Xinetd

Last updated
xinetd
Developer(s) Rob Braun
Final release
2.3.15 / 9 May 2012;11 years ago (2012-05-09)
Repository github.com/xinetd-org/xinetd
Written in C, Shell [1]
Operating system Unix-like
Type Daemon
License Open-source [2]
Website web.archive.org/web/20051227095035/http://www.xinetd.org:80/ [ dead link ]

In computer networking, xinetd (Extended Internet Service Daemon) is an open-source super-server daemon which runs on many Unix-like systems, and manages Internet-based connectivity. [3]

Contents

It offers a more secure alternative to the older inetd ("the Internet daemon"), which most modern Linux distributions have deprecated. [4]

Description

xinetd listens for incoming requests over a network and launches the appropriate service for that request. [5] Requests are made using port numbers as identifiers and xinetd usually launches another daemon to handle the request. [6] It can be used to start services with both privileged and non-privileged port numbers.

xinetd features access control mechanisms such as TCP Wrapper ACLs, extensive logging capabilities, and the ability to make services available based on time. It can place limits on the number of servers that the system can start, and has deployable defense mechanisms to protect against port scanners, among other things.

On some implementations of Mac OS X, this daemon starts and maintains various Internet-related services, including FTP and telnet. As an extended form of inetd, it offers enhanced security. It replaced inetd in Mac OS X v10.3, and subsequently launchd replaced it in Mac OS X v10.4. However, Apple has retained inetd for compatibility purposes.

Configuration

Configuration of xinetd resides in the default configuration file /etc/xinetd.conf, and configuration of the services it supports resides in configuration files stored in the /etc/xinetd.d directory. The configuration for each service usually includes a switch to control whether xinetd should enable or disable the service.

An example configuration file for the RFC 868 time server:

  # default: off # description: An RFC 868 time server. This protocol provides a # site-independent, machine readable date and time. The Time service sends back # to the originating source the time in seconds since midnight on January first # 1900. # This is the tcp version. service time {         disable         = yes         type            = INTERNAL         id              = time-stream         socket_type     = stream         protocol        = tcp         user            = root         wait            = no }  # This is the udp version. service time {         disable         = yes         type            = INTERNAL         id              = time-dgram         socket_type     = dgram         protocol        = udp         user            = root         wait            = yes }

The lines with the "#" character at the beginning are comments without any effect on the service. There are two service versions: the first one is based on the Transmission Control Protocol (TCP), the second one is based on the User Datagram Protocol (UDP). The type and planned usage of a service determines the necessary core protocol. In a simple way, the UDP cannot handle huge data transmissions, because it lacks the abilities to rearrange packages in a specified order or guarantee their integrity, but it is faster than TCP. TCP has these functions, but it is slower. There are two columns in each version inside the braces. The first is the type of option, the second is the applied variable.

The disable option is a switch to run a service or not. In most cases, the default state is yes. To activate the service, change it to no.

There are three types of services. The type is INTERNAL if the service is provided by xinetd, RPC when it based on Remote procedure call (commonly listed in the /etc/rpc file), or it can be UNLISTED when the service is neither in the /etc/services nor in the /etc/rpc files.

The id is the unique identifier of the service.

The socket_type determines the way of data transmission through the service. There are three types: stream, dgram and raw. This last one is useful when we want to establish a service based on a non-standard protocol.

With the user option, it is possible to choose a user to be the owner of the running service. It is highly recommended to choose a non-root user for security reasons.

When the wait is on yes, the xinetd will not receive a request for the service if it has a connection. So, the number of connections is limited to one. It provides very good protection when we want to establish only one connection per time.

There are many more options available for xinetd. In most Linux distributions, the full list of possible options and their description is accessible with a "man xinetd.conf" command.

To apply the new configuration, a SIGHUP signal must be sent to the xinetd process to make it re-read the configuration files. This can be achieved with the following command: kill -SIGHUP "PID". PID is the actual process identifier number of the xinetd, which can be obtained with the command pgrep xinetd. [7] [8]

Related Research Articles

In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths.

Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems (Sun) in 1984, allowing a user on a client computer to access files over a computer network much like local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call system. NFS is an open IETF standard defined in a Request for Comments (RFC), allowing anyone to implement the protocol.

Berkeley sockets is an application programming interface (API) for Internet sockets and Unix domain sockets, used for inter-process communication (IPC). It is commonly implemented as a library of linkable modules. It originated with the 4.2BSD Unix operating system, which was released in 1983.

An ephemeral port is a communications endpoint (port) of a transport layer protocol of the Internet protocol suite that is used for only a short period of time for the duration of a communication session. Such short-lived ports are allocated automatically within a predefined range of port numbers by the IP stack software of a computer operating system. The Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), and the Stream Control Transmission Protocol (SCTP) typically use an ephemeral port for the client-end of a client–server communication. At the server end of the communication session, ephemeral ports may also be used for continuation of communications with a client that initially connected to one of the services listening with a well-known port. For example, the Trivial File Transfer Protocol (TFTP) and Remote Procedure Call (RPC) applications can behave in this manner.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded. A SOCKS server accepts incoming client connection on TCP port 1080, as defined in RFC 1928.

