~ubuntu-branches/ubuntu/saucy/xinetd/saucy

if this is a service that will be started according to the RFC 1078 protocol on the TCPMUX well-known port. See the section describing TCPMUX services below.

.TP

.B UNLISTED

if this is a service not listed in a standard system file

(like

.I /etc/rpc

for RPC services, or

.I /etc/services

for non-RPC services).

.RE

.TP

.B flags

Any combination of the following flags may be used:

.RS

.TP 12

.B INTERCEPT

Intercept packets or accepted connections in order to verify that they

are coming from acceptable locations (internal or multi-threaded

services cannot be intercepted).

.TP

.B NORETRY

Avoid retry attempts in case of fork failure.

.TP

.B IDONLY

Accept connections only when the remote end identifies the remote user

(i.e. the remote host must run an identification server).

100

This flag applies only to connection-based services.

101

This flag is ineffective if the

102

.B USERID

103

log option is not used.

104

.TP

105

.B NAMEINARGS

106

This will cause the first argument in "server_args" to be argv[0] when

107

executing the server, as specified in "server". This allows you to use

108

tcpd by putting tcpd in "server" and the name of the server in "server_args"

109

like in normal inetd.

110

.TP

111

.B NODELAY

112

If the service is a tcp service and the NODELAY flag is set, then the

113

TCP_NODELAY flag will be set on the socket. If the service is not

114

a tcp service, this option has no effect.

115

.TP

116

.B KEEPALIVE

117

If the service is a tcp service and the KEEPALIVE flag is set, then

118

the SO_KEEPALIVE socket flag will be set on the socket. If the service

119

is not a tcp service, this option has no effect.

120

.TP

121

.B NOLIBWRAP

122

This disables internal calling of the tcpwrap library to determine access

123

to the service. This may be needed in order to use libwrap functionality

124

not available to long-running processes such as xinetd; in this case,

125

the tcpd program can be called explicitly (see also the NAMEINARGS flag).

126

For RPC services using TCP transport, this flag is automatically turned on,

127

because xinetd cannot get remote host address information for the rpc port.

128

.TP

129

.B SENSOR

130

This replaces the service with a sensor that detects accesses to the

131

specified port. NOTE: It will NOT detect stealth scans. This flag

132

should be used only on services that you know you don't need. When an

133

access is made to this service's port, the IP Address is added to a global

134

no_access list. This causes all subsequent accesses from the originating IP

135

address to be denied access until the deny_time setting expires. The amount

136

of time spent on this list is configurable as the deny_time attribute. The

137

SENSOR flag will also cause xinetd to consider the server attribute to be

138

INTERNAL no matter what is typed on the same line. Another important thing

139

to remember is that if the socket_type is set to stream, then the wait

140

attribute should be set to no.

141

.TP

142

.B IPv4

143

Sets the service to be an IPv4 service (AF_INET).

144

.TP

145

.B IPv6

146

Sets the service to be an IPv6 service (AF_INET6), if IPv6 is available on the system.

147

.TP

148

.B LABELED

149

The LABELED flag will tell xinetd to change the child processes SE Linux context to match that of the incoming connection as it starts the service. This only works for external tcp non-waiting servers and is an error if applied to an internal, udp, or tcp-wait server.

150

.TP

151

.B REUSE

152

The REUSE flag is deprecated. All services now implicitly use the REUSE flag.

153

.RE

154

.TP

155

.B disable

156

This is boolean "yes" or "no". This will result in the service

157

being disabled and not starting. See the DISABLE flag description.

158

.RE

159

.TP

160

.B socket_type

161

Possible values for this attribute include:

162

.RS

163

.TP 12

164

.I stream

165

stream-based service

166

.TP

167

.I dgram

168

datagram-based service

169

.TP

170

.I raw

171

service that requires direct access to IP

172

.TP

173

.I seqpacket

174

service that requires reliable sequential datagram transmission

175

.RE

176

.TP

177

.B protocol

178

determines the protocol that is employed by the service.

179

The protocol must exist in

180

.I /etc/protocols.

181

If this

182

attribute is not defined, the default protocol employed by the service

183

will be used.

184

.TP

185

.B wait

186

This attribute determines if the service is single-threaded or

187

multi-threaded and whether or not xinetd accepts the connection or the server

188

program accepts the connection. If its value is \fIyes\fP, the service is

189

single-threaded; this means that \fBxinetd\fP will start the server and then

190

it will stop handling requests for the service until the server dies and that

191

the server software will accept the connection. If the attribute value is

192

\fIno\fP, the service is multi-threaded and \fBxinetd\fP will keep handling

193

new service requests and xinetd will accept the connection. It should be noted

194

that udp/dgram services normally expect the value to be yes since udp is not

195

connection oriented, while tcp/stream servers normally expect the value to be

196

no.

