Linux Services

Muhammad Amer

2

xinetd Programs In computer networking, xinetd, the eXtended

InterNET Daemon, is an open-source super-server daemon which runs on many Unix-like systems and manages Internet-based connectivity.

The xinetd RPM is installed by default in Fedora/Redhat Linux and uses /etc/xinetd.conf as its main configuration file.

In Unix and other computer multitasking operating systems, a daemon ( or ) is a computer program that runs in the background, rather than under the direct control of a user; they are usually initiated as background processes. ...

3

Controlling xinetd The starting and stopping of the xinetd daemon is

controlled by the by scripts in the /etc/init.d directory and it is behavior at boot time is controlled by chkconfig.

You can start/stop/restart xinetd after booting by using the following commands:

To get xinetd configured to start at boot you can

use the chkconfig command.

[root@mysrv tmp]# service xinetd start[root@mysrv tmp]# service xinetd stop[root@mysrv tmp]# service xinetd restart

[root@mysrv tmp]# chkconfig xinetd on

4

Controlling xinetd-Managed Applications

Xinetd-managed applications all store their configuration files in the /etc/xinetd.d directory.

Each configuration file has a disable statement that can set to yes or no. This governs whether xinetd is allowed to start them or not.

You don't have to edit these files to activate or deactivate the application. The chkconfig command does that automatically will also stops or starts the application accordingly too

5

Telnet Server and Client

6

Telnet Telnet is a program that allows users to log into

server and get a command prompt just as if they were logged into the VGA console.

The Telnet server RPM is installed and disabled by default on Fedora Linux.

One of the disadvantages of Telnet is that the data is sent as clear text.

A more secure method for remote logins would be via Secure Shell (SSH) which uses varying degrees of encryption.

The older Telnet application remains popular. Many network devices don't have SSH clients, making telnet the only means of accessing other devices and servers from them

7

Installing The Telnet Server Software

Older versions of RedHat had the Telnet server installed by default. Fedora Linux does not you will have to install it yourself.

Most Linux software products are available in a precompiled package format. Downloading and installing packages

When searching for the file, the Telnet server RPM's filename usually starts with the word "telnet-server" followed by a version number as in telnet-server-0.17-28.i386.rpm.

8

Setting Up A Telnet Server

To set up a Telnet server use the chkconfig command to activate Telnet.

Use the chkconfig command to deactivate telnet, even after the next reboot.

[root@mysrv tmp]# chkconfig telnet on

[root@mysrv tmp]# chkconfig telnet off

9

Let Telnet Listen On Another TCP Port

Letting telnet run on an alternate TCP port does not encrypt the traffic, but it makes it less likely to be detected as telnet traffic.

Remember that this is not a foolproof strategy; good port scanning programs can detect telnet and other applications running on alternative ports.

10

Let Telnet Listen On Another TCP Port

1. Edit /etc/services file and add an entry for a new service. Call it stelnet.

2. Copy the telnet configuration file called /etc/xinetd.d/telnet and call it /etc/xinetd.d/stelnet:

# Local servicesstelnet 7777/tcp # "secure" telnet

[root@mysrv tmp]# cp /etc/xinetd.d/telnet /etc/xinetd.d/stelnet

11

Let Telnet Listen On Another TCP Port3. Edit the new /etc/xinetd.d/stelnet file. Make the new service

stelnet and add a port statement for TCP port 7777.

4. Use chkconfig to activate stelnet.

# default : on# description : The telnet server serves telnet sessions# unencrypted username/password pairs for authentication.service stelnet{ flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no port = 7777}

[root@mysrv tmp]# chkconfig stelnet on

12

Let Telnet Allow Connections From Trusted Addresses Root can restrict telnet logins access to individual

remote servers by using the only_from keyword in the telnet configuration file.

Add a list of trusted servers to the

/etc/xinetd.d/telnet file separated by spaces:

Restart telnet by

service telnet{ flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no only_from = 192.168.1.100 127.0.0.1 192.168.1.200}

# chkconfig telnet off# chkconfig telnet on

13

Debian / Ubuntu

In Debian / Ubuntu, the Telnet server runs using the inetd, not the xinetd daemon, and uses a single /etc/inetd.conf configuration to manage the activation of the daemons it controls.

To stop Telnet you need only to edit the configuration file, comment out the Telnet server line, and restart inetd as seen in this example:

14

root@mysrv:~# vi /etc/inetd.conf ... ... ... # # File: /etc/inetd.conf #

#telnet stream tcp nowait telnetd.telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd ... ... ... root@mysrv:~# /etc/init.d/inetd restart * Restarting internet superserver... ...done. root@mysrv:~# netstat -a | grep telnet root@mysrv:~#

15

Note

The xinetd package provides much more flexibility than its inetd equivalent.

xinetd allows you to restrict connections to specific source IP addresses and allows you to specify the TCP port and server IP address on which to listen. You may want to convert your system to use the xinetd package for Telnet by installing xinetd and creating your own custom /etc/xinetd.d/telnet configuration file. The rest of the examples in this chapter assume that the more versatile xinetd is being used.

16

You can test whether the Telnet process is running with the following command which is used to check the TCP/UDP ports on which your server is listening, if it isn't running then there will be no response.

[root@mysrv tmp]# netstat -a | grep telnet tcp 0 0 *:telnet *:* LISTEN [root@mysrv tmp]#