System Services - inetd.conf
- 0
- Add a Comment
- No Related Post
System Services - inetd.conf
We’re spending time this week with some of the core system services found in Linux distributions. Yesterday, we talked a bit about the inted and xinetd daemons. You’ll remember that they load on behalf of the network-related programs, listening quietly for requests and executing the appropriate programs when a request is received. As daemons, they voluntarily hand over control from the terminal (tty) process in which they started, and by so doing, limit to just a few the methods by which they communicate with the system. Cool, huh? They’re like undercover traffic cops.
If these daemons are expected to respond to network-related requests by starting the appropriate responding program, it stands to reason that they need to know a few things. For one, they need to know what programs are available to handle these requests. They also need to have some operating parameters for those programs. They need to be certain which system user will run the program. They have to have a roadmap to the program; a path. And, finally, they may need a clearer definition of arguments for the program. These items, in a nutshell, are what comprise the /etc/inetd.conf file.
Here’s a typical line from a stock /etc/inetd.conf file:
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
Let’s break this line out into its discrete components.
| ftp | Service type. This has to be correlated with a service listed in /etc/services. |
| stream | Socket type. This can be either a streaming socket for services such as telnet or ftp (TCP services), or a datagram (UDP) socket (dgram). TCP services are connection-based, meaning that the client will disconnect once its data has been sent. A UDP client, on the other hand, waits for the server to respond before dropping the connection. |
| tcp | Protocol. The most common protocols are TCP and UDP, though the rpc/tcp and rpc/udp are used under limited circumstances. |
| nowait | Determines whether or not the client will wait to drop the connection. This can be either wait or nowait. This is closely correlated with the socket type. For TCP sockets, this should be set to nowait. For UDP connections, in which the client will wait for a response from the server, this should be set to wait. |
| root | This is the user chosen to run the service. Where possible, these services be run as non-root users. |
| /usr/sbin/tcpd | The path to the responding program |
| in.ftpd -l -a | Further argument for the responding program |
You should remember that inetd.conf defines services that provide networking. Common sense dictates that, if you’re going to expose your machine to the Internet, any unneccessary services should be commented out of inted.conf. This can be done with a simple # at the beginning of the appropriate line. This is a good first line of defense in securing your system from those on the ‘net with evil in their hearts.
That’s a quick look at the inetd.conf file - a handbook for the undercover traffic cop of network-related Linux programs. xinetd.conf uses a similar approach, with different formatting. xinetd is still relatively new. It’s first incarnation was in RedHat 7.0. Because inetd is still the most widely used network services daemon, we’ll save the xinetd.conf file for a later date.
Tomorrow - the heart and sould of system logs: syslogd.