197

.TP

198

.B user

199

determines the uid for the server process. The user attribute can either

200

be numeric or a name. If a name is given (recommended), the user name must

201

exist in

202

.I /etc/passwd.

203

This attribute is ineffective if the effective user ID

204

of \fBxinetd\fP is not super-user.

205

.TP

206

.B group

207

determines the gid for the server process. The group attribute can either

208

be numeric or a name. If a name is given (recommended), the group name must

209

exist in

210

.I /etc/group.

211

If a group is not specified, the group

212

of \fIuser\fP will be used (from

213

.I /etc/passwd).

214

This attribute is ineffective if the effective user ID

215

of \fBxinetd\fP is not super-user and if the \fBgroups\fP attribute

216

is not set to 'yes'.

217

.TP

218

.B instances

219

determines the number of servers that can be simultaneously active

220

for a service (the default is no limit). The value of this

221

attribute can be either a number or

222

.B UNLIMITED

223

which means that there is no limit.

224

.TP

225

.B nice

226

determines the server priority. Its value is a (possibly negative) number;

227

check nice(3) for more information.

228

.TP

229

.B server

230

determines the program to execute for this service.

231

.TP

232

.B server_args

233

determines the arguments passed to the server. In contrast to \fBinetd\fP,

234

the server name should \fInot\fP be included in \fIserver_args\fP.

235

.TP

236

+.B libwrap

237

overrides the service name passed to libwrap (which defaults to the

238

server name, the first server_args component with NAMEINARGS, the id

239

for internal services and the service name for redirected services).

240

This attribute is only valid if xinetd has been configured with the libwrap

241

option.

242

.TP

243

.B only_from

244

determines the remote hosts to which the particular

245

service is available.

246

Its value is a list of IP addresses which can be specified in any

247

combination of the following ways:

248

.RS

249

.TP 5

250

.B a)

251

a numeric address in the form of %d.%d.%d.%d. If the rightmost components are

252

0, they are treated as wildcards

253

(for example, 128.138.12.0 matches all hosts on the 128.138.12 subnet).

254

0.0.0.0 matches all Internet addresses. IPv6 hosts may be specified in the form of abcd:ef01::2345:6789. The rightmost rule for IPv4 addresses does not apply to IPv6 addresses.

255

.TP

256

.B b)

257

a factorized address in the form of %d.%d.%d.{%d,%d,...}.

258

There is no need for all 4 components (i.e. %d.%d.{%d,%d,...%d} is also ok).

259

However, the factorized part must be at the end of the address. This form does not work for IPv6 hosts.

260

.TP

261

.B c)

262

a network name (from

263

.I /etc/networks). This form does not work for IPv6 hosts.

264

.TP

265

.B d)

266

a host name. When a connection is made to xinetd, a reverse lookup is

267

performed, and the canonical name returned is compared to the specified host

268

name. You may also use domain names in the form of .domain.com. If the

269

reverse lookup of the client's IP is within .domain.com, a match occurs.

270

.TP

271

.B e)

272

an ip address/netmask range in the form of 1.2.3.4/32. IPv6 address/netmask

273

ranges in the form of 1234::/46 are also valid.

274

.RE

275

.TP

276

.B ""

277

Specifying this attribute

278

without a value makes the service available to nobody.

279

.TP

280

.B no_access

281

determines the remote hosts to which the particular

282

service is unavailable. Its value can be specified in the same way as the

283

value of the \fBonly_from\fP

284

attribute. These two attributes determine the location access control

285

enforced by \fBxinetd\fP. If none of the two is specified for a service,

286

the service is available to anyone. If both are specified for a service,

287

the one that is the better match for

288

the address of the remote host determines

289

if the service is available to that host (for example, if the

290

\fBonly_from\fP list contains 128.138.209.0 and the

291

\fBno_access\fP list contains 128.138.209.10

292

then the host with the address 128.138.209.10 can not access the service).

293

.TP

294

.B access_times

295

determines the time intervals when the service is available. An interval

296

has the form \fIhour:min-hour:min\fP (connections

297

.I will

298

be accepted at the bounds of an interval). Hours can range from 0 to 23 and

299

minutes from 0 to 59.

300

.TP

301

.B log_type

302

determines where the service log output is sent. There are two formats:

303

.RS

304

.TP

305

.B SYSLOG " \fIsyslog_facility [syslog_level]\fP"

306

The log output is sent to syslog at the specified facility. Possible facility

307

names include:

308

.I daemon,

309

.I auth,

310

.I authpriv,

311

.I user,

312

.I mail,

313

.I lpr,

314

.I news,

315

.I uucp,

316

.I ftp

317

.I "local0-7."

318

Possible level names include:

319

.I emerg,

320

.I alert,

321

.I crit,

322

.I err,

323

.I warning,

324

.I notice,

325

.I info,

326

.I debug.

