LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-13-2005, 02:45 PM   #1
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Rep: Reputation: 15
xinetd - What is it?


Hi there?
Iīd like to know what is xinetd. Let me explain why this all of a sudden.

I recently was configuring my vsFTPd following the installing via RPM link. And everything went fine except that I didnīt follow this section "If you are running xinetd, do the following:" because I tried by myself to make it work as a service. The thing is that when I shut down the linuxbox, a lot of services failed to stop and the vsftpd failed to unload even manually (./vsftpd stop). So I went for the xinetd configuration, made everything the tutorial said and everything worked fine. Anyway it doesnīt work as a service. It is permanently working on my machine without being a service. Now, when I shut down the machine, every service unloads correctly so I prefer it like this.

But I donīt understand a single line, I donīt know what the lines do within my linux and I donīt understand what xinetd is... Here are the lines I stated on the vsftpd files inside xinetd.d folder:

service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10
}


Iīd like to know what each line does and what is xinetd!!!
Thanks.
 
Old 09-13-2005, 03:03 PM   #2
nayabingi
Member
 
Registered: Jul 2004
Location: Atlanta , United States
Distribution: CentOS 5
Posts: 31

Rep: Reputation: 15
Palula,
xinetd is a tcp wrapper super service. It can be use to control access to network services. The link below will provide details on TCP Wrapper and xinetd. If you want to dive right into what xinetd is you can go to the second link.

http://www.ms.washington.edu/Docs/Li...pwrappers.html
http://www.ms.washington.edu/Docs/Li...rs-xinetd.html
 
Old 09-13-2005, 03:06 PM   #3
Hobbletoe
Member
 
Registered: Sep 2004
Location: Dayton, Oh
Distribution: Linux Mint 17
Posts: 150

Rep: Reputation: 18
Xinetd is like inetd, but more configurable (or at least I feel it is). I replaced inet on our Solaris boxes with xinetd, and it works splendedly for us. We currently run telnet and ftp on one box, as well as ssh through it.

One fun thing that we did was to leave FTP open on a few of our servers, but as a sensor only. That way, if anything hits FTP on that machine, it locks that IP out of all of the services that are open on that machine through xinetd. And as we get security scans occasionally, it blocks a LOT of TCP Wrapper denials for us since any request against a service through xinetd gets dropped as soon as xinetd sees it.

ANYway, what the lines do ...

disable ... tells xinet to run this service or not. Yes means do NOT run it, no means to run it. (Another way to stop a service from running is to append a ~ to the file name in the /etc/xinetd.d directory I.e. ftp~)

socket_type ... don't really know as I never really got into networking and the like. I think the man page explains it though.

wait ... determines if the service runs single or multi-thread. Yes means that the service will start on a request, but will not start another request until the first is done. No means that you can have more than one going.

user ... who to start the service as.

server ... what service to start.

nice ... what priority the service has on the system. man nice for more info.

Oh, and be sure to man xinetd and xinetd.conf for more information. Some other links to check ...

http://www.linuxfocus.org/English/No...ticle175.shtml

http://www.xinetd.org

http://man.linuxquestions.org/?query...pe=2&section=5
 
Old 09-13-2005, 03:09 PM   #4
bosewicht
Senior Member
 
Registered: Aug 2003
Location: Honolulu, HI
Distribution: Arch
Posts: 1,380

Rep: Reputation: 47
There are a lot of sites out there that explains what xinetd is and what those lines mean. Another thing to try is google.


xinetd

The xinetd daemon is a TCP wrapped super service which controls access to a subset of popular network services including FTP, IMAP, and Telnet. It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.

When a client host attempts to connect to a network service controlled by xinetd, the super service receives the request and checks for any TCP wrappers access control rules. If access is allowed, xinetd verifies that the connection is allowed under its own access rules for that service and that the service is not consuming more than its alloted amount of resources or in breach of any defined rules. It then starts an instance of the requested service and passes control of the connection to it. Once the connection is established, xinetd does not interfere further with communication between the client host and the server.

