Detailed explanation of/etc/xineted. conf in CentOS

Detailed explanation of/etc/xineted. conf in CentOS
The content of this article is from the private kitchen of laruence ================================== let's take a look at /etc/xinetd. what is the content of the conf case!

[Root @ linux ~] # Vi/etc/xinetd. conf # Simple configuration file for xinetd # Some ults, and include/etc/xinetd. d/defaults {instances = 60 <= maximum number of logs in the same service at the same time. A maximum of 60 log_type = SYSLOG authpriv <= after login, logs will be sent to the login Login's log_on_success = host pid <= what information does the reporter have when logging on successfully? Log_on_failure = HOST <= What is the record information if the logon fails? Cps = 25 30 <= the maximum number of bytes in the same second is 25. If there are more than 25, the service will stop for 30 seconds !} Includedir/etc/xinetd. d <= more setting values are in the/etc/xinetd. d directory.

Basically, the intent of this parameter is: "When a server is being managed using super daemon, unless the management category has been set for the service, otherwise the preceding xinetd will be described. in the conf file. 』 That is to say, this parameter is a reset value, but we can manually specify a new value to replace the reset value in xinetd. conf! That is to say, this case is set to ": up to 60 servers can be deployed for a single service, in addition, there cannot be more than 25 hosts connected within the same second. However, if the login succeeds or is not successful, different information will be recorded in the login role .』 In this case, can it be clearer than others? ^_^ As to more details, we will continue to explain it below!

Since this is just a preset data volume, there are naturally more server data cases ~ No thanks ~ The number of all servers is in/etc/xinetd. d. This is because the last line in the above table is correct! That's it! ^_^. So what is the content of each batch data case? Generally speaking, he is like this:

service  <service_name>{       <attribute>   <assign_op>   <value>   <value> ...       .............}

The first line must have a service, so the content in <service_name> is related to/etc/services, because he can decide the port he wants to use based on the name and port number in/etc/services! Then the correlation data is within two large scratches. Attribute is the management metric data of some xinetd, and assign_op is the setting method of the metric data. The main settings of assign_op are as follows:

=: Indicates that the subsequent preset data is like this!
+ =: Indicates that the subsequent settings are "Add a new sequence number to the original settings 』
-+: Indicates that the following parameter is set to the original parameter number !』

The usage is not the same. Please note that! Okay! Next let's talk about the attributes and values!

