List of Topics
1) What is Xinetd
2) List of configuration files
3) What is the need to Xinetd
4) How it Works
5) Configuration Options
1) What is Xinetd
XINETD (eXtended InterNET Daemon) is a daemon which manages internet based connectivity. It is more secure than inetd.
2) Configuration files
The configuration files for xinetd are as follows:
(i) /etc/xinetd.conf — The global xinetd configuration file.
(ii) /etc/xinetd.d/ — The directory containing all
service-specific files
3) What is the need of Xinetd
For a case if there is only one server in your organisation that servers all the internet based connectivity requests then, the system may run many number of daemons for every internet based service (eg: Ftp, ssh, SMTP.....). Daemons are usually designed to sit idle and
wait for requests. When a demand for service appears, the daemon wakes, reacts
to and processes the request, and then returns to sleep.
But, a large
number of daemon processes can affect system performance. But, when
the service is in great demand, like Web visits, a
perennial(Long running or individual) daemon makes sense.
But how can a system offer
an always-on service yet launch the service as needed? The solution comes here is a proxy
daemon that serves a variety of incoming requests and launches the
appropriate service on demand. On UNIX and Linux systems, the proxy is called inetd and its Extended version is known as xinetd.
4) How it Works
xinetd listens for incoming
requests over a network and launches the appropriate service for that request. It
can be used to start services with both privileged and non-privileged port
numbers.
5) Configuration Options
Below are the some of the configuration options for the /etc/xinetd.conf and for files inside /etc/xinetd.d/
(i) instances = 10 : Decides the
number of servers that can be simultaneously active for a service. So maximum xinetd
can handle 10 requests for the service.
(ii) log_type = SYSLOG authpriv: Determines where the service log output is sent. You can send it to SYSLOG at the specified facility (authpriv will send log to /var/log/secure file).
(iii) log_on_success = HOST PID: Force xinetd to log if the connection is successful. It will log HOST name and Process ID to /var/log/secure file.
(iv) log_on_failure = HOST: Forces xinetd to log if there is a connection dropped or if the connection is not allowed to /var/log/secure file
(v) cps = <number of connections> <Delay Time> : CPS Limits the rate of incoming connections it takes two arguments. The first argument is the number of connections per second to handle. If the rate of incoming connections is higher than this, the service will be temporarily disabled. The second argument is the number of seconds to wait for re-enabling the service after it has been disabled. The default for this setting is 50 incoming connections and the interval is 10 seconds. If not configured default setting will be used.
(vi) includedir <directory path>: Read the service specific configuration file from this directory.
No comments:
Post a Comment