Configuring Various Network Services using xinetd in Linux RHEL5/6)

+ In this post we will be Discussing about :[hide] Task 1: Installation and Configuration of Xinetd Step 1. Install the xinetd package: Step 2. Verify that the package is installed correctly: Step 3. Install the required package: Step 4. Verify that the package is installed correctly: Step 5. Enable the TFTP server to start when the system boots: Step 6. Verify that the service will start during boot: Step 7. At this point, you should also enable the xinetd service itself to start on system boot: Step 8. Verify that the service will start during boot: Step 9. Use chkconfig to view all the xinetd services: Step 10. To get the service up and running without a system reboot, just adjust any config file options youd like and restart the xinetd service: Step 11. Verify that the xinetd service is now running on the system and listening on UDP port 69 for connections: Task2 : Securing Xineted Services using iptables Step 1. Use iptables to create the required firewall rule: Step 2. Save the firewall rule you just created: Step 3. Then restart the iptables service: Share & DiscussAs a system administrator, you will most likely need to provide your users with network and Internet services. These services may include FTP, HTTP, or Telnet.

Although some software packages like Apache provide a single service (HTTP), there is also a master service called xinetd that can run multiple services at the same time.

It is also a widely used service in the real world, particularly when it comes to automating the installation of Red Hat. There are really only a few things that you need to know to be able to use the xinetd service. This package doesnt always come installed by default, so first lets install it.

Task 1: Installation and Configuration of XinetdStep 1. Install the xinetd package:# yum install y xinetd

Step 2. Verify that the package is installed correctly:# rpm -qa | grep xinetdxinetd-2.3.14-29.el6.x86_64

With the service installed, you can shift your focus to the config files. The xinetd service has a master config file (/etc/xinetd.conf), which inherits all the settings of the services that it controls.

Aside from this master config file, a single directory (/etc/xinetd.d) contains individual config files for each service you would like xinetd to run.

As an example, lets set up a TFTP server, which can be used to back up config files for Cisco switches or to deliver data to clients during a PXE boot process (also known as a network installation).

Step 3. Install the required package:# yum install -y tftp-server

Step 4. Verify that the package is installed correctly:# rpm -qa | grep tftptftp-server-0.49-5.1.el6.x86_64

Now that the package is installed, you can go into the /etc/xinetd.d directory and see the config file for the new service. By default, the TFTP service is disabled. Lets look at the config file, which is small and simpleto understand.

# cat /etc/xinetd.d/tftpservice tftp{socket_type = dgramprotocol = udpwait = yesuser = rootserver = /usr/sbin/in.tftpdserver_args = -s /tftpbootdisable = yesper_source = 11cps = 100 2flags = IPv4}

Here, you can see the basics, such as which protocol it uses, whether the service is disabled, and what arguments are passed to the service during startup. For this example, all the defaults work fine. You may be wondering why I suggest leaving the service disabled if you want to use it. Services that are controlled by xinetd can be enabled in the config file when you enable them during the boot process.

Step 5. Enable the TFTP server to start when the system boots:# chkconfig tftp on

Step 6. Verify that the service will start during boot:# chkconfig tftp list tftp on

Looking back in the config file now, notice that the service has been automatically enabled to start. You can verify this by checking the file:

# cat /etc/xinetd.d/tftp | grep disabledisable = no

Step 7. At this point, you should also enable the xinetd service itself to start on system boot:# chkconfig xinetd on

Step 8. Verify that the service will start during boot:# chkconfig xinetd listxinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off

There is also one other thing you can verify. You can get a list of all services enabled during boot by using the chkconfig command. The difference here, though, is that the xinetd service lists not only its boot levels,but also those of all the services that it controls.

Step 9. Use chkconfig to view all the xinetd services:# chkconfig listxinetd 0:off 1:off 2:on 3:on 4:on 5:on 6:offxinetd based services:chargen-dgram: offchargen-stream: offdaytime-dgram: offdaytime-stream: offdiscard-dgram: offdiscard-stream: offecho-dgram: offecho-stream: offtcpmux-server: offtftp: ontime-dgram: offtime-stream: off

You can see here that the xinetd service is set to start on boot and that the TFTP service is the only service it will start.

Step 10. To get the service up and running without a system reboot, just adjust any config file options youd like and restart the xinetd service:# service xinetd restartStopping xinetd: [ OK ]Starting xinetd: [ OK ]

Step 11. Verify that the xinetd service is now running on the system and listening on UDP port 69 for connections:# netstat -a | grep tftpudp 0 0 *:tftp *:*

The xinetd service understands services from /etc/services and ports from /etc/rpc. These two files define all services and ports that the system can use to offer different network services to clients using the xinetd master service.

The xinetd service is fairly simple to configure, but you should make sure that you definethe config file for the services that you want to use within the /etc/xinetd.d directory and restart the service before use.

For simple troubleshooting of any xinetd service, you can check the /var/log/messages file, which is the place where the /etc/xinetd.conf config file defines all logs to be sent.

Although the default configuration options are usually fine, you can also edit the information sent to the log file by editing the main config file.

The following options are available for logging:

Attempt Duration Exit Pid Host Userid

You also have the following host access options:

only_from no_access access_times

They can be defined within the main config file for security restrictions. Usually, it is better to let the firewall and TCP Wrappers take care of restricting certain clients, but you should know that the options are available.

Task2 : Securing Xineted Services using iptablesAlthough the xinetd service can actually handle multiple services, you need to ensure that you have createdthe appropriate firewall rule for each server you intend to use. Because you have configured a TFTP server for this example, youneed to ensure that you createa rule to allow the TFTP server to be used.

Step 1. Use iptables to create the required firewall rule:# iptables -I INPUT 5 -p udp -m udp dport 69 -j ACCEPT

Step 2. Save the firewall rule you just created:# service iptables saveSaving firewall rules to /etc/sysconfig/iptables: [ OK ]

Step 3. Then restart the iptables service:# service iptables restartiptables: Flushing firewall rules: [ OK ]iptables: Setting chains to policy ACCEPT: filter [ OK ]iptables: Unloading modules: [ OK ]iptables: Applying firewall rules: [ OK ]