124


Chapter 8. TCP Wrappers and


xinetd


  EXIT


  Logs the exit status or termination signal of the service. (


log_on_success


)


  HOST


  Logs the remote host's IP address. (


log_on_failure


and


log_on_success


)


  PID


  Logs the process ID of the server receiving the request. (


log_on_success


)


  RECORD


  Records information about the remote system in the case the service cannot be started.


Only particular services, such as


login


and


finger


, may use this option. (


log_on_failure


)


  USERID


  Logs the remote user using the method defined in RFC 1413 for all multi threaded


stream services. (


log_on_failure


and


log_on_success


)


Other options for


/etc/xinetd.conf


are available, such as


per_source


, which limits the maxi 


mum number of connections from a particular IP address to a specific service. See the man page for


xinetd


for more information.


8.3.1.2. Files in the


/etc/xinetd.d/


Directory


The files in the


/etc/xinetd.d/


directory are read every time


xinetd


starts, due to the


in 


cludedir /etc/xinetd.d/


statement at the bottom of


/etc/xinetd.conf


. These files, with


names such as


finger


,


ipop3


, and


rlogin


, correlate to the services controlled by


xinetd


.


The files in


/etc/xinetd.d/


use the same conventions as


/etc/xinetd.conf


. The primary reason


they are stored in separate configuration files is to make it easier to add and remove a service from


xinetd


without affecting other services.


To get an idea of how these files are structured, consider the


wu ftp


file:


service ftp


{


socket_type


= stream


wait


= no


user


= root


server


= /usr/sbin/in.ftpd


server_args


=  l  a


log_on_success


+= DURATION USERID


log_on_failure


+= USERID


nice


= 10


disable


= yes


}


The first line defines the service's name. The lines within the brackets contain settings that define how


this service is supposed to be started and used. The


wu ftp


file states that the FTP service uses a


stream


socket type (rather than


dgram


), the binary executable file to use, the arguments to pass to


the binary, the information to log in addition to the


/etc/xinetd.conf


settings, the priority with


which to run the service, and more.


The use of


xinetd


with a service also can serve as a basic level of protection from a Denial of


Service (DoS) attack. The


max_load


option takes a floating point value to set a CPU usage threshold


when no more connections for a particular service will be accepted, preventing certain services from


overwhelming the system. The


cps


option accepts an integer value to set a rate limit on the number


of connections available per second. Configuring this value to something low, such as


3


, will help


prevent attackers from being able to flood your system with too many simultaneous requests for a


particular service.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved