Linux Xinetd Network services
The service, xinetd, is a service designed to provide the same functionality as inetd, but with better configuration options and better security. It provides the same services as inetd, so you will not need to run inetd with this service and can substitute this service for inetd. This service is easy to install and run. It is meant as a replacement for inetd, but can be run at the same time inetd is being run. If you decide to run both inetd and xinetd, but you should not run the same services, such as telnet or ftp, on both inetd and xinetd at the same time. Xinetd will support the hosts.allow and hosts.deny features using the tcp wrapper daemon, the same as inetd does.
It is very easy to obtain, compile, and install xinetd. You may obtain FAQ information from: http://synack.net/xinetd/faq.html and complete documentation with source and binaries may be obtained from http://www.synack.net/xinetd/. Also there is a very good xinetd tutorial which describes installation and configuration (yes, better than this documentation) at http://www.macsecurity.org/resources/xinetd/tutorial.shtml. It is written for users running Linux on a MacIntosh, but it applies very well to xinetd and Linux in general.
Compilation and installation
Download the code to a location like "/usr/local/xinetd" then enter the directory you downloaded xinetd to. Follow the following procedure to unpack a source tar file, compile, and install the package:
- Type "tar xvzf xinetd-2_1_8_9p3_tar.gz" to unpack the file.
- Type "cd xinetd-22.214.171.124.p3" to enter the directory the files were unpacked to.
- Read the README and INSTALL files with the commands "less README" and "less "INSTALL".
- Type "./configure -- with-libwrap --with-loadavg". Some documentation recommends not using the --with-libwrap option since xinit supports its own method of providing the same capabilities of hosts.allow and hosts.deny.
- Type "make".
- Type "make install". This will install the man pages, xinetd.conf, xinet.log, xinetd, and itox. These files will be accessible by typing "man" followed by the name of the file such as "man xinetd". It will also install the binary programs, xinetd, itox, and xconv.pl.
- At this point, you may not have ready access to these programs unless the directory /usr/local/sbin is in your system path. You can find out by issuing the command "env" and looking at the value of your path variable. If the directory is named in the path variable, you are set. If not, you will need to add it to your system path.
- If you are only going to require these commands while logged in as root (which is likely), you can edit the .bash_profile file in the root directory (/root/.bash_profile). This assumes you are using the bash shell, otherwise edit the appropriate file for the shell you are running. Add ":/usr/local/bin" to the statement that begins with "PATH". If no statement starting with "PATH" exists, add the statement "PATH=$PATH:/usr/local/bin".
- If you want this path added for all users, you may add the statements as described above to the /etc/profile file.
- The xinetd documentation says to issue the command:
xconv.pl < /etc/inetd.conf > /tmp/xinetd.conf
But I recommend using the command:
xconv.pl < /etc/inetd.conf > /etc/xinetd.conf
This will create a configuration file for xinetd from your original inetd.conf file.
- You now need to start the service. The easy way to do this is to modify the /etc/rc.d/init.d/inet file and replace all occurrences of inetd by xinetd. Since xinetd is installed to /usr/local/sbin rather than /usr/sbin, you will need to account for this in your file modifications or copy xinetd to /usr/sbin.
- If you have a problem getting the service to run right consider the following pitfalls:
- If you converted your inetd.conf file to xinetd.conf, and were running with tcp wrappers in inetd, and did not compile tcp wrapper support into xinetd with the option --with-libwrap, you will need to either compile the option in or modify your configuration file so tcp wrappers are no longer used. this can generally be done by moving the server arguments to the server value, and the server arguments will be set to what would have been on the server command line or the value -1. For instance the entry:
server = /usr/sbin/tcpd
server_args = in.ftpd -l -a
server = /usr/sbin/in.ftpd
server_args = -l -a
server = /usr/sbin/tcpd
server_args = in.telnetd
server = /usr/sbin/in.telnetd
server_args = -1
- You may need to add the line "groups = yes" to each service. See the xinetd.conf man page.