327

If a level is not present, the messages will be recorded at the

328

.I info

329

level.

330

.TP

331

.B FILE " \fIfile [soft_limit [hard_limit]]\fP"

332

The log output is appended to \fIfile\fP which will be created if it does

333

not exist. Two limits on the size of the log file can be optionally specified.

334

The first limit is a soft one;

335

.B xinetd

336

will log a message the first time this limit is exceeded (if

337

.B xinetd

338

logs to syslog, the message will be sent at the

339

.I alert

340

priority level).

341

The second limit is a hard limit;

342

.B xinetd

343

will stop logging for the affected service (if the log file is a

344

common log file, then more than one service may be affected)

345

and will log a message about this (if

346

.B xinetd

347

logs to syslog, the message will be sent at the

348

.I alert

349

priority level).

350

If a hard limit is not specified, it defaults to the soft limit

351

increased by 1% but the extra size must be within the parameters

352

.SM LOG_EXTRA_MIN

353

and

354

.SM LOG_EXTRA_MAX

355

which default to 5K and 20K respectively (these constants are defined in

356

\fIxconfig.h\fP).

357

.RE

358

.TP

359

.B log_on_success

360

determines what information is logged when a server is started and when

361

that server exits (the service id is always included in the log entry).

362

Any combination of the following values may be specified:

363

.RS

364

.TP 12

365

.B PID

366

logs the server process id (if the service is implemented by \fBxinetd\fP

367

without forking another process the logged process id will be 0)

368

.TP

369

.B HOST

370

logs the remote host address

371

.TP

372

.B USERID

373

logs the user id of the remote user using the RFC 1413 identification protocol.

374

This option is available only for multi-threaded stream services.

375

.TP

376

.B EXIT

377

logs the fact that a server exited along with the exit status or the

378

termination signal

379

(the process id is also logged if the

380

.B PID

381

option is used)

382

.TP

383

.B DURATION

384

logs the duration of a service session

385

.TP

386

.B TRAFFIC

387

logs the total bytes in and out for a redirected service.

388

.RE

389

.TP

390

.B log_on_failure

391

determines what information is logged when a server cannot be started

392

(either because of a lack of resources or because of access control

393

restrictions). The service id is always included in the log entry along

394

with the reason for failure.

395

Any combination of the following values may be specified:

396

.RS

397

.TP 12

398

.B HOST

399

logs the remote host address.

400

.TP

401

.B USERID

402

logs the user id of the remote user using the RFC 1413 identification protocol.

403

This option is available only for multi-threaded stream services.

404

.TP

405

.B ATTEMPT

406

logs the fact that a failed attempt was made

407

(this option is implied by all others).

408

.RE

409

.TP

410

.B rpc_version

411

determines the RPC version for a RPC service. The version can be

412

a single number or a range in the form \fInumber\fP-\fInumber\fP.

413

.TP

414

.B rpc_number

415

determines the number for an

416

.I UNLISTED

417

RPC service (this attribute is ignored if the service is not unlisted).

418

.TP

419

.B env

420

The value of this attribute is a list of strings of the form 'name=value'.

421

These strings will be added to the environment before

422

starting a server (therefore the server's environment will include

423

\fBxinetd\fP's environment plus the specified strings).

424

.TP

425

.B passenv

426

The value of this attribute is a list of environment variables from

427

\fBxinetd\fP's environment that will be passed to the server.

428

An empty list implies passing no variables to the server

429

except for those explicitly defined using the

430

.I env

431

attribute.

432

(notice that you can use this attribute in conjunction with the

433

.I env

434

attribute to specify exactly what environment will be passed to the server).

435

.TP

436

.B port

437

determines the service port. If this attribute is specified for a service

438

listed in

439

.I /etc/services,

440

it must be equal to the port number listed in that file.

441

.TP

442

.B redirect

443

Allows a tcp service to be redirected to another host. When xinetd receives

444

a tcp connection on this port it spawns a process that establishes a

445

connection to the host and port number specified, and forwards all data

446

between the two hosts. This option is useful when your internal machines

447

are not visible to the outside world. Syntax is: redirect = (ip address)

448

(port). You can also use a hostname instead of the IP address in this

449

field. The hostname lookup is performed only once, when xinetd is

450

started, and the first IP address returned is the one that is used

451

until xinetd is restarted.

452

The "server" attribute is not required when this option is specified. If

453

the "server" attribute is specified, this attribute takes priority.

454

.TP

455

.B bind

456

Allows a service to be bound to a specific interface on the machine.

457

This means you can have a telnet server listening on a local, secured

458

interface, and not on the external interface. Or one port on one interface

459

can do something, while the same port on a different interface can do

460

something completely different. Syntax: bind = (ip address of interface).

