Linux server security policy details (7)

Article Title: Linux server security policy details (7 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

4.3 xinetd

4.3.1 what is xinetd

Xinetd is extended internet daemon. xinetd is a new-generation network daemon service program, also called a super Internet server. It is often used to manage a variety of lightweight Internet services. Xinetd provides functions similar to inetd + tcp_wrapper, but is more powerful and secure.

4.3.2 xinetd features

　1. Powerful access control functions

-Built-in differential treatment settings for malicious and malicious users.

-Libwrap is supported, which is more efficient than tcpd.

-You can limit the connection level, host-based connections, and service-based connections.

-Set a specific connection time.

-Set a service to a specific host to provide services.

2. effectively prevent DoS Attacks

-You can limit the connection level.

-You can limit the maximum number of connections of a host to prevent a host from occupying a service exclusively.

-You can limit the size of log files to prevent disk space from being filled up.

3. Powerful log Functions

-You can set the log level for each service.

-If syslog is not used, you can create a log file for each service.

-The request start time and end time can be recorded to determine the access time of the other party.

-You can record requests that attempt to access the website illegally.

4. Steering Function

You can forward client requests to another host for processing.

5. IPv6 support

Xinetd versions starting with xinetd 2.1.8.8pre * Support IPv6 by using the with-inet6 capability option in the./configure script. Note that the core and network must support IPv6. Of course, IPv4 is still supported.

 

[1] [2] [3] [4] [5] [6] Next page