Implementation of RedHat-Wrapper and xinetd (3)

Source: Internet
Author: User
Article title: RedHat-Wrapper and xinetd implementation (3 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Editor: Wrapper and xinetd are access restrictions for Linux. In the first article, we introduced the basic principle and the method for installing and compiling. in the second article, we will give you a closer look at its configuration. If you don't see it, you can read the related articles at the bottom of the page. Today we will talk about some examples for your understanding and understanding. Finally, we mention log management.
Configure an instance
1. defaults configuration
  
[Example 1]/etc/xinetd. conf
  
# Simple configuration file for xinetd
  
# Some ULTS ults, and include/etc/xinetd. d/
  
  
  
ULTS
  
{
  
Instances = 60
  
Log_type = SYSLOG authpriv
  
Log_on_success = HOST PID
  
Log_on_failure = HOST
  
Cps = 25 30
  
}
  
Includedir/etc/xinetd. d
  
  
  
  
Explanation: RedHat 7. the recommended configuration method of x is not to write all service items in one file,/etc/xinetd. conf is used as the default configuration file,/etc/xinetd. each file under the d directory corresponds to a service. As mentioned above, the default settings apply to all services. as a result, we can see that the above settings set 60 instances for all services and set the log mode to SYSLOG authpriv, HOST and PID are recorded when logon is successful, and only HOST is recorded when logon fails,
  
A maximum of 25 connections can be processed per second. if the number of connections exceeds this limit, the process will continue after 30 seconds. The Includedir command specifies that the Directory of the configuration file is/etc/xinetd. d.
  
  
  
2. telnet configuration
[Example 1]/etc/xinetd. d/telnet
  
# Default: on
  
# Description: The telnet server serves telnet sessions; it uses
# Unencrypted username/password pairs for authentication.
  
Service telnet
  
{
  
Disable = no
  
Flags = REUSE
  
Socket_type = stream
  
Wait = no
  
User = root
  
Instances = 10
  
Server =/usr/sbin/in. telnetd
  
Log_on_failure + = USERID
  
Rlimit_as = 8 M
  
Rlimit_cpu = 20
  
}
  
  
Explanation:
  
1. the setting of instances overwrites the setting of the ULTS item;
  
2. the log_on_failure attribute is added with the USERID based on the ULTS item.
  
3. set resource limits for the TELNET service. The maximum available memory is 8 MB, and the CPU processes 20 processes per second.
3. echo configuration
  
[Example 3.1]/etc/xinetd. d/echo
  
# Default: off
  
# Description: An echo server. This is the tcp
# Version.
  
Service echo
  
{
  
Disable = yes
  
Type = INTERNAL
  
Id = echo-stream
  
Socket_type = stream
  
Protocol = tcp
  
User = root
  
Wait = no
  
}
  
  
  
  
[Example 3.2]/etc/xinetd. d/echo-udp
  
# Default: off
  
# Description: An echo server. This is the udp
# Version.
  
Service echo
  
{
  
Disable = yes
  
Type = INTERNAL UNLISTED
  
Id = echo-dgram
  
Socket_type = dgram
  
Protocol = udp
  
User = root
  
Wait = yes
  
Port = 7
  
}
  
  
  
Explanation: because their service names are the same, but the socket type is different, the id attribute is used to differentiate them.
  
4. RPC service example
  
[Example 4]/etc/xinetd. d/rstatd
  
Service rstatd
  
{
  
Type = RPC
  
Socket_type = dgram
  
Protocol = udp
  
Server =/usr/etc/rpc. rstatd
  
Wait = yes
  
User = root
  
Rpc_version = 2-4
  
Env = LD_LIBRARY_PATH =/etc/securelib
  
}
  
  
  
  
  
  
5. Custom Service configuration example
[Example 4]/etc/xinetd. d/sample
  
Service sample
  
{
  
Type = UNLISTED
  
Socket_type = stream
  
Protocol = tcp
  
Server =/usr/bin/sample
  
Port = 20020
  
}
  
Xinetd process
  
1. start and stop:
If you are using the default installation of 7.x:
  
/Etc/rc. d/init. d/xinetd start
  
/Etc/rc. d/init. d/xinetd stop
  
/Etc/rc. d/init. d/xinetd restart
  
/Etc/rc. d/init. d/xinetd reload
  
Or
  
/Sbin/service xinetd start
  
/Sbin/service xinetd stop
  
/Sbin/service xinetd restart
  
/Sbin/service xinetd reload
  
  
  
If you are using a self-compiled installation on 6.x:
  
  
  
You need to create the xinetd startup script by yourself:
  
Touch/var/run/xinetd. pid
  
Touch/var/lock/subsys/xinetd
  
Chmod 755/etc/rc. d/init. d/xinetd
  
  
  
You can use the following command to control the process:
  
/Etc/rc. d/init. d/xinetd start
  
/Etc/rc. d/init. d/xinetd stop
  
/Etc/rc. d/init. d/xinetd restart
  
/Etc/rc. d/init. d/xinetd reload
  
  
  
Vi/etc/rc. d/init. d/xinetd
  
# The file content is as follows:
  
/Etc/rc. d/init. d/xinetd file content
  
#! /Bin/bash
  
  
  
#
  
  
  
# Xinetd This starts and stops xinetd.
  
  
  
#
  
  
  
# Chkconfig: 345 56 50
  
  
  
# Description: xinetd is a powerful replacement for inetd.
  
  
# Xinetd has access control machanisms, extensive
  
  
# Logging capabilities, the ability to make services
  
  
# Available based on time, and can place
  
  
# Limits on the number of servers that can be started,
  
  
# Among other things.
  
  
  
#
  
  
  
# Processname:/usr/sbin/xinetd
  
  
  
# Config:/etc/sysconfig/network
  
  
  
# Config:/etc/xinetd. conf
  
  
  
# Pidfile:/var/run/xinetd. pid
  
  
  
Prog = "xinetd"
  
  
  
PATH =/sbin:/bin:/usr/sbin
  
  
  
# Source function library.
  
  
  
./Etc/rc. d/init. d/functions
  
  
  
# Get config.
  
  
  
Test-f/etc/sysconfig/network &./etc/sysconfig/network
  
  
  
# Check that networking is up.
  
  
  
[$ {NETWORKING} = "yes"] | exit 0
  
  
  
[-F/usr/sbin/xinetd] | exit 1
  
  
  
[-F/etc/xinetd. conf] | exit 1
  
  
  
RETVAL = 0
  
  
  
Start (){
  
  
  
Echo-n $ "Starting $ prog :"
  
  
  
# Need to get rid of localization for external services-
  
  
  
# It doesn't make much sense to have i18n on the server side here
  
  
  
LANG = en_US
  
  
  
LC_TIME = en_US
  
  
  
LC_ALL = en_US
  
  
  
LC_MESSAGES = en_US
  
  
  
LC_NUMERIC = en_US
  
  
  
LC_MONETARY = en_US
  
  
  
LC_COLLATE = en_US
  
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.