Implementation of RedHat-Wrapper and xinetd (3)

Article title: RedHat-Wrapper and xinetd implementation (3 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Editor: Wrapper and xinetd are access restrictions for Linux. In the first article, we introduced the basic principle and the method for installing and compiling. in the second article, we will give you a closer look at its configuration. If you don't see it, you can read the related articles at the bottom of the page. Today we will talk about some examples for your understanding and understanding. Finally, we mention log management.
Configure an instance
1. defaults configuration
　　
[Example 1]/etc/xinetd. conf
　　
# Simple configuration file for xinetd
　　
# Some ULTS ults, and include/etc/xinetd. d/
　　
　　
　　
ULTS
　　
{
　　
Instances = 60
　　
Log_type = SYSLOG authpriv
　　
Log_on_success = HOST PID
　　
Log_on_failure = HOST
　　
Cps = 25 30
　　
}
　　
Includedir/etc/xinetd. d
　　
　　
　　
　　
Explanation: RedHat 7. the recommended configuration method of x is not to write all service items in one file,/etc/xinetd. conf is used as the default configuration file,/etc/xinetd. each file under the d directory corresponds to a service. As mentioned above, the default settings apply to all services. as a result, we can see that the above settings set 60 instances for all services and set the log mode to SYSLOG authpriv, HOST and PID are recorded when logon is successful, and only HOST is recorded when logon fails,
　　
A maximum of 25 connections can be processed per second. if the number of connections exceeds this limit, the process will continue after 30 seconds. The Includedir command specifies that the Directory of the configuration file is/etc/xinetd. d.
　　
　　
　　
2. telnet configuration
[Example 1]/etc/xinetd. d/telnet
　　
# Default: on
　　
# Description: The telnet server serves telnet sessions; it uses
# Unencrypted username/password pairs for authentication.
　　
Service telnet
　　
{
　　
Disable = no
　　
Flags = REUSE
　　
Socket_type = stream
　　
Wait = no
　　
User = root
　　
Instances = 10
　　
Server =/usr/sbin/in. telnetd
　　
Log_on_failure + = USERID
　　
Rlimit_as = 8 M
　　
Rlimit_cpu = 20
　　
}
　　
　　
Explanation:
　　
1. the setting of instances overwrites the setting of the ULTS item;
　　
2. the log_on_failure attribute is added with the USERID based on the ULTS item.
　　
3. set resource limits for the TELNET service. The maximum available memory is 8 MB, and the CPU processes 20 processes per second.
3. echo configuration
　　
[Example 3.1]/etc/xinetd. d/echo
　　
# Default: off
　　
# Description: An echo server. This is the tcp
# Version.
　　
Service echo
　　
{
　　
Disable = yes
　　
Type = INTERNAL
　　
Id = echo-stream
　　
Socket_type = stream
　　
Protocol = tcp
　　
User = root
　　
Wait = no
　　
}
　　
　　
　　
　　
[Example 3.2]/etc/xinetd. d/echo-udp
　　
# Default: off
　　
# Description: An echo server. This is the udp
# Version.
　　
Service echo
　　
{
　　
Disable = yes
　　
Type = INTERNAL UNLISTED
　　
Id = echo-dgram
　　
Socket_type = dgram
　　
Protocol = udp
　　
User = root
　　
Wait = yes
　　
Port = 7
　　
}
　　
　　
　　
Explanation: because their service names are the same, but the socket type is different, the id attribute is used to differentiate them.
　　
4. RPC service example
　　
[Example 4]/etc/xinetd. d/rstatd
　　
Service rstatd
　　
{
　　
Type = RPC
　　
Socket_type = dgram
　　
Protocol = udp
　　
Server =/usr/etc/rpc. rstatd
　　
Wait = yes
　　
User = root
　　
Rpc_version = 2-4
　　
Env = LD_LIBRARY_PATH =/etc/securelib
　　
}
　　
　　
　　
　　
　　
　　
5. Custom Service configuration example
[Example 4]/etc/xinetd. d/sample
　　
Service sample
　　
{
　　
Type = UNLISTED
　　
Socket_type = stream
　　
Protocol = tcp
　　
Server =/usr/bin/sample
　　
Port = 20020
　　
}
　　
Xinetd process
　　
1. start and stop:
If you are using the default installation of 7.x:
　　
/Etc/rc. d/init. d/xinetd start
　　
/Etc/rc. d/init. d/xinetd stop
　　
/Etc/rc. d/init. d/xinetd restart
　　
/Etc/rc. d/init. d/xinetd reload
　　
Or
　　
/Sbin/service xinetd start
　　
/Sbin/service xinetd stop
　　
/Sbin/service xinetd restart
　　
/Sbin/service xinetd reload
　　
　　
　　
If you are using a self-compiled installation on 6.x:
　　
　　
　　
You need to create the xinetd startup script by yourself:
　　
Touch/var/run/xinetd. pid
　　
Touch/var/lock/subsys/xinetd
　　
Chmod 755/etc/rc. d/init. d/xinetd
　　
　　
　　
You can use the following command to control the process:
　　
/Etc/rc. d/init. d/xinetd start
　　
/Etc/rc. d/init. d/xinetd stop
　　
/Etc/rc. d/init. d/xinetd restart
　　
/Etc/rc. d/init. d/xinetd reload
　　
　　
　　
Vi/etc/rc. d/init. d/xinetd
　　
# The file content is as follows:
　　
/Etc/rc. d/init. d/xinetd file content
　　
#! /Bin/bash
　　
　　
　　
#
　　
　　
　　
# Xinetd This starts and stops xinetd.
　　
　　
　　
#
　　
　　
　　
# Chkconfig: 345 56 50
　　
　　
　　
# Description: xinetd is a powerful replacement for inetd.
　　
　　
# Xinetd has access control machanisms, extensive
　　
　　
# Logging capabilities, the ability to make services
　　
　　
# Available based on time, and can place
　　
　　
# Limits on the number of servers that can be started,
　　
　　
# Among other things.
　　
　　
　　
#
　　
　　
　　
# Processname:/usr/sbin/xinetd
　　
　　
　　
# Config:/etc/sysconfig/network
　　
　　
　　
# Config:/etc/xinetd. conf
　　
　　
　　
# Pidfile:/var/run/xinetd. pid
　　
　　
　　
Prog = "xinetd"
　　
　　
　　
PATH =/sbin:/bin:/usr/sbin
　　
　　
　　
# Source function library.
　　
　　
　　
./Etc/rc. d/init. d/functions
　　
　　
　　
# Get config.
　　
　　
　　
Test-f/etc/sysconfig/network &./etc/sysconfig/network
　　
　　
　　
# Check that networking is up.
　　
　　
　　
[$ {NETWORKING} = "yes"] | exit 0
　　
　　
　　
[-F/usr/sbin/xinetd] | exit 1
　　
　　
　　
[-F/etc/xinetd. conf] | exit 1
　　
　　
　　
RETVAL = 0
　　
　　
　　
Start (){
　　
　　
　　
Echo-n $ "Starting $ prog :"
　　
　　
　　
# Need to get rid of localization for external services-
　　
　　
　　
# It doesn't make much sense to have i18n on the server side here
　　
　　
　　
LANG = en_US
　　
　　
　　
LC_TIME = en_US
　　
　　
　　
LC_ALL = en_US
　　
　　
　　
LC_MESSAGES = en_US
　　
　　
　　
LC_NUMERIC = en_US
　　
　　
　　
LC_MONETARY = en_US
　　
　　
　　
LC_COLLATE = en_US