461

.TP

462

.B interface

463

Synonym for bind.

464

.TP

465

.B banner

466

Takes the name of a file to be splatted at the remote host when a

467

connection to that service is established. This banner is printed

468

regardless of access control. It should *always* be printed when

469

a connection has been made. \fBxinetd\fP outputs the file as-is,

470

so you must ensure the file is correctly formatted for the service's

471

protocol. In paticular, if the protocol requires CR-LF pairs for line

472

termination, you must supply them.

473

.TP

474

.B banner_success

475

Takes the name of a file to be splatted at the remote host when a

476

connection to that service is granted. This banner is printed

477

as soon as access is granted for the service. \fBxinetd\fP outputs the

478

file as-is, so you must ensure the file is correctly formatted for

479

the service's protocol. In paticular, if the protocol requires CR-LF

480

pairs for line termination, you must supply them.

481

.TP

482

.B banner_fail

483

Takes the name of a file to be splatted at the remote host when a

484

connection to that service is denied. This banner is printed

485

immediately upon denial of access. This is useful for informing

486

your users that they are doing something bad and they shouldn't be

487

doing it anymore. \fBxinetd\fP outputs the file as-is,

488

so you must ensure the file is correctly formatted for the service's

489

protocol. In paticular, if the protocol requires CR-LF pairs for line

490

termination, you must supply them.

491

.TP

492

.B per_source

493

Takes an integer or "UNLIMITED" as an argument. This specifies the

494

maximum instances of this service per source IP address. This can

495

also be specified in the defaults section.

496

.TP

497

.B cps

498

Limits the rate of incoming connections. Takes two arguments.

499

The first argument is the number of connections per second to handle.

500

If the rate of incoming connections is higher than this, the service

501

will be temporarily disabled. The second argument is the number of

502

seconds to wait before re-enabling the service after it has been disabled.

503

The default for this setting is 50 incoming connections and the interval

504

is 10 seconds.

505

.TP

506

.B max_load

507

Takes a floating point value as the load at which the service will

508

stop accepting connections. For example: 2 or 2.5. The service

509

will stop accepting connections at this load. This is the one minute

510

load average. This is an OS dependent feature, and currently only

511

Linux, Solaris, and FreeBSD are supported for this. This feature is

512

only avaliable if xinetd was configured with the -with-loadavg option.

513

.TP

514

.B groups

515

Takes either "yes" or "no". If the groups attribute is set to

516

"yes", then the server is executed with access to the groups that the

517

server's effective UID has access to. Alternatively, if the \fBgroup\fP

518

attribute is set, the server is executed with access to the groups

519

specified. If the groups attribute is set

520

to "no", then the server runs with no supplementary groups. This

521

attribute must be set to "yes" for many BSD systems. This attribute

522

can be set in the defaults section as well.

523

.TP

524

.B mdns

525

Takes either "yes" or "no". On systems that support mdns registration

526

of services (currently only Mac OS X), this will enable or disable

527

registration of the service. This defaults to "yes".

528

.TP

529

.B umask

530

Sets the inherited umask for the service. Expects an octal value.

531

This option may be set in the "defaults" section to set a umask

532

for all services. xinetd sets its own umask to the previous umask

533

OR'd with 022. This is the umask that will be inherited by all

534

child processes if the umask option is not used.

535

.TP

536

.B enabled

537

Takes a list of service ID's to enable. This will enable only the

538

services listed as arguments to this attribute; the rest will be

539

disabled. If you have 2 ftp services, you will need to list both of

540

their ID's and not just ftp. (ftp is the service name, not the ID. It

541

might accidentally be the ID, but you better check.) Note that the

542

service "disable" attribute and "DISABLE" flag can prevent a service

543

from being enabled despite being listed in this attribute.

544

.TP

545

.B include

546

Takes a filename in the form of "include /etc/xinetd/service".

547

The file is then parsed as a new configuration file. It is not

548

the same thing as pasting the file into xinetd.conf where the

549

include directive is given. The included file must be in the

550

same form as xinetd.conf. This may not be specified from within

551

a service. It must be specified outside a service declaration.

552

.TP

553

.B includedir

554

Takes a directory name in the form of "includedir /etc/xinetd.d".

555

Every file inside that directory, excluding files with names containing

556

a dot ('.') or ending with a tilde ('~'), will be parsed as xinetd

557

configuration files. The files will be parsed in alphabetical order

558

according to the C locale. This allows you to specify services one

559

per file within a directory. The

560

.B includedir

561

directive may not be specified from within a service declaration.

562

.TP

563

.B rlimit_as

564

Sets the Address Space resource limit for the service. One parameter

565

is required, which is either a positive integer representing the number

566

of bytes to set the limit to (K or M may be used to specify

567

kilobytes/megabytes) or "UNLIMITED". Due to the way Linux's libc malloc

568

is implemented, it is more useful to set this limit than rlimit_data,

569

rlimit_rss and rlimit_stack. This resource limit is only implemented on

570

Linux systems.

