The inetd Daemon Super Internet Server
15.5 Super Internet Server
15.5.1 The inetd Daemon
A huge number of different processes run on any UNIX system. Many of them are run continuously, and we usually identify them as daemons. Some daemons are configured into the kernel and are invoked with the kernel execution; others are explicitly started during the system startup through the corresponding initialization rc scripts. However, UNIX also provides one special daemon with the primary task of starting other daemons, or rather, other network server processes because the started processes run as long as their services are required. This daemon is known as the super−daemon, or the super−server; its name is inetd. The basic idea behind the inetd daemon was this: instead of continuously running many network server processes as daemons, with each of them listening for incoming client requests for its service, run a single daemon which will listen for incoming client requests and invoke the corresponding network server process on an as−needed basis. The super−server inetd is started during the system startup; when started, inetd reads its configuration data from the etcinetd.conf file to learn about the server processes it should support. Once started, inetd continues to listen for configured network services as long as the system lives, or until the super−server is reconfigured. 15.5.1.1 The inetd Configuration Obviously, inetd requires a certain level of administration, although the default configuration seems to be sufficient in most cases. The inetd daemon is actually very flexible and easy to configure. 360 Here is an example of the inetd configuration file: cat etcinetd.conf Configured using SAM by root on Mon Dec 13 22:17:00 Header: inetd.conf,v 1.20.193.2 bazavan Exp Inetd reads its configuration information from this file upon execution and at some later time if it is reconfigured. A line in the configuration file has the following fields separated by tabs andor spaces: service name as in etcservices socket type either stream or dgram protocol as in etcprotocols waitnowait only applies to datagram sockets, stream sockets should specify nowait user name of user as whom the server should run server program absolute pathname for the server inetd will execute server program args. arguments server program uses as they normally are starting with argv[0] which is the name of the server. See the inetd.conf4 manual page for more information. ARPABerkeley services ftp stream tcp nowait root etcftpd ftpd −l telnet stream tcp nowait root etctelnetd telnetd Before uncommenting the tftp entry below, please make sure that you have a tftp user in etcpasswd. If you dont have one, please consult the tftpd1M manual entry for information about setting up this service. tftp dgram udp wait root etctftpd tftpd bootps dgram udp wait root etcbootpd bootpd finger stream tcp nowait bin etcfingerd fingerd login stream tcp nowait root etcrlogind rlogind shell stream tcp nowait root etcremshd remshd exec stream tcp nowait root etcrexecd rexecd Other HP−UX network services printer stream tcp nowait root usrlibrlpdaemon rlpdaemon −i inetd internal services daytime stream tcp nowait root internal daytime dgram udp nowait root internal time stream tcp nowait root internal time dgram udp nowait root internal ..... rpc services, registered by inetd with portmap Do not uncomment these unless your system is running portmap rpc stream tcp nowait root usretcrpc.rexd 100017 1 rpc.rexd rpc dgram udp wait root usretcrpc.rstatd 100001 1−3 rpc.rstatd ..... pop stream tcp nowait root usrlocaletcpopper popper pop2 stream tcp nowait root usrlocaletcpopper popper ..... 361 name type protocol wait−status uid server arguments The fields in the inetd.conf entry are: Field Meaning name The name of a service, as listed in the etcservices file. type The type of data delivery service used, also called socket type: stream The TCP byte stream delivery service. dgram The UDP packet datagram delivery service. raw The direct IP datagram service. protocol The name of a protocol, as listed in the etcprotocols file. wait−status The value for this field: wait inetd waits for the daemon to release the socket, before it begins to listen for more requests nowait inetd can immediately begin to listen for more requests on that socket Generally, datagram−type daemons require wait, and stream−type daemons require nowait. uid The user name under which the daemon runs usually root. server The full pathname of the daemon started by inetd. For some small services, the value of this field can be internal, because it is more efficient for inetd to perform such services internally than to start an external daemon. arguments These are any command−line arguments