Attribute
(Function) assing_op
Description and examples: disableyes
No allows the server to have rows or cannot have rows! Set yes to indicate that the service cannot be renewed! This setting must be required. If I want to activate a service, set it: Disable = no Socket_typestream
Dgram
Rawstream uses the dgram mechanism for UDP packets as reliable TCP packets. Raw indicates that the server must be directly connected to the IP address! For example, telnet uses TCP, so: Socket_type = stream Protocoltcp
Udp
... Which of the following statements is used to determine the number of concurrent users !? You can test the content of/etc/protocols for specific generations! In addition, unless you have set your own services, you do not need to set them! Waityes
No. This is the Multi-threaded and single-threaded methods we have mentioned! Generally, we hope that all requirements can be used at the same time, so we can set Wait = no UserUID
Does root remember the UID concept we mentioned in zookeeper management? Yes! This UID is the UID! It should be noted that, if your server operator does not use root as the main user, then this place can be changed to other users, such as nobody! This hacker will also have a security defense mechanism! In addition, note that this UID must exist in/etc/passwd. GroupGID and user have the same meaning! Only the GID user must exist in the/etc/group! Instancesnumber
UNLIMITED refers to the "maximum number allowed by the same service at the same time, you can add a "Number" to control your data, or use UNLIMITED to tell the system that there is no upper limit! For example, if you allow 30 ftp hosts in the same time segment, you can enter 30! Nice-19 ~ 19 Do you still remember the nice command we sent in program management ?! Yes! This is the thing! The smaller the number (numeric value) indicates that the program is first written! Serverprogram
The full domain name indicates the dynamic program of this service! For example, if you want to activate telnet, it is actually in. telnetd! So at this time Server =/usr/sbin/in. telnetd Server_argsprogram
Some data records should be imported into some data records that need to be imported to your server! For example, in. telnetd, we can add some additional data! Log_on_successPID
HOST
USERID
EXIT
DURATION after "successful login", you need to remember the metric: PID is the process ID when the server is updated, when the HOST is the IP address of the HOST, the USERID is the login destination, and the EXTI is enabled, how long does the DURATION take for the user to use this service? Log_on_failureHOST
USERID
ATTEMPT
RECORD is the destination of syslog login after login failure: the HOST is the IP address of the HOST, USERID is the login Login User, ATTEMPT is the intention of the enterprise that logs on to the lost user, and RECORD is the information of the lost user's host! And the reason why the local server cannot be moved! Commands such as login, shell, exec, and finger can be used here! (Basically, it can be stored in/etc/hosts. allow or/etc/hosts. deny internal ). Set the destination: env 'name = value' to allow you to set the destination data, the setting rules of environment change can be used to understand BASH Shell. In portnumber, you can set different services and corresponding ports, however, remember that your port and service name must be the same as the/etc/services internal record! RedirectIP_Address port redirects the client's requirements for our server to another host! Haha! This is fun! For example, when someone wants to use your ftp, you can upload it to another machine! That IP_Address represents the IP address of another local host! Includedirdirectory indicates that xinetd. conf is provided to all the cases under a certain project! This is much more useful, so that we can set different targets one by one! Instead, you do not need to allocate all services to xinetd. conf! You can find this setting in/etc/xinetd. conf! Security Control goals: bindIP_Address this is to set the "allow this server adapter! In another example, your Linux host has two IP addresses, but you only want IP1 to use this service, but IP2 cannot, now you can import IP1! So IP2 cannot use this server role interfaceIP_Address, which is the same as bind only_from0.0.0.0
192.168.1.0/24
Host_name
Domain_name is used in the security mechanism, that is, to control "only the specified IP address or host name can be accessed !』 If it is 0.0.0.0, all the PCs can be logged on. If it is 192.168.1.0/24, it indicates the domain of the C class! That is, from 192.168.1.1 ~ You can log on to 192.168.1.255! In addition, you can also select your domain name, such as .ev.ncku.edu.tw, to allow a large worker network IP address to log on to your host and use the server! No_access0.0.0.0
192.168.1.0/24
Host_name
Domain_name is similar to only_from! It is used to manage whether your Linux host can access the management targets of your server services! No_access indicates that the PC cannot be logged on! Access_times00: 00-12: 00
HH: MM-HH: MM this item sets the "time when the server is dynamic" and uses the 24-hour setting! For example, if you want to open ftp at to, it will be. Umask000
777
022 Do you still remember the umask mentioned in the copyright statement? Haha! No! That's the ghost! Users can be set up to set the consistency of the project or case! The recommended system value is 022.
OK! Let's use the above data to establish the settings of some of our services! Let's take a look at the setting method below! We have said that when super daemon is used to manage the host, the biggest advantage is that there is an additional manual for management. Therefore, we can perform more traffic control operations than manual operations, as we mentioned in the last small article, we can see some clues. Here, we have a simple example to illustrate how to manage the entire super daemon! However, to set telnet, you must install telnet. In the FC4 version, we installed the telnet-server-0.17-35 package information. Please install it in rpm first! Pai_^
The/etc/xinetd. d/telnet content set in the hosts file is as follows:

[Root @ linux ~] # Vi/etc/xinetd. d/telnetservice telnet {flags = REUSE <= external users use REUSE socket_type = stream <= use the TCP packet format wait = no <= multiple users during the same time, the user = root <= The initiator is set to root server =/usr/sbin/in. telnetd <== this program is used! Log_on_failure + = USERID <= If you log on to zookeeper, log on to the maxcompute console and use the user ID disable = yes <= This service has been configured !}