571

.TP

572

.B rlimit_cpu

573

Sets the maximum number of CPU seconds that the service may use.

574

One parameter is required, which is either a positive integer representing

575

the number of CPU seconds limit to, or "UNLIMITED".

576

.TP

577

.B rlimit_data

578

Sets the maximum data size resource limit for the service.

579

One parameter is required, which is either a positive integer representing

580

the number of bytes or "UNLIMITED".

581

.TP

582

.B rlimit_rss

583

Sets the maximum resident set size limit for the service. Setting this

584

value low will make the process a likely candidate for swapping out to

585

disk when memory is low.

586

One parameter is required, which is either a positive integer representing

587

the number of bytes or "UNLIMITED".

588

.TP

589

.B rlimit_stack

590

Set the maximum stack size limit for the service.

591

One parameter is required, which is either a positive integer representing

592

the number of bytes or "UNLIMITED".

593

.TP

594

.B deny_time

595

Sets the time span that access to all services on all IP addresses are

596

denied to someone that sets off the SENSOR. The unit of time is in minutes.

597

Valid options are: FOREVER, NEVER, and a numeric value. FOREVER causes

598

the IP address not to be purged until xinetd is restarted. NEVER has the

599

effect of just logging the offending IP address. A typical time value would

600

be 60 minutes. This should stop most DOS attacks while allowing IP addresses

601

that come from a pool to be recycled for legitimate purposes. This option

602

must be used in conjunction with the SENSOR flag.

603

.LP

604

You don't need to specify all of the above attributes for each service.

605

The necessary attributes for a service are:

606

.sp 1

607

.PD .1v

608

.RS

609

.TP 18

610

.B socket_type

611

.TP

612

.B user

613

(non-\fIinternal\fP services only)

614

.TP

615

.B server

616

(non-\fIinternal\fP services only)

617

.TP

618

.B wait

619

.TP

620

.B protocol

621

(\fIRPC\fP and \fIunlisted\fP services only)

622

.TP

623

.B rpc_version

624

(\fIRPC\fP services only)

625

.TP

626

.B rpc_number

627

(\fIunlisted\fP RPC services only)

628

.TP

629

.B port

630

(\fIunlisted\fP non-RPC services only)

631

.RE

632

.PD

633

.LP

634

The following attributes support all assignment operators:

635

.sp 1

636

.PD .1v

637

.RS

638

.TP 18

639

.B only_from

640

.TP

641

.B no_access

642

.TP

643

.B log_on_success

644

.TP

645

.B log_on_failure

646

.TP

647

.B passenv

648

.TP

649

.B env

650

(does not support the

651

.B '-='

652

operator)

653

.RE

654

.PD

655

.LP

656

These attributes can also appear more than once in a service entry.

657

The remaining attributes support only the

658

.B '='

659

operator and can appear at most once in a service entry.

660

.LP

661

The configuration file may also contain a single defaults entry

662

that has the form

663

.LP

664

.RS

665

.nf

666

.ft B

667

defaults

668

{

669

.RS

670

.ft B

671

<attribute> = <value> <value> ...

672

.I "..."

673

.RE

674

.ft B

675

}

676

.ft R

677

.fi

678

.RE

679

.LP

680

This entry provides default attribute values for service entries that

681

don't specify those attributes. Possible default attributes:

682

.sp 1

683

.PD .1v

684

.RS

685

.TP 18

686

.B log_type

687

(cumulative effect)

688

.TP

689

.B bind

690

.TP

691

.B per_source

692

.TP

693

.B umask

694

.TP

695

.B log_on_success

696

(cumulative effect)

697

.TP

698

.B log_on_failure

699

(cumulative effect)

700

.TP

701

.B only_from

702

(cumulative effect)

703

.TP

704

.B no_access

705

(cumulative effect)

706

.TP

707

.B passenv

708

(cumulative effect)

709

.TP

710

.B instances

711

.TP

712

.B disabled

713

(cumulative effect)

714

.TP

715

.B enabled

716

(cumulative effect)

717

.TP

718

.B banner

719

.TP

720

.B banner_success

721

.TP

722

.B banner_fail

723

.TP

724

.B per_source

725

.TP

726

.B groups

727

.TP

728

.B cps

729

.TP

730

.B max_load

731

.TP

732

.RE

733

.PD

734

.LP

735

Attributes with a cumulative effect can be specified multiple times

736

with the values specified each time accumulating (i.e. '=' does

737

the same thing as '+=').

738

With the exception of

739

.I disabled

740

they all have the same meaning as if they were specified in a service entry.

