XINETD: Super daemon, manage the transient daemon process
Configuration file:
/ETC/XINETD.CONF Master configuration file
/etc/xinetd.d/* configuration files for each transient daemon
Global configuration:
Defauts
{
#enabled = yes|no Enable service
#disabled = yes|no Disable Service
Log_type = SYSLOG Daemon Info | File/var/log/xxx.log Log Type
Log_on_failure = information to be logged for HOST login failure
log_on_success = PID HOST DURATION EXIT Login successful information to log
}
Include/etc/xinetd.d
Service configuration:
Service <server name>
{
<ATTRIBUTE> <assing_option (Assignment operator) > <VALUE> <VALUE> ...
}
Common Properties and values:
Disable = No|yes Whether the service is disabled
Flags = reuse reuse, deprecated. The default service is now reuse.
Socket_type = Stream socket type, you can specify TCP, UDP, RPC.
wait = No|yes Multi-connection is the need to wait
user = USERNAME The identity of the service startup
Server = file binary for this service
Server_args = parameters to be passed when the OPTIONS service starts
Ports = port for the specified service, and if not specified, use the service default port.
Log_on_failure + = UserID Adds a userid record to the error log. Delete with _=.
Only_from = ip| network| hostname| FQDN | DOMAIN only allows access to the following addresses, and other addresses are denied access by default.
No_access = ip| network| hostname| FQDN | DOMAIN prohibits access to the following address
Access_times = hh:mm-hh:mm Allowed access time
Bind = IP Specifies that the service listens for IP addresses. When the server has multiple IPs, only the ports on this IP address are monitored.
interface = IP equals bind
CPS = NUM StopTime Controls the connection request rate. The maximum number of inbound connections allowed per second is NUM, which temporarily disables the request stoptime seconds if exceeded. The default num is 50,stoptime for 10 seconds.
Per_source = num Each IP allows concurrent originating requests with a maximum value of num
Instances num| UNLIMITED specifies that the number of services to be used synchronously is num, that is, the maximum number of services allowed to run concurrently. Not specified as unrestricted, or specified unlimited also means unqualified
Banner file user local access to this service enables the display of welcome information to be read from file. Displays the information in the/etc/issue.net if the remote user accesses it.
Instance:
1. The server IP is 172.16.100.1, Access Telnet, the following limit:
Only 172.16.100.3 access is allowed, which allows access from 9:10 to 15 30 daily.
#vim/etc/xinetd.d/telent
Service <telnet>
{
Disable = no
Flags = Reuse
Socket_type = Stream
wait = no
user = root
Server =/usr/bin/in.telnet
bind = 172.16.100.3
Access_times = 09:10-15:30
}
2. Answer the question, now allow 172.16 network segment access, prohibit 172.16.0.2 access, only on the 172.16.100.1 listening service, set the rate of each IP request is 5, the temporary stop time is 5, each IP address up to 3 requests, the service provides up to 20 connection instances.
#vim/etc/xinetd.d/telent
Service <telnet>
{
Disable = no
Flags = Reuse
Socket_type = Stream
wait = no
user = root
Server =/usr/bin/in.telnet
Only_from =192.168.0.0/16
No_access =172.16.0.2
Access_times = 09:10-15:30
bind = 172.16.100.1
CPS = 5 5
Ip_source = 3
instances = 20
}
3. Answer the question, set the local welcome information:
#vim/etc/xinetd.d/telent
Service <telnet>
{
Disable = no
Flags = Reuse
Socket_type = Stream
wait = no
user = root
Server =/usr/bin/in.telnet
Only_from =192.168.0.0/16
No_access =172.16.0.2
Access_times = 09:10-15:30
bind = 172.16.100.1
CPS = 30 15
Ip_source = 5
instances = 13
Banner =/tmp/telnethello
}
#vim/tmp/telnethello
Welcome to telent this server!!
This article is from "Small Private blog" blog, please be sure to keep this source http://ggvylf.blog.51cto.com/784661/1665032
Basic knowledge and examples of xinetd