xinetd

From Wikipedia, the free encyclopedia

This article needs additional citations for verification. Please help improve this article
by adding citations to reliable sources. Unsourced material may be challenged and
removed. (April 2011) (Learn how and when to remove this template message)
xinetd
Developer(s) Rob Braun
Stable release 2.3.15 / 9 May 2012; 5 years ago
Written in C, Shell[1]
Operating system Unix-like
Type Daemon
License Open source[2]
web.archive.org/web/20051227095035/http://www.xinetd.org:80/[dead
Website link]

In computer networking, xinetd (extended Internet daemon), an open-source super-server

daemon,[3] runs on many Unix-like systems and manages Internet-based connectivity.

It offers a more secure alternative to the older inetd ("the Internet daemon"), which most modern
Linux distributions have deprecated.[4]

Contents
1 Description
2 Configuration
3 References
4 External links

Description
xinetd listens for incoming requests over a network and launches the appropriate service for that
request.[5] Requests are made using port numbers as identifiers and xinetd usually launches
another daemon to handle the request. It can be used to start services with both privileged and
non-privileged port numbers.

xinetd features access control mechanisms such as TCP Wrapper ACLs, extensive logging
capabilities, and the ability to make services available based on time. It can place limits on the
number of servers that the system can start, and has deployable defense mechanisms to protect
against port scanners, among other things.
On some implementations of Mac OS X, this daemon starts and maintains various Internet-
related services, including FTP and telnet. As an extended form of inetd, it offers enhanced
security. It replaced inetd in Mac OS X v10.3, and subsequently launchd replaced it in Mac OS
X v10.4. However, Apple has retained inetd for compatibility purposes.

Configuration
Configuration of xinetd resides in the default configuration file /etc/xinetd.conf and
configuration of the services it supports reside in configuration files stored in the /etc/xinetd.d
directory. The configuration for each service usually includes a switch to control whether xinetd
should enable or disable the service.

An example configuration file for the RFC 868 time server:

# default: off
# description: An RFC 868 time server. This protocol provides a
# site-independent, machine readable date and time. The Time service sends
back
# to the originating source the time in seconds since midnight on January
first
# 1900.
# This is the tcp version.
service time
{
disable = yes
type = INTERNAL
id = time-stream
socket_type = stream
protocol = tcp
user = root
wait = no
}

# This is the udp version.

service time
{
disable = yes
type = INTERNAL
id = time-dgram
socket_type = dgram
protocol = udp
user = root
wait = yes
}

The lines with the "#" character at the beginning are comments without any effect on the service.
There are two service versions the first one is based on the Transmission Control Protocol (TCP),
the second one is based on the User Datagram Protocol (UDP). The type and planned usage of a
service determines the necessary core protocol. In a simple way, the UDP can not handle huge
data transmissions, because it lacks the abilities to rearrange packages in a specified order or
guarantee their integrity, but it is faster than TCP. TCP has these functions, but it is slower.
There are two column in each versions inside the Braces. The first is the type of option, the
second is the applied variable.

The disable option is a switch to run a service or not. In most cases the default state is yes. To
activate the service change it to no.

There are three types of services. The type is INTERNAL if the service is provided by xinetd,
RPC when it based on Remote procedure call, they are commonly listed in the /etc/rpc file, or it
can be UNLISTED when the service is neither in the /etc/services nor in the /etc/rpc files.

The id is the unique identifier of the service.

The socket_type determines the way of data transmission through the service. There are three
types: stream, dgram and raw. This last one is useful, when we want to establish a service based
on a non-standard protocol.

With the user option it is possible to choose a user to be the owner of the running service. It is
highly recommended to choose a non-root user for security reasons.

When the wait is on yes the xinetd will not receive request for the service if it has a connection.
So the number of connections is limited to one. It provides very good protection when we want
to establish only one connection per time.

There are many more options available for xinetd. In most Linux distributions the full list of
possible options and their description is accessible with a "man xinetd.conf" command.

To apply the new configuration a SIGHUP signal must be sent to the xinetd process to make it
re-read the configuration files. This can be achieved with the following command: kill -
SIGHUP "PID". PID is the actual process identifier number of the xinetd, which can be obtained
with the command pgrep xinetd.[6][7]

References
1.

"xinetd-org/xinetd". Retrieved 2014-07-10.

"COPYRIGHT". 2003-02-19. Retrieved 2014-07-10.
Wells, Nicholas (2000). "4: Using Simple Network Services". Guide to Linux Installation
and Administration. 1. Boston, Massachusetts: Cengage Learning EMEA. p. 167.
ISBN 9780619000974. Retrieved 2017-07-03. [...] the superserver (also called a metaserver)
[...] listens on multiple network ports and starts the appropriate service when a client connection
arrives for that port. The most widely used superserver program is called inetd, for Internet
daemon. Another superserver that is gaining in popularity is xinetd, for extended Internet
daemon [...].
 Smith, Roderick W. (2001). "Networking". Linux Study Guide. Sybex Press. p. 365. ISBN 0-
7821-2939-0.
Negus, C. (2002). "Running Network Services". Red hat Linux 8 Bible. Wiley Publishing
Inc. p. 1007. ISBN 0-7645-4968-5.
Linux man page: xinetd.conf(5) http://linux.die.net/man/5/xinetd.conf
Pere, Lszl (2005). "Hlozati szolgltatsok". GNU/Linux rendszerek zemeltetse II.
Kiskapu Kft. (Hungary). pp. 107136. ISBN 963-9301-98-1.

XINETD - Extended Internet Daemon

April 16, 2017

I was recently looking into ways to provide ssh access inside linux network namespaces and
came across xinetd. So I decided to dig more into it. Noting it down here so that I can refer it
back.

XINETD
Its basically a daemon that listens for network requests and services them by spawning more
processes.

The master configuration for xinetd lives in /etc/xinetd.conf. Each service managed by
xinetd has a configuration file in /etc/xinetd.d/.

Each network service is listed in /etc/services that xinetd could potentially manage.

Lets look at an example from one of the services in /etc/xinetd.d/ to see how it works:

An echo service
This was a default service that was present on my RHEL6 box. There were lots of settings in this
file which were basically commented. Most of them were self explanatory, so I have omitted
them for brevity.

$ sudo cat /etc/xinetd.d/echo-stream

# This is the configuration for the tcp/stream echo service.

service echo
{
# This is for quick on or off of the service
disable = yes

# The next attributes are mandatory for all services

id = echo-stream
type = INTERNAL
wait = no
socket_type = stream
# protocol = socket type is usually enough

echo service simply provides an echo service (duh). But what port does it listen to? The port can
be checked in /etc/services file, search for echo in file, and on my machine it had an entry
that looked like this:

$ sudo cat /etc/services | grep echo

echo 7/tcp

The connection will fail, if you try to connect to this port, since the disabled is set to yes in the
above configuration file.

$ telnet 172.22.210.126 7
Trying 172.22.210.126...
telnet: connect to address 172.22.210.126: Connection refused
telnet: Unable to connect to remote host

Lets enable the service by setting disable = no in /etc/xinetd.d/echo-stream. In addition,

youd need to restart the xinetd service.

$ sudo service xinetd restart

Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]

Now again, lets try to connect to service.

$ telnet 172.22.210.126 7
Trying 172.22.210.126...
Connected to angoyal-ld2.linkedin.biz.
Escape character is '^]'.
hola <---- I said hola to Server.
hola ----> Server said hola back.
^]
telnet> q
Connection closed.

Sweet.

You can use xinetd to run your own network service and have full control. I have some ideas
which Ill document if they work.

So long.