741

.I disabled

742

determines services that are disabled even if they have entries in

743

the configuration file. This allows for quick reconfiguration by

744

specifying disabled services with the

745

.I disabled

746

attribute instead of commenting them out.

747

The value of this attribute is a list of space separated service ids.

748

.I enabled

749

has the same properties as disabled. The difference being that

750

.I enabled

751

is a list of which services are to be enabled. If

752

.I enabled

753

is specified, only the services specified are available. If

754

.I enabled

755

is not specified, all services are assumed to be enabled,

756

except those listed in

757

.I disabled.

758

759

.\" *********************** INTERNAL SERVICES ****************************

760

.SH "INTERNAL SERVICES"

761

.LP

762

\fBxinetd\fP provides the following services internally (both

763

stream and datagram based):

764

.I echo,

765

.I time,

766

.I daytime,

767

.I chargen,

768

and

769

.I discard.

770

These services are under the same access restrictions as all other

771

services except for the ones that don't require \fBxinetd\fP to fork

772

another process for them. Those ones (\fItime\fP, \fIdaytime\fP,

773

and the datagram-based \fIecho\fP, \fIchargen\fP, and \fIdiscard\fP)

774

have no limitation in the number of

775

.B instances.

776

.LP

777

.\" *********************** TCPMUX Services ****************************

778

.SH "TCPMUX Services"

779

.LP

780

\fBxinetd\fP supports TCPMUX services that conform to RFC 1078. These services

781

may not have a well-known port associated with them, and can be accessed via

782

the TCPMUX well-known port.

783

.LP

784

For each service that is to be accessed via TCPMUX, a service entry in

785

\fB/etc/xinetd.conf\fP or in a configuration file in an \fBincludedir\fP

786

directory must exist.

787

.LP

788

The \fIservice_name\fP field (as defined above for each service in any

789

\fBxinetd\fP

790

configuration file) must be identical to the string that is passed (according

791

to RFC 1078 protocol) to \fBxinetd\fP when the remote service requestor first

792

makes the connection on the TCPMUX well-known port. Private protocols should

793

use a service name that has a high probability of being unique. One way is to

794

prepend the service name with some form of organization ID.

795

.LP

796

The \fItype\fP field can be either \fBTCPMUX\fP or \fBTCPMUXPLUS\fP. If the

797

type is \fBTCPMUXPLUS\fP, \fBxinetd\fP will handle the initial protocol

798

handshake (as defined in RFC 1078) with the calling process before initiating

799

the service. If the type is \fBTCPMUX\fP, the server that is started is

800

responsible for performing the handshake.

801

.LP

802

The \fItype\fP field should also include \fBUNLISTED\fP if the service is

803

not listed in a standard system file

804

(like

805

.I /etc/rpc

806

for RPC services, or

807

.I /etc/services

808

for non-RPC services).

809

.LP

810

The \fIsocket_type\fP for these services must be \fBstream\fP, and the

811

\fIprotocol\fP must be \fBtcp\fP.

812

.LP

813

Following is a sample TCPMUX service configuration:

814

.PD .1v

815

.RS

816

.nf

817

818

service myorg_server

819

{

820

.RS

821

.IP disable 20

822

= no

823

.IP type

824

= TCPMUX

825

.IP socket_type

826

= stream

827

.IP protocol

828

= tcp

829

.IP wait

830

= no

831

.IP user

832

= root

833

.IP server

834

= /usr/etc/my_server_exec

835

.RE

836

}

837

.fi

838

.RE

839

.PD

840

.LP

841

Besides a service entry for each service that can be accessed

842

via the TCPMUX well-known port, a service entry for TCPMUX itself

843

must also be included in the \fBxinetd\fP configuration. Consider the following

844

sample:

845

.PD .1v

846

.RS

847

.nf

848

849

service tcpmux

850

{

851

.RS

852

.IP type 20

853

= INTERNAL

854

.IP id

855

= tcpmux

856

.IP socket_type

857

= stream

858

.IP protocol

859

= tcp

860

.IP user

861

= root

862

.IP wait

863

= no

864

.RE

865

}

866

.fi

867

.RE

868

.PD

869

870

871

872

.\" *********************** NOTES ****************************

873

.SH NOTES

874

.IP 1. 4

875

The following service attributes \fIcannot\fP be changed on reconfiguration:

876

.B socket_type,

877

.B wait,

878

.B protocol,

879

.B type.

880

.IP 2.

881

When the attributes

882

.I only_from

883

and

884

.I no_access

885

are not specified for a service (either directly or via \fIdefaults\fP)

886

the address check is considered successful (i.e. access will not be

887

denied).

888

.IP 3.

889

The address check is based on the IP address of the remote host and

890

not on its domain address. We do this so that we can avoid

891

remote name lookups which may take a long time (since

892

.B xinetd

893

is single-threaded, a name lookup will prevent the daemon from

894

accepting any other requests until the lookup is resolved).

