Thursday, February 4, 2010

Xinetd the super server

Xinetd performs the same function as inetd: it starts programs that provide Internet services. Instead of having such servers started at system initialization time, and be dormant until a connection request arrives, xinetd is the only daemon process started and it listens on all service ports for the services listed in its configuration file. When a request comes in, xinetd starts the appropriate server. Because of the way it operates, xinetd (as well as inetd) is also referred to as a super-server.The only reason for the existence of a super-server was to conserve system resources by avoiding to fork a lot of processes which might be dormant for most of their lifetime. While fulfilling this function, xinetd takes advantage of the idea of a super-server to provide features such as access control and logging. Furthermore, xinetd is not limited to services listed in /etc/services. Therefore, anybody can use xinetd to start special-purpose servers.

CONTROLLING XINETD
SIGHUP causes a hard reconfiguration, which means that xinetd re-reads the configuration file and terminates the servers for services that are no longer available. Access control is performed again on running servers by checking the remote location, access times and server instances. If the number of server instances is lowered, some arbitrarily picked servers will be killed to satisfy the limit; this will happen after any servers are terminated because of failing the remote location or access time checks. Also, if the INTERCEPT flag was clear and is set, any running servers for that service will be terminated; the purpose of this is to ensure that after a hard reconfiguration there will be no running servers that can accept packets from addresses that do not meet the access control criteria. SIGQUIT causes program termination. SIGTERM terminates all running servers before terminating xinetd. SIGUSR1 causes an internal state dump (the default dump file is /var/run/xinetd.dump; to change the filename, edit config.h and recompile). SIGABRT causes an internal consistency check to verify that the data structures used by the program have not been corrupted. When the check is completed xinetd will generate a message that says if the check was successful or not.
xinetd.conf is the configuration file that determines the services provided by xinetd. Any line whose first non-white-space character is a ’#’ is considered a comment line. Empty lines are ignored.You can find it in /etc/xinetd.conf. The file contains entries of the form: service { ... ... }
The necessary attributes for a service in xinetd.conf are: 


socket_type 
user (non-internal services only) 
server (non-internal services only) 
wait protocol (RPC and unlisted services only)
rpc_version (RPC services only) 
rpc_number (unlisted RPC services only)
port (unlisted non-RPC services only)

EXAMPLE

# # Sample configuration file for xinetd

defaults
{
log_type = FILE /var/log/servicelog
log_on_success = PID
log_on_failure = HOST
only_from = 128.138.193.0 128.138.204.0
only_from = 128.138.252.1
instances = 10
disabled = rstatd

}


service ftp

socket_type = stream 
wait = no 
nice = 10
user = root
server = /usr/etc/in.ftpd
server_args = -l 
instances = 4
log_on_success += DURATION HOST USERID
access_times = 2:00-9:00 12:00-24:00
}

For more details see http://manpages.ubuntu.com/manpages/lucid/en/man5/xinetd.conf.5.html

No comments:

Post a Comment