xinetd is the eXtended InterNET services daemon, a secure replacement for inetd.
This package is known to build and work properly using an LFS-7.7 platform.
Download (FTP): ftp://anduin.linuxfromscratch.org/BLFS/svn/x/xinetd-2.3.15.tar.gz
Download MD5 sum: 77358478fd58efa6366accae99b8b04c
Download size: 308 KB
Estimated disk space required: 5.0 MB
Estimated build time: less than 0.1 SBU
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/xinetd
Install xinetd by running the following commands:
sed -i -e "s/exec_server/child_process/" xinetd/builtins.c && sed -i -e "/register unsigned count/s/register//" xinetd/itox.c && ./configure --prefix=/usr --mandir=/usr/share/man --with-loadavg && make
This package does not come with a test suite.
Now, as the root
user:
make install
sed ... xinetd/builtins.c: This command fixes a security issue.
sed ... xinetd/itox.c: This command fixes some compiler warnings.
Ensure the path to all daemons is /usr/sbin
, rather than the default path of
/usr/bin
, and install the
xinetd configuration files by
running the following commands as the root
user:
cat > /etc/xinetd.conf << "EOF"
# Begin /etc/xinetd
# Configuration file for xinetd
defaults
{
instances = 60
log_type = SYSLOG daemon
log_on_success = HOST PID USERID
log_on_failure = HOST USERID
cps = 25 30
}
# All service files are stored in the /etc/xinetd.d directory
includedir /etc/xinetd.d
# End /etc/xinetd
EOF
All of the following files have the statement, "disable = yes". To activate any of the services, this statement will need to be changed to "disable = no".
The following files are listed to demonstrate several xinetd applications. In many cases, these applications are not needed. Some classic applications are considered security risks. For example, telnet, rlogin, rexec, and rsh transmit unencrypted usernames and passwords over the network and can be easily replaced with a more secure alternative: ssh.
install -v -d -m755 /etc/xinetd.d && cat > /etc/xinetd.d/systat << "EOF" &&# Begin /etc/xinetd.d/systat service systat { disable = yes socket_type = stream wait = no user = nobody server = /bin/ps server_args = -auwwx only_from = 128.138.209.0 log_on_success = HOST } # End /etc/xinetd.d/systat
EOF cat > /etc/xinetd.d/echo << "EOF" &&# Begin /etc/xinetd.d/echo service echo { disable = yes type = INTERNAL id = echo-stream socket_type = stream protocol = tcp user = root wait = no } service echo { disable = yes type = INTERNAL id = echo-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/echo
EOF cat > /etc/xinetd.d/chargen << "EOF" &&# Begin /etc/xinetd.d/chargen service chargen { disable = yes type = INTERNAL id = chargen-stream socket_type = stream protocol = tcp user = root wait = no } service chargen { disable = yes type = INTERNAL id = chargen-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/chargen
EOF cat > /etc/xinetd.d/daytime << "EOF" &&# Begin /etc/xinetd.d/daytime service daytime { disable = yes type = INTERNAL id = daytime-stream socket_type = stream protocol = tcp user = root wait = no } service daytime { disable = yes type = INTERNAL id = daytime-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/daytime
EOF cat > /etc/xinetd.d/time << "EOF"# Begin /etc/xinetd.d/time service time { disable = yes type = INTERNAL id = time-stream socket_type = stream protocol = tcp user = root wait = no } service time { disable = yes type = INTERNAL id = time-dgram socket_type = dgram protocol = udp user = root wait = yes } # End /etc/xinetd.d/time
EOF
The format of the /etc/xinetd.conf
is documented in the xinetd.conf.5
man page.
As the root
user, install the
/etc/rc.d/init.d/xinetd
init script
included in the blfs-bootscripts-20150304 package.
make install-xinetd
As the root
user, use the new
boot script to start xinetd:
/etc/rc.d/init.d/xinetd start
Check the /var/log/daemon.log
to
ensure the appropriate services are started. If no services are
enabled, the program will not start without the -stayalive
option.
Last updated on 2015-03-02 17:33:58 -0500