895

The down side of this scheme is that if the IP address of a remote

896

host changes, then access to that host may be denied until

897

.B xinetd

898

is reconfigured.

899

Whether access is actually denied or not will depend on whether the

900

new host IP address is among those allowed access. For example, if

901

the IP address of a host changes from 1.2.3.4 to 1.2.3.5 and

902

only_from is specified as 1.2.3.0 then access will not be denied.

903

.IP 4.

904

If the

905

.B USERID

906

log option is specified and the remote host either does not run an

907

identification server or the server sends back a bad reply,

908

access will not be denied unless the

909

.I IDONLY

910

service flag is used.

911

.IP 5.

912

Interception works by forking a process which acts as a filter

913

between the remote host(s) and the local server.

914

This obviously has a performance impact so

915

it is up to you to make the compromise between security and performance

916

for each service.

917

The following tables show the overhead of interception.

918

The first table shows the time overhead-per-datagram for a UDP-based service

919

using various datagram sizes.

920

For TCP-based services we measured the bandwidth reduction

921

because of interception while sending

922

a certain amount of data from client to server (the time overhead should

923

the same as for UDP-based services but it is "paid" only by the first

924

packet of a continuous data transmission).

925

The amount of data is given

926

in the table as \fIsystem_calls\fPx\fIdata_sent_per_call\fP, i.e.

927

each

928

.I "send(2)"

929

system call transferred so many bytes of data.

930

The bandwidth reduction is given in terms of bytes per second and as

931

a percentage of the bandwidth when interception is not performed.

932

All measurements were done on a SparcStation IPC running SunOS 4.1.

933

.sp 1

934

.RS

935

.RS

936

.PD .1v

937

.TP 25

938

Datagram size (bytes)

939

Latency (msec)

940

.TP

941

---------------------

942

--------------

943

.TP

944

945

1.19

946

.TP

947

256

948

1.51

949

.TP

950

1024

951

1.51

952

.TP

953

4096

954

3.58

955

.sp 2

956

.TP

957

Bytes sent

958

Bandwidth reduction

959

.TP

960

----------

961

-------------------

962

.TP

963

10000x64

964

941 (1.2%)

965

.TP

966

10000x256

967

4,231 (1.8%)

968

.TP

969

10000x1024

970

319,300 (39.5%)

971

.TP

972

10000x4096

973

824,461 (62.1%)