In fact, the main metric data can be taken into the small metric table, or you can directly use "man xinetd. conf" to check the metric! However, if you are not interested in such settings, you can also manually modify them! As we know, telnet is not a very safe service. The login machine can take the test on the slave end of the server article to check the server. Therefore, if you want more security mechanisms, for example, if you want to make telnet between the local network and the Internet, for example:

• Part of the Multi-permission option for the internal domain:
  On a false Linux host, there are two network cards. The IP address in the host is 192.168.1.100, And the logon function is provided for the network segment 192.168.1.0/24. Then, all the rights related to telnet will be enabled, including the total amount of traffic and bandwidth. However, the IP addresses 192.168.1.120 and 192.168.1.130 Do Not Allow logon;
• Restrictions on external network regions:
  The external IP address is set to 140.116.44.125, and allows the south-Taiwan Campus Network (140.116.0.0/16), as well as the primary machine name of the Education Sector (.edu.tw, opening and releasing: 1 ~ And 20 ~ 24. In addition, a maximum of 10 shards can be imported.

In such a case, I can change/etc/xinetd. d/telnet on the top of the login:

[Root @ linux ~] # Vi/etc/xinetd. d/telnet # set the limits on the content as follows: service telnet {disable = no <= The active telnet Server bind = 192.168.1.100 <= only allow the packets from this adapter to only_from = 192.168.1.0/24 <= only allow the host of the CIDR Block 192.168.0.0/24 to access the service no_access = 192.168.1 using telnet. {120,130} <= maybe these PCs are logged on to instances = UNLIMITED <= at the same time, there is no limit on allowed hosts! Nice = 0 <= used bytes first sorted bytes high flags = REUSE <= External Use Data socket_type = stream <= used for tcp Packets wait = no <= no need to wait, multiple concurrent user = root <= user identity of the mobile program server =/usr/sbin/in. telnetd <= server_args =-a none <= log_on_failure + = USERID <= login Login Time of the preceding program, remember to write down the content} # try again to restrict external content! Service telnet {disable = no <= The active telnet Server bind = 140.116.44.125 <= only allow only_from = 140.116.0.0/16 <= only 140.116.0.0 ~ 140.116.0000255 is used to access the telnet service only_from = .edu.tw <= reset the settings. Only the tutorial community can renew the settings! Access_times =--<= only the current two hours of service umask = 022 <= the default setting instances when the primary case is created = 10 <= at the same time, only 10 images nice = 10 <= The number of tables used in the descending order of use flags = REUSE <= external memory usage socket_type = stream <= use the zookeeper wait = no commonly used tcp packets. <= no need to wait, multiple concurrent user = root <= user identity of the mobile program server =/usr/sbin/in. telnetd <= server_args =-a none <= log_on_failure + = USERID <= login Login Time of the preceding program, to remember the content}

In the preceding example, we use a lot of web IP address display methods, including 192.168.1.0/24 and 140.116.0.0/16, which represent "192.168.1.0 ~ All IP addresses of 192.168.1.255 and "140.116.0.0 ~ 140.116.255.255 all IP addresses "More specifically, we will refer to them in the server article. After this setting value is used, you will find that your telnet bandwidth is used for the two network segments! After the design is complete, the xinetd depends on it. Therefore, the dynamic mode and observation mode are as follows:

# If your telnet has an active connection, then it will appear that a temporary connection exists in your system [root @ linux ~]. # Netstat-tulnpActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 0.0.0.0: 23 0.0.0.0: * LISTEN 19255/xinetd # See! It's the xinetd's program name! # After modifying/etc/xinetd. d/telnet again, check whether the method of re-activation is [root @ linux ~]. #/Etc/init. d/xinetd restart [root @ linux ~] # Netstat-tulnpActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 140.116.44.125: 23 0.0.0.0: * LISTEN 19281/xinetdtcp 0 0 192.168.1.100: 23 0.0.0.0: * LISTEN 19281/xinetd # Are there any interfaces ~ Besides, the PID will be the same!