Pages

Monday, March 6, 2017

About Xinetd Service

List of Topics

1) What is Xinetd
2) List of configuration files
3) What is the need to Xinetd
4) How it Works
5) Configuration Options

1) What is Xinetd

XINETD (eXtended InterNET Daemon) is a daemon which manages internet based connectivity.  It is more secure than inetd. 


2) Configuration files


The configuration files for xinetd are as follows:
      (i)  /etc/xinetd.conf — The global xinetd configuration file.
      (ii) /etc/xinetd.d/ — The directory containing all service-specific files


3) What is the need of Xinetd

For a case if there is only one server in your organisation that servers all the internet based connectivity requests then, the system may run many number of daemons for every internet based service (eg: Ftp, ssh, SMTP.....). Daemons are usually designed to sit idle and wait for requests. When a demand for service appears, the daemon wakes, reacts to and processes the request, and then returns to sleep.

But, a large number of  daemon processes can affect system performance. But, when the service is in great demand, like Web visits, a perennial(Long running or individual) daemon makes sense. 

But how can a system offer an always-on service yet launch the service as needed? The solution comes here is a proxy daemon that serves a variety of incoming requests and launches the appropriate service on demand. On UNIX and Linux systems, the proxy is called inetd and its Extended version is known as xinetd.

4) How it Works

xinetd listens for incoming requests over a network and launches the appropriate service for that request. It can be used to start services with both privileged and non-privileged port numbers.

5) Configuration Options

Below are the some of the configuration options for the /etc/xinetd.conf and for files inside /etc/xinetd.d/

(i) instances = 10 : Decides the number of servers that can be simultaneously active for a service. So maximum xinetd can handle 10 requests for the service.

(ii) log_type = SYSLOG authpriv: Determines where the service log output is sent. You can send it to SYSLOG at the specified facility (authpriv will send log to /var/log/secure file).

(iii) log_on_success = HOST PID: Force xinetd to log if the connection is successful. It will log HOST name and Process ID to /var/log/secure file.

(iv) log_on_failure = HOST: Forces xinetd to log if there is a connection dropped or if the connection is not allowed to /var/log/secure file

(v) cps = <number of connections>  <Delay Time> : CPS Limits the rate of incoming connections it takes two arguments. The first argument is the number of connections per second to handle. If the rate of incoming connections is higher than this, the service will be temporarily disabled. The second argument is the number of seconds to wait for re-enabling the service after it has been disabled. The default for this setting is 50 incoming connections and the interval is 10 seconds. If not configured default setting will be used.

(vi) includedir <directory path>: Read the service specific configuration file from this directory.



No comments:

Post a Comment