📄 00000000.htm

📁 一份很好的linux入门资料
💻 HTM
📖 第 1 页 / 共 5 页
字号:
12 3 4 5 下一页
<HTML><HEAD>  <TITLE>BBS水木清华站∶精华区</TITLE></HEAD><BODY><CENTER><H1>BBS水木清华站∶精华区</H1></CENTER>发信人:&nbsp;jester&nbsp;(玩笑鬼),&nbsp;信区:&nbsp;Linux&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>标&nbsp;&nbsp;题:&nbsp;an&nbsp;unofficial&nbsp;xinetd&nbsp;tutorial&nbsp;<BR>发信站:&nbsp;BBS&nbsp;水木清华站&nbsp;(Wed&nbsp;Nov&nbsp;29&nbsp;09:29:47&nbsp;2000)&nbsp;<BR>&nbsp;<BR>An&nbsp;Unofficial&nbsp;Xinetd&nbsp;Tutorial&nbsp;<BR>by&nbsp;curator,&nbsp;The&nbsp;Shmoo&nbsp;Group.&nbsp;<BR>Contents:&nbsp;<BR>What&nbsp;xinetd&nbsp;does&nbsp;<BR>Installation&nbsp;<BR>Configuration&nbsp;file&nbsp;basics&nbsp;<BR>A&nbsp;Simple&nbsp;Configuration&nbsp;with&nbsp;little&nbsp;access&nbsp;control&nbsp;<BR>A&nbsp;More&nbsp;Complicated&nbsp;Configuration&nbsp;with&nbsp;Access&nbsp;Control&nbsp;<BR>Day&nbsp;to&nbsp;day&nbsp;use&nbsp;of&nbsp;xinetd&nbsp;(or&nbsp;updating&nbsp;the&nbsp;xinetd.conf)&nbsp;<BR>Port&nbsp;redirection&nbsp;<BR>Additional&nbsp;info&nbsp;for&nbsp;Mac&nbsp;OS&nbsp;X&nbsp;(Server)&nbsp;<BR>Parting&nbsp;words&nbsp;<BR>----------------------------------------------------------------------------&nbsp;<BR>----&nbsp;<BR>What&nbsp;xinetd&nbsp;does&nbsp;<BR>xinetd&nbsp;is&nbsp;a&nbsp;secure&nbsp;replacement&nbsp;for&nbsp;inetd,&nbsp;and&nbsp;a&nbsp;more&nbsp;efficient&nbsp;replacement&nbsp;f&nbsp;<BR>or&nbsp;inetd&nbsp;and&nbsp;tcp_wrappers.&nbsp;It&nbsp;sports&nbsp;a&nbsp;number&nbsp;of&nbsp;features&nbsp;that&nbsp;make&nbsp;it&nbsp;a&nbsp;goo&nbsp;<BR>d&nbsp;choice&nbsp;for&nbsp;securing&nbsp;a&nbsp;server.&nbsp;These&nbsp;include&nbsp;access&nbsp;control&nbsp;(based&nbsp;on&nbsp;sourc&nbsp;<BR>e&nbsp;address,&nbsp;destination&nbsp;address,&nbsp;and&nbsp;time),&nbsp;extensive&nbsp;logging,&nbsp;and&nbsp;the&nbsp;abilit&nbsp;<BR>y&nbsp;to&nbsp;bind&nbsp;services&nbsp;to&nbsp;specific&nbsp;interfaces.&nbsp;This&nbsp;tutorial&nbsp;will&nbsp;attempt&nbsp;to&nbsp;giv&nbsp;<BR>e&nbsp;an&nbsp;administrator&nbsp;the&nbsp;necessary&nbsp;tools&nbsp;to&nbsp;install,&nbsp;configure,&nbsp;and&nbsp;maintain&nbsp;x&nbsp;<BR>inetd.&nbsp;<BR>Being&nbsp;a&nbsp;&quot;secure&nbsp;replacement&nbsp;for&nbsp;inetd&quot;,&nbsp;xinetd&nbsp;attempts&nbsp;to&nbsp;do&nbsp;everything&nbsp;tha&nbsp;<BR>t&nbsp;inetd&nbsp;does,&nbsp;only&nbsp;securely.&nbsp;This&nbsp;means&nbsp;that,&nbsp;like&nbsp;inetd,&nbsp;it&nbsp;is&nbsp;a&nbsp;super-serv&nbsp;<BR>er.&nbsp;Both&nbsp;xinetd&nbsp;and&nbsp;inetd&nbsp;read&nbsp;in&nbsp;their&nbsp;configuration&nbsp;files&nbsp;which&nbsp;are&nbsp;basica&nbsp;<BR>lly&nbsp;a&nbsp;list&nbsp;of&nbsp;IP&nbsp;services&nbsp;to&nbsp;listen&nbsp;to.&nbsp;The&nbsp;super-servers&nbsp;&quot;listen&quot;&nbsp;on&nbsp;the&nbsp;po&nbsp;<BR>rts&nbsp;defined&nbsp;by&nbsp;those&nbsp;listed&nbsp;in&nbsp;configuration&nbsp;files&nbsp;for&nbsp;connection&nbsp;attemps&nbsp;on&nbsp;<BR>&nbsp;those&nbsp;ports.&nbsp;When&nbsp;it&nbsp;receives&nbsp;a&nbsp;connection&nbsp;on&nbsp;a&nbsp;port&nbsp;it&nbsp;thinks&nbsp;it&nbsp;has&nbsp;a&nbsp;ser&nbsp;<BR>vice&nbsp;for,&nbsp;it&nbsp;attempts&nbsp;to&nbsp;start&nbsp;the&nbsp;requisite&nbsp;server.&nbsp;There&nbsp;are&nbsp;exceptions&nbsp;to&nbsp;<BR>&nbsp;this&nbsp;scheme,&nbsp;mostly&nbsp;for&nbsp;single-threaded&nbsp;servers,&nbsp;where&nbsp;the&nbsp;super-servers&nbsp;si&nbsp;<BR>mply&nbsp;start&nbsp;the&nbsp;server,&nbsp;which&nbsp;then&nbsp;takes&nbsp;care&nbsp;of&nbsp;service&nbsp;requests&nbsp;until&nbsp;the&nbsp;s&nbsp;<BR>erver&nbsp;dies.&nbsp;<BR>Where&nbsp;inetd&nbsp;and&nbsp;xinetd&nbsp;begin&nbsp;to&nbsp;differ&nbsp;is&nbsp;xinetd's&nbsp;support&nbsp;for&nbsp;RPC&nbsp;services;&nbsp;<BR>&nbsp;it&nbsp;isn't&nbsp;great.&nbsp;The&nbsp;author&nbsp;of&nbsp;xinetd&nbsp;suggests&nbsp;that&nbsp;an&nbsp;admin&nbsp;running&nbsp;an&nbsp;rpc&nbsp;&nbsp;<BR>service&nbsp;do&nbsp;so&nbsp;from&nbsp;inetd.&nbsp;xinetd&nbsp;and&nbsp;inetd&nbsp;can&nbsp;cohabitate&nbsp;quite&nