Xinetd
   HOME

TheInfoList



Click Here for Items Related To - Xinetd
OR:
Xinetd on:   [Wikipedia]   [Google]   [Amazon]

In
computer networking A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ma ...
, xinetd (''Extended Internet Service Daemon'') is an
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
super-server
daemon Daimon or Daemon (Ancient Greek: , "god", "godlike", "power", "fate") originally referred to a lesser deity or guiding spirit such as the daimons of ancient Greek religion and mythology and of later Hellenistic religion and philosophy. The word ...
which runs on many
Unix-like A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
systems A system is a group of interacting or interrelated elements that act according to a set of rules to form a unified whole. A system, surrounded and influenced by its environment, is described by its boundaries, structure and purpose and express ...
, and manages
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
-based connectivity. It offers a more secure alternative to the older
inetd inetd (internet service daemon) is a super-server daemon on many Unix systems that provides Internet services. For each configured service, it listens for requests from connecting clients. Requests are served by spawning a process which runs the ...
("the Internet daemon"), which most modern
Linux distribution A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading one ...
s have deprecated.


Description

xinetd listens for incoming requests over a network and launches the appropriate service for that request. Requests are made using
port numbers In computer networking, a port is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service. At the software level, within an operating system, a port is a logical construct that identifies a specific ...
as identifiers and xinetd usually launches another
daemon Daimon or Daemon (Ancient Greek: , "god", "godlike", "power", "fate") originally referred to a lesser deity or guiding spirit such as the daimons of ancient Greek religion and mythology and of later Hellenistic religion and philosophy. The word ...
to handle the request. It can be used to start services with both privileged and non-privileged port numbers. xinetd features
access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...
mechanisms such as
TCP Wrapper __NOTOC__ TCP Wrappers (also known as tcp_wrappers) is a host-based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP address ...
ACLs, extensive
logging Logging is the process of cutting, processing, and moving trees to a location for transport. It may include skidding, on-site processing, and loading of trees or logs onto trucks or skeleton cars. Logging is the beginning of a supply chain ...
capabilities, and the ability to make services available based on time. It can place limits on the number of
server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...
s that the system can start, and has deployable defense mechanisms to protect against
port scanner A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host ...
s, among other things. On some implementations of
Mac OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac (computer), Mac computers. Within the market of ...
, this daemon starts and maintains various Internet-related services, including
FTP The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data ...
and
telnet Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control i ...
. As an extended form of inetd, it offers enhanced security. It replaced inetd in
Mac OS X v10.3 Mac OS X Panther (version 10.3) is the fourth major release of macOS, Apple's desktop and server operating system. It followed Mac OS X Jaguar and preceded Mac OS X Tiger. It was released on October 24, 2003. System requirements Panther's sy ...
, and subsequently
launchd launchd is an init and operating system service management daemon created by Apple Inc. as part of macOS to replace its BSD-style init and SystemStarter. There have been efforts to port launchd to FreeBSD and derived systems. Components Th ...
replaced it in
Mac OS X v10.4 Mac OS X Tiger (version 10.4) is the 5th major release of macOS, Apple's desktop and server operating system for Mac computers. Tiger was released to the public on April 29, 2005 for US$129.95 as the successor to Mac OS X 10.3 Panther. Som ...
. However,
Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple fruit tree, trees are agriculture, cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, wh ...
has retained inetd for compatibility purposes.


Configuration

Configuration of xinetd resides in the default configuration file /etc/xinetd.conf, and configuration of the services it supports resides in configuration files stored in the /etc/xinetd.d directory. The configuration for each service usually includes a switch to control whether xinetd should enable or disable the service. An example configuration file for the RFC 868 time server: 

# default: off
# description: An RFC 868 time server. This protocol provides a
# site-independent, machine readable date and time. The Time service sends back
# to the originating source the time in seconds since midnight on January first
# 1900.
# This is the tcp version.
service time


# This is the udp version.
service time
The lines with the "#" character at the beginning are comments without any effect on the service. There are two service versions: the first one is based on the
Transmission Control Protocol The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly ...
(TCP), the second one is based on the
User Datagram Protocol In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages (transported as datagrams in packets) to other hosts on an Internet Protocol (IP) network. ...
(UDP). The type and planned usage of a service determines the necessary core protocol. In a simple way, the UDP cannot handle huge data transmissions, because it lacks the abilities to rearrange packages in a specified order or guarantee their integrity, but it is faster than TCP. TCP has these functions, but it is slower. There are two columns in each version inside the braces. The first is the type of option, the second is the applied variable. The ''disable'' option is a switch to run a service or not. In most cases, the default state is ''yes''. To activate the service, change it to ''no''. There are three ''types'' of services. The type is ''INTERNAL'' if the service is provided by xinetd, ''RPC'' when it based on
Remote procedure call In distributed computing, a remote procedure call (RPC) is when a computer program causes a procedure (subroutine) to execute in a different address space (commonly on another computer on a shared network), which is coded as if it were a normal (l ...
(commonly listed in the /etc/rpc file), or it can be ''UNLISTED'' when the service is neither in the /etc/services nor in the /etc/rpc files. The ''id'' is the unique identifier of the service. The ''socket_type'' determines the way of data transmission through the service. There are three types: ''stream'', ''dgram'' and ''raw''. This last one is useful when we want to establish a service based on a non-standard protocol. With the ''user'' option, it is possible to choose a user to be the owner of the running service. It is highly recommended to choose a non-
root In vascular plants, the roots are the organs of a plant that are modified to provide anchorage for the plant and take in water and nutrients into the plant body, which allows plants to grow taller and faster. They are most often below the sur ...
user for security reasons. When the ''wait'' is on ''yes'', the xinetd will not receive a request for the service if it has a connection. So, the number of connections is limited to one. It provides very good protection when we want to establish only one connection per time. There are many more options available for xinetd. In most Linux distributions, the full list of possible options and their description is accessible with a "man xinetd.conf" command. To apply the new configuration, a
SIGHUP On POSIX-compliant platforms, SIGHUP ("signal hang up") is a signal sent to a process when its controlling terminal is closed. It was originally designed to notify the process of a serial line drop. SIGHUP is a symbolic constant defined in the h ...
signal must be sent to the xinetd process to make it re-read the configuration files. This can be achieved with the following command: kill -SIGHUP " PID". PID is the actual process identifier number of the xinetd, which can be obtained with the command pgrep xinetd.


References

{{reflist


External links


openSUSE fork
to contain all the patches from several distributions: openSUSE, Debian, Fedora, Gentoo, ... Unix MacOS Linux security software