<span class="mw-page-title-main">CUPS</span> Computer printing system

CUPS is a modular printing system for Unix-like computer operating systems which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer.

aMule

aMule is a free peer-to-peer file sharing utility that works with the eDonkey network and the Kad network, offering similar features to eMule and adding others such as GeoIP. On August 18, 2003 it was forked from the xMule source code, which itself is a fork of the lMule project, which was the first attempt to bring the eMule client to Linux. These projects were discontinued and aMule is the resulting project, though aMule has less and less resemblance to the client that sired it.

An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol, enabling people to talk to each other via the Internet. It is distinct from an IRC bot that connects outbound to an IRC channel.

launchd is an init and operating system service management daemon created by Apple Inc. as part of macOS to replace its BSD-style init and SystemStarter. There have been efforts to port launchd to FreeBSD and derived systems.

The Discard Protocol is a service in the Internet Protocol Suite defined in RFC 863. It was designed for testing, debugging, measurement, and host-management purposes.

The Echo Protocol is a service in the Internet Protocol Suite defined in RFC 862. It was originally proposed as a way to test and measure an IP network.

The Daytime Protocol is a service in the Internet Protocol Suite, defined in 1983 in RFC 867. It is intended for testing and measurement purposes in computer networks.

The Time Protocol is a network protocol in the Internet Protocol Suite defined in 1983 in RFC 868 by Jon Postel and K. Harrenstein. Its purpose is to provide a site-independent, machine readable date and time.

The Character Generator Protocol (CHARGEN) is a service of the Internet Protocol Suite defined in RFC 864 in 1983 by Jon Postel. It is intended for testing, debugging, and measurement purposes. The protocol is rarely used, as its design flaws allow for ready misuse.

inetd is a super-server daemon on many Unix systems that provides Internet services. For each configured service, it listens for requests from connecting clients. Requests are served by spawning a process which runs the appropriate executable, but simple services such as echo are served by inetd itself. External executables, which are run on request, can be single- or multi-threaded. First appearing in 4.3BSD, it is generally located at /usr/sbin/inetd. inetd is based on the (service) activator pattern

<span class="mw-page-title-main">NetworkManager</span> Software

NetworkManager is a daemon that sits on top of libudev and other Linux kernel interfaces and provides a high-level interface for the configuration of the network interfaces.

The NetWare Core Protocol (NCP) is a network protocol used in some products from Novell, Inc. It is usually associated with the client-server operating system Novell NetWare which originally supported primarily MS-DOS client stations, but later support for other platforms such as Microsoft Windows, the classic Mac OS, Linux, Windows NT, Mac OS X, and various flavors of Unix was added.

In computer networking, a port or port number is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service. At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of network service. A port at the software level is identified for each transport protocol and address combination by the port number assigned to it. The most common transport protocols that use port numbers are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP); those port numbers are 16-bit unsigned numbers.

<span class="mw-page-title-main">ProFTPD</span> Open-source FTP server software

ProFTPD is an FTP server. ProFTPD is Free and open-source software, compatible with Unix-like systems and Microsoft Windows . Along with vsftpd and Pure-FTPd, ProFTPD is among the most popular FTP servers in Unix-like environments today. Compared to those, which focus e.g. on simplicity, speed or security, ProFTPD's primary design goal is to be a highly feature rich FTP server, exposing a large amount of configuration options to the user.

References

  1. "xinetd-org/xinetd". GitHub . Retrieved 2014-07-10.
  2. "COPYRIGHT". GitHub . 2003-02-19. Retrieved 2014-07-10.
  3. Wells, Nicholas (2000). "4: Using Simple Network Services". Guide to Linux Installation and Administration. Vol. 1. Boston, Massachusetts: Cengage Learning EMEA. p. 167. ISBN   9780619000974 . Retrieved 2017-07-03. [...] the superserver (also called a metaserver) [...] listens on multiple network ports and starts the appropriate service when a client connection arrives for that port. The most widely used superserver program is called inetd, for Internet daemon. Another superserver that is gaining in popularity is xinetd, for extended Internet daemon [...].
  4. Smith, Roderick W. (2001). "Networking". Linux Study Guide. Sybex Press. p.  365. ISBN   0-7821-2939-0.
  5. Negus, C. (2002). "Running Network Services". Red hat Linux 8 Bible. Wiley Publishing Inc. p. 1007. ISBN   0-7645-4968-5.
  6. "Ubuntu Manpage: xinetd - the extended Internet services daemon". Ubuntu . 14 June 2001. Archived from the original on 23 September 2019. Retrieved 21 April 2020. Because of the way it operates, xinetd (as well as inetd) is also referred to as a super-server. (...) So far, the only reason for the existence of a super-server was to conserve system resources by avoiding to fork a lot of processes which might be dormant for most of their lifetime.
  7. Linux man page: xinetd.conf(5) http://linux.die.net/man/5/xinetd.conf
  8. Pere, László (2005). "Hálozati szolgáltatások". GNU/Linux rendszerek üzemeltetése II. Kiskapu Kft. (Hungary). pp. 107–136. ISBN   963-9301-98-1.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.