Service is telling you what it is.

disable
"yes" or "no". This will result in the service being disabled and not starting..

socket_type
Possible values include:

stream
stream-based service

dgram
datagram-based service

raw
service that requires direct access to IP

seqpacket
service that requires reliable sequential datagram transmission

wait
This attribute determines if the service is single-threaded or multi-threaded and whether or not xinetd accepts the connection or the server program accepts the connection. If its value is yes, the service is single-threaded; this means that xinetd will start the server and then it will stop handling requests for the service until the server dies and that the server software will accept the connection. If the attribute value is no, the service is multi-threaded and xinetd will keep handling new service requests and xinetd will accept the connection. It should be noted that udp/dgram services normally expect the value to be yes since udp is not connection oriented, while tcp/stream servers normally expect the value to be no.

user
determines the uid for the server process. The user attribute can either be numeric or a name. If a name is given (recommended), the user name must exist in /etc/passwd. This attribute is ineffective if the effective user ID of xinetd is not super-user.

server
determines the program to execute for this service.

nice
determines the server priority. Its value is a (possibly negative) number.
 
Old 09-14-2005, 12:43 PM   #5
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Original Poster
Rep: Reputation: 15
Nice! I read somethings about xinetd and intend to read a lot more since it can provide security to my online services... But I have a small question, almost useless...

Okay so I start some of my services through /etc/rc.d/init.d/service (I think itīs this).
For example: I enter that folder, and type ./service start/stop/restart

My question is: Are there automated forms like this to start/stop/restart a service within xinetd?

Thanks a lot!!!
 
Old 09-14-2005, 02:30 PM   #6
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,326
Blog Entries: 4

Rep: Reputation: 2839Reputation: 2839Reputation: 2839Reputation: 2839Reputation: 2839Reputation: 2839Reputation: 2839Reputation: 2839Reputation: 2839Reputation: 2839Reputation: 2839
xinetd is a sort of "super listener."

When some process wants to connect to a service on your computer, they will ask to open a well-known port number. For example, http requests (for web pages) will always be made to port #80. FTP, SSH, Telnet, and so-on all have their own ports (see /etc/services).

It would be possible, but wasteful, to have a whole bunch of server processes sitting around idle, each waiting for a connection on "their" port. What Xinetd does instead is to wait for a connection on all of those port-numbers at once. When a valid connection request comes in, Xinetd will start the appropriate service, then pass the connection request to it. The advantage is that Linux only has to deal with one process, Xinetd, to wait for potential connections on many ports.
 
Old 09-14-2005, 08:47 PM   #7
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,374

Rep: Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383
In addition to the above explanations, the usual rule of thumb is that if the listening service will be accessed rarely, the use xinetd to control it.
On the other hand, if it's going to be busy eg you have a popular website, then make the service (Apache: ports 80, 443) a standalone daemon ie not via xinetd.
 
Old 09-15-2005, 10:54 AM   #8
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Original Poster
Rep: Reputation: 15
Thanks a lot.

The services I have on my machine will be rarely accessed so the use of Xinetd suits well right? Thanks a lot.
 
Old 09-15-2005, 08:48 PM   #9
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,374

Rep: Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383
Just make sure you disable any entries in etc/xinetd.d/ that you don't want to run ie never run a service unless you positively want to; more secure.
 
Old 09-16-2005, 12:42 AM   #10
Electro
LQ Guru
 
Registered: Jan 2002
Posts: 6,042

Rep: Reputation: Disabled
It is better to use iptables instead of xinetd. xinetd has problems with certain services such as ssh and apache. It is better to just run them at certain schedules using cron. If you setup the services and iptables correctly, then you do not have to use xinetd. Use xinetd as little as possible because it also uses a port that can be compromise.
 
Old 06-25-2007, 06:51 AM   #11
apj_iitr
LQ Newbie
 
Registered: Jun 2007
Posts: 2

Rep: Reputation: 0
Problem with

hi ,
I'm trying to access CVS on server from remote system i get the following error message ,
******************************************
Logging in to server:admin@localhost:2401/home/cvs/repository
CVS password:
cvs [login aborted]: connect to localhost(127.0.0.1):2401 failed: Connection refused
********************************************

when i did the root cause analysis i found that the service xinetd is not working properly

[root@WiproODC admin]# /sbin/service xinetd status
xinetd is stopped
[root@WiproODC admin]# /sbin/service xinetd stop
Stopping xinetd: [FAILED]
[root@WiproODC admin]# /sbin/service xinetd start
Starting xinetd: [ OK ]


so i could not figure out what is wrong with the service

can you please help me to solve this issue ?

regards
apj
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Xinetd michaelford Linux - General 7 04-18-2012 02:33 AM
xinetd cootetom SUSE / openSUSE 5 02-20-2005 04:58 AM
xinetd iftiuk Linux - Networking 2 04-20-2004 01:26 PM
Xinetd dead --xinetd dead but pid file exists hillxy Linux - General 1 04-15-2004 02:10 PM
xinetd.d Tigger Linux - Newbie 33 06-21-2003 12:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration