1 / 16

Linux Services

Linux Services. Muhammad Amer. xinetd Programs. In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon which runs on many Unix-like systems and manages Internet-based connectivity.

Download Presentation

Linux Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Linux Services Muhammad Amer

  2. xinetd Programs • In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon which runs on many Unix-like systems and manages Internet-based connectivity. • The xinetd RPM is installed by default in Fedora/Redhat Linux and uses /etc/xinetd.conf as its main configuration file. • In Unix and other computer multitasking operating systems, a daemon ( or ) is a computer program that runs in the background, rather than under the direct control of a user; they are usually initiated as background processes. ...

  3. Controlling xinetd • The starting and stopping of the xinetd daemon is controlled by the by scripts in the /etc/init.d directory and it is behavior at boot time is controlled by chkconfig. • You can start/stop/restart xinetd after booting by using the following commands: • To get xinetd configured to start at boot you can use the chkconfig command. [root@mysrv tmp]# service xinetd start [root@mysrv tmp]# service xinetd stop [root@mysrv tmp]# service xinetd restart [root@mysrv tmp]# chkconfig xinetd on

  4. Controlling xinetd-Managed Applications • Xinetd-managed applications all store their configuration files in the /etc/xinetd.d directory. • Each configuration file has a disable statement that can set to yes or no. This governs whether xinetd is allowed to start them or not. • You don't have to edit these files to activate or deactivate the application. The chkconfig command does that automatically will also stops or starts the application accordingly too

  5. Telnet Server and Client

  6. Telnet • Telnet is a program that allows users to log into server and get a command prompt just as if they were logged into the VGA console. • The Telnet server RPM is installed and disabled by default on Fedora Linux. • One of the disadvantages of Telnet is that the data is sent as clear text. • A more secure method for remote logins would be via Secure Shell (SSH) which uses varying degrees of encryption. • The older Telnet application remains popular. Many network devices don't have SSH clients, making telnet the only means of accessing other devices and servers from them

  7. Installing The Telnet Server Software • Older versions of RedHat had the Telnet server installed by default. Fedora Linux does not • you will have to install it yourself. • Most Linux software products are available in a precompiled package format. Downloading and installing packages • When searching for the file, the Telnet server RPM's filename usually starts with the word "telnet-server" followed by a version number as in telnet-server-0.17-28.i386.rpm.

  8. Setting Up A Telnet Server • To set up a Telnet server use the chkconfig command to activate Telnet. • Use the chkconfig command to deactivate telnet, even after the next reboot. [root@mysrv tmp]# chkconfig telnet on [root@mysrv tmp]# chkconfig telnet off

  9. Let Telnet Listen On Another TCP Port • Letting telnet run on an alternate TCP port does not encrypt the traffic, but it makes it less likely to be detected as telnet traffic. • Remember that this is not a foolproof strategy; good port scanning programs can detect telnet and other applications running on alternative ports.

  10. Let Telnet Listen On Another TCP Port • Edit /etc/services file and add an entry for a new service. Call it stelnet. • Copy the telnet configuration file called /etc/xinetd.d/telnet and call it /etc/xinetd.d/stelnet: # Local services stelnet 7777/tcp # "secure" telnet [root@mysrv tmp]# cp /etc/xinetd.d/telnet /etc/xinetd.d/stelnet

  11. Let Telnet Listen On Another TCP Port • Edit the new /etc/xinetd.d/stelnet file. Make the new service stelnet and add a port statement for TCP port 7777. • Use chkconfig to activate stelnet. # default: on # description: The telnet server serves telnet sessions # unencrypted username/password pairs for authentication. service stelnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no port = 7777 } [root@mysrv tmp]# chkconfig stelnet on

  12. Let Telnet Allow Connections From Trusted Addresses • Root can restrict telnet logins access to individual remote servers by using the only_from keyword in the telnet configuration file. • Add a list of trusted servers to the /etc/xinetd.d/telnet file separated by spaces: • Restart telnet by service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no only_from = 192.168.1.100127.0.0.1192.168.1.200 } #chkconfig telnet off #chkconfig telnet on

  13. Debian / Ubuntu • In Debian / Ubuntu, the Telnet server runs using the inetd, not the xinetd daemon, and uses a single /etc/inetd.conf configuration to manage the activation of the daemons it controls. • To stop Telnet you need only to edit the configuration file, comment out the Telnet server line, and restart inetd as seen in this example:

  14. root@mysrv:~# vi /etc/inetd.conf ... ... ... # # File: /etc/inetd.conf # • #telnet stream tcp nowait telnetd.telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd ... ... ... root@mysrv:~# /etc/init.d/inetd restart * Restarting internet superserver... ...done. root@mysrv:~# netstat -a | grep telnet root@mysrv:~#

  15. Note • The xinetd package provides much more flexibility than its inetd equivalent. • xinetd allows you to restrict connections to specific source IP addresses and allows you to specify the TCP port and server IP address on which to listen. You may want to convert your system to use the xinetd package for Telnet by installing xinetd and creating your own custom /etc/xinetd.d/telnet configuration file. The rest of the examples in this chapter assume that the more versatile xinetd is being used.

  16. You can test whether the Telnet process is running with the following command which is used to check the TCP/UDP ports on which your server is listening, if it isn't running then there will be no response. • [root@mysrv tmp]# netstat -a | grep telnet tcp 0 0 *:telnet *:* LISTEN [root@mysrv tmp]#

More Related