Xinetd in a Nutshell

The main xinetd configuration file is/etc/xinetd.conf. Both Mandrake and Red Hat use this file to set server defaults. You can enter the access restrictions described in the next section, "Restricting Access with xinetd," in the defaults section of this file, or you can enter restrictions in the files devoted to individual servers. These files reside in /etc/xinetd.d, and they are usually named after the server or service they control. For instance, swat handles the Samba Web Access Tool (SWAT) server. This file is likely to consist mainly of lines like the following:

service swat port = 901 socket_type = stream wait = no onlyjrom = 127.0.0.1 user = root server = /usr/sbin/swat disable = no

These lines specify the port on which the server runs and other critical features. Chapter 22 covers most of these options in detail. This example demonstrates one access control option, though: the only_from line.

One important difference between restricting access with TCP Wrappers and with xinetd is that you must restart the xinetd server, or at least tell it to reread its configuration file after making changes to that file. You can do so by passing it the HUP signal, as in killall -HUP xinetd.

0 0

Post a comment