package. xinetd make install-xinetd As the root user, use the new boot script to start xinetd: /etc/rc.d/init.d/xinetd start Checking the /var/log/daemon.log file should prove quite entertaining. This file may contain entries similar to the following: Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rlogind is not executable [line=29] Aug 22 21:40:21 dps10 xinetd[2696]: Error parsing attribute server - DISABLING SERVICE [line=29] Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rshd is not executable [line=42] These errors are because most of the servers xinetd is trying to control are not installed yet. Installed Programs Installed Libraries Installed Directories itox, xconv.pl and xinetd None None Short Descriptions itox is a utility used for converting inetd.conf files to xinetd.conf format. itox xconv.pl is a Perl script used for converting inetd.conf files to xinetd.conf format, similar to itox. xconv.pl xinetd is the Internet services daemon. xinetd