974

.RE

975

.RE

976

.sp 1

977

.\" *********************** EXAMPLE ****************************

978

.SH EXAMPLE

979

.LP

980

.PD .1v

981

.RS

982

.nf

983

984

# Sample configuration file for xinetd

985

986

987

defaults

988

{

989

.RS

990

.IP log_type 20

991

= FILE /var/log/servicelog

992

.IP log_on_success

993

= PID

994

.IP log_on_failure

995

= HOST

996

.IP only_from

997

= 128.138.193.0 128.138.204.0

998

.IP only_from

999

= 128.138.252.1

1000

.IP instances

1001

= 10

1002

.IP disabled

1003

= rstatd

1004

.RE

1005

}

1006

1007

1008

# Note 1: the protocol attribute is not required

1009

# Note 2: the instances attribute overrides the default

1010

1011

service login

1012

{

1013

.RS

1014

.IP socket_type 20

1015

= stream

1016

.IP protocol

1017

= tcp

1018

.IP wait

1019

= no

1020

.IP user

1021

= root

1022

.IP server

1023

= /usr/etc/in.rlogind

1024

.IP instances

1025

= UNLIMITED

1026

.RE

1027

}

1028

1029

1030

# Note 1: the instances attribute overrides the default

1031

# Note 2: the log_on_success flags are augmented

1032

1033

service shell

1034

{

1035

.RS

1036

.IP socket_type 20

1037

= stream

1038

.IP wait

1039

= no

1040

.IP user

1041

= root

1042

.IP instances

1043

= UNLIMITED

1044

.IP server

1045

= /usr/etc/in.rshd

1046

.IP log_on_success

1047

+= HOST

1048

.RE

1049

}

1050

1051

service ftp

1052

{

1053

.RS

1054

.IP socket_type 20

1055

= stream

1056

.IP wait

1057

= no

1058

.IP nice

1059

= 10

1060

.IP user

1061

= root

1062

.IP server

1063

= /usr/etc/in.ftpd

1064

.IP server_args

1065

= -l

1066

.IP instances

1067

= 4

1068

.IP log_on_success

1069

+= DURATION HOST USERID

1070

.IP access_times

1071

= 2:00-9:00 12:00-24:00

1072

.RE

1073

}

1074

1075

# Limit telnet sessions to 8 Mbytes of memory and a total

1076

# 20 CPU seconds for child processes.

1077

service telnet

1078

{

1079

.RS

1080

.IP socket_type 20

1081

= stream

1082

.IP wait

1083

= no

1084

.IP nice

1085

= 10

1086

.IP user

1087

= root

1088

.IP server

1089

= /usr/etc/in.telnetd

1090

.IP rlimit_as

1091

= 8M

1092

.IP rlimit_cpu

1093

= 20

1094

.RE

1095

}

1096

1097

1098

# This entry and the next one specify internal services. Since

1099

# this is the same service using a different socket type, the

1100

# id attribute is used to uniquely identify each entry

1101

1102

service echo

1103

{

1104

.RS

1105

.IP id 20

1106

= echo-stream

1107

.IP type

1108

= INTERNAL

1109

.IP socket_type

1110

= stream

1111

.IP user

1112

= root

1113

.IP wait

1114

= no

1115

.RE

1116

}

1117

1118

service echo

1119

{

1120

.RS

1121

.IP id 20

1122

= echo-dgram

1123

.IP type

1124

= INTERNAL

1125

.IP socket_type

1126

= dgram

1127

.IP user

1128

= root

1129

.IP wait

1130

= no

1131

.RE

1132

}

1133

1134

1135

# Sample RPC service

1136

1137

service rstatd

1138

{

1139

.RS

1140

.IP type 20

1141

= RPC

1142

.IP socket_type

1143

= dgram

1144

.IP protocol

1145

= udp

1146

.IP server

1147

= /usr/etc/rpc.rstatd

1148

.IP wait

1149

= yes

1150

.IP user

1151

= root

1152

.IP rpc_version

1153

= 2-4

1154

.IP env

1155

= LD_LIBRARY_PATH=/etc/securelib

1156

.RE

1157

}

1158

1159

1160

# Sample unlisted service

1161

1162

service unlisted

1163

{

1164

.RS

1165

.IP type 20

1166

= UNLISTED

1167

.IP socket_type

1168

= stream

1169

.IP protocol

1170

= tcp

1171

.IP wait

1172

= no

1173

.IP server

1174

= /home/user/some_server

1175

.IP port

1176

= 20020

1177

.RE

1178

}

1179

.RE

1180

.PD

1181

.\" *********************** SEE ALSO ****************************

1182

.SH "SEE ALSO"

1183

.I "xinetd(1L),"

1184

.LP

1185

.I "xinetd.log(5)"

1186

.LP

1187

Postel J.,

1188

.IR "Echo Protocol" ,

1189

RFC 862,

1190

May 1983

1191

.LP

1192

Postel J.,

1193

.IR "Discard Protocol" ,

1194

RFC 863,

1195

May 1983

1196

.LP

1197

Postel J.,

1198

.IR "Character Generator Protocol" ,

1199

RFC 864,

1200

May 1983

1201

.LP

1202

Postel J.,

1203

.IR "Daytime Protocol" ,

1204

RFC 867,

1205

May 1983

1206

.LP

1207

Postel J., Harrenstien K.,

1208

.IR "Time Protocol" ,

1209

RFC 868,

1210

May 1983

1211

.LP

1212

M. Lottor,

1213

.IR "TCP Port Service Multiplexer (TCPMUX)" ,

1214

RFC 1078

1215

Nov 1988

1216

.LP

1217

StJohns M.,

1218

.IR " Identification Protocol" ,

1219

RFC 1413,

1220

February 1993

1221

.\" *********************** BUGS ****************************

1222

.SH BUGS

1223

.LP

1224

If the

1225

.B INTERCEPT

1226

flag is not used,

1227

access control on the address of the remote host is not performed when

1228

\fIwait\fP is \fIyes\fP and \fIsocket_type\fP is \fIstream\fP.

1229

.LP

1230

The NOLIBWRAP flag is automatically turned on for RPC services whose

1231

\fIsocket_type\fP is \fIstream\fP because xinetd cannot determine the

1232

address of the remote host.

1233

.LP

1234

If the

1235

.B INTERCEPT

1236

flag is not used,

1237

access control on the address of the remote host for

1238

services where \fIwait\fP is \fIyes\fP and \fIsocket_type\fP is \fIdgram\fP

1239

is performed only on the first packet. The server may then accept packets

1240

from hosts not in the access control list. This can happen with

1241

.B RPC

1242

services.

1243

.LP

1244

There is no way to put a

1245

.SM SPACE

1246

in an environment variable.

1247

.LP

1248

When \fIwait\fP is \fIyes\fP and \fIsocket_type\fP is \fIstream\fP,

1249

the socket passed to the server can only accept connections.

1250

.LP

1251

The

1252

.B INTERCEPT

1253

flag is not supported for internal services or multi-threaded services.

Older »