that should be passed to the daemon when it is started. When an entry is added into the etcinetd.conf file, special attention should be paid that all entered data are well defined. Does the executable program of the added service reside in the specified path? Is the service name listed appropriately in the etcservices file? inetd must know precisely the port number for where to listen for incoming requests for a new service. The protocol name must also be listed appropriately in the etcprotocols file, etc. Some of the entries in the presented etcinetd.conf file are commented; obviously, the corresponding services are disabled. There is no need to delete an entry, it is sufficient simply to comment the entry out. It is common to disable services that carry any potential security risk, for example: tftp, or finger. On some systems, even very popular applications such as telnet and ftp could be disabled.15.5.2 Further Improvements and Development
Parts
» Unix Administration. 7485KB Mar 29 2010 05:04:17 AM
» UNIX Operating System UNIX — Introductory Notes
» Berkeley Standard Distribution — BSD UNIX System V or ATT UNIX
» System Administrators Job UNIX System and Network Administration
» Computing Policies UNIX System and Network Administration
» Legal Acts Administration Guidelines
» Code of Ethics Administration Guidelines
» USENIX System Administrators Guild — SAGE
» In This Book UNIX System and Network Administration
» Introduction The Unix Model — Selected Topics
» Access Classes File ProtectionFile Access
» Default File Mode File ProtectionFile Access
» Plain Regular File Socket Named Pipe
» Special File Names Special File Creation
» Process Types Process Attributes
» Process Life Cycles Processes
» System V ATT Flavored ps Command
» Destroying Processes The UNIX kill command will eliminate a process entirely:
» Becoming a Superuser Communicating with Other Users
» The man Command UNIX Online Documentation
» The uptime Command The uptime command displays:
» Personal Documentation UNIX Administration Starters
» Shell Script Execution UNIX Shell Scripts
» Shell Variables UNIX Shell Scripts
» Double Command−Line Scanning
» Introductory Notes System Startup and Shutdown
» The Bootstrap Program System Startup
» The Kernel Execution System Startup
» System States System Startup
» The Outlook of a Startup Procedure
» Initialization Scripts System Startup
» The BSD rc Scripts BSD Initialization Sequence
» BSD−Like Initialization System V Initialization
» An Example Shutdown Procedures
» Introduction to the UNIX Filesystem
» System V Filesystem Directory Organization
» Mounting a Filesystem home, users
» Dismounting a Filesystem home, users
» Automatic Filesystem Mounting Removable Media Management
» BSD Filesystem Configuration File
» Filesystem Types A Few Other Filesystem Issues
» Swap Space — Paging and Swapping
» Loopback Virtual Filesystem A Few Other Filesystem Issues
» Display Filesystem Statistics: The df Command
» Checking Filesystems: The fsck Command
» Introduction UNIX Filesystem Layout
» Disk Partitions Physical Filesystem Layout
» Filesystem Structures Physical Filesystem Layout
» The mkfs Command Filesystem Creation
» File Identification and Allocation
» File Storage vs. File Transfer
» Reserved Free Space Filesystem Performance Issues
» Logical Volume Manager — AIX Flavor
» Logical Volume Manager — Solaris Flavor
» Redundant Array of Inexpensive Disks RAID
» The Volume Snapshot Snapshot
» The Filesystem Snapshot Snapshot
» Virtual UNIX Filesystem Logical Filesystem Layout
» Disk Space Upgrade UNIX Filesystem Layout
» User Database — File etcpasswd
» Initialization Template Files UNIX Login Initialization
» User Login Initialization Files
» Systemwide Login Initialization Files
» Restricted User Accounts Users and Secondary Groups
» Assigning User Passwords Standard UNIX Users and Groups
» Managing Disk Usage by Users
» System V Accounting Accounting
» AIX−Flavored Accounting Accounting
» Physical Security Passwords UNIX Lines of Defense
» File Permissions UNIX Lines of Defense
» Backups Password Encryption UNIX Lines of Defense
» Setting Password Restrictions UNIX Lines of Defense
» The Wheel Group Secure Terminals — Other Approaches
» History of the Root Account Tracking User Activities
» The syslogd Daemon The Concept of System Logging
» The Configuration File etcsyslog.conf
» Linux Logging Enhancements The logger Command
» Testing System Logging System Logging Configuration
» The last Command Limiting the Growth of Log Files
» BSD Printing Subsystem UNIX Printing Subsystem
» The lp, lpstat, and cancel Commands
» The etcprintcap File BSD Printer Configuration and the Printer Capability Database
» Filters BSD Printer Configuration and the Printer Capability Database
» The Printer Database Directory Hierarchy on System V
» Setting a Remote Printer on HP−UX
» BSD and AIX Cross−Printing Solaris and BSD Cross−Printing
» Third−Party Printer Spooling Systems
» The tput Command The tset, tput, and stty Commands
» The stty Command The tset, tput, and stty Commands
» The tar Command Tape−Related Commands
» The cpio Command Tape−Related Commands
» The dd Command Tape−Related Commands
» The mt Command Magnetic Tape Devices and Special Device Files
» The SVR3 and SVR4 backup Commands
» The fbackup Command Backup and Dump Commands
» The dumpufsdump Command Backup and Dump Commands
» Interactive Restore The restore Commands
» The frecover Command Restoring Files from a Backup
» Tape Control UNIX Backup and Restore
» The NTP Daemon Network Time Distribution
» The crontab Files Network Time Distribution
» The crontab Command Network Time Distribution
» Linux Approach Network Time Distribution
» Programs Scheduled for a Specific Time
» UNIX and Networking Network Fundamentals
» TCPIP and the Internet ISO OSI Reference Model
» TCPIP Protocol Architecture Computer Networks
» Internet Protocol IP Internet Layer and IP Protocol
» Network Access Layer Transport Layer and TCP and UDP Protocols
» Application Layer TCPIP Layers and Protocols
» IP Address Classes Data Delivery
» Dynamic Routing Internet Routing
» Protocols, Ports, and Sockets
» UNIX Database Files Multiplexing
» The arp Command Address Resolution ARP
» The portmapper Daemon The etcrpc File
» The ifconfig Command Configuring the Network Interface
» The netstat Command Configuring the Network Interface
» The inetd Daemon Super Internet Server
» Further Improvements and Development
» Host Names and Addresses Domain Name Service DNS
» The Local Host Table — etchosts
» Handling the NIC Host Table — A Journey into the Past
» Other Resolver Parameters BIND Configuration
» Name Servers UNIX Name Service — BIND
» The Configuration File etcnamed.boot
» The named.local File The named.cache file
» Subdomains and Parenting BIND Version 8.X.X
» The nslookup Interactive Mode
» A Few Examples of nslookup Usage
» Purpose and Concepts Network Information Service NIS
» To Create an NIS Client NIS Domain Name
» The etcnetgroup File DatabasesNIS Maps
» Security Issues NIS Management
» The showmount Command Mounting Remote Filesystems
» An Example The Automount Maps
» The rlogin Command The rcp Command
» The HOME.rhosts File Using UNIX r−Commands — An Example
» SSH Configuration Secure Shell SSH
» Root Access SSH Installation and User Access Setup
» SSH — Version 2 Secure Shell SSH
» Simple Mail Transport Protocol SMTP
» Rewriting an E−mail Address Pattern Matching
» Address Transformation The Parsing of E−mail Addresses
» Testing Rewrite Rules The sendmail −bt Command
» The Debugging Level Checking the Mail Queue
» Mail Subcommands The Mail Program and .mailrc File
» POP Transactions Post Office Protocol POP
» Internet Message Access Protocol IMAP
» Finger Common UNIX Network Applications
» The ping Command Host Connectivity
» The traceroute Command Host Connectivity
» The X Administration Philosophy
» Window Managers An Introduction to the X Window System
» xdm Configuration Files The X Display Managers
» Vendor−Specific X Flavors — a Configuration Example
» XDMCP Queries The Xaccess File
» Other Access Control Mechanisms
» Components of the xdm−Based User X Environment
» Other Startup Methods The User X Environment
» A Permanent X11 Installation
» Introduction to Kernel Reconfiguration
» Kernel Configuration Database Kernel Reconfiguration
» The config Command BSD−Like Kernel Configuration Approach
» HP−UX 10.x Kernel Configuration
» UNIX and Modems Introduction to Modems
» Terminal Lines and Modem Control
» C−Kermit Third−Party Communication Software
» UUCP Versions UUCP Chat−Transfer Session
» The UUCP Daemons UUCP Commands, Daemons, and Related Issues
» The UUCP Spool Directories and Files
» Additional Security in BNU UUCP
» Additional Security in Version 2 UUCP
» Intranet vs. Internet Introduction to Intranet
» Intranet Design Approach Introduction to Intranet
» Life Cycle of a Virus Virus Types
» The Viruswall Implementation Viruswalls
» Application Proxies SOCKS Proxies
» Web Services Intranet Front−End Services
» Other External Services Intranet Front−End Services
» Network Infrastructure and Desktops
» Dynamic Host Configuration Protocol DHCP
» UNIX and Not−UNIX Platform Integration
» HP−UX Installation UNIX Installation Procedures
» Linux Installation UNIX Installation Procedures
» Solaris Patch Installation HP−UX Patch Installation
» Solaris and Lost Root Password HP−UX and Lost Root Password
» Solaris Procedure to Create an Alternate Boot Partition
» Solaris Recovery of the Failed Mirrored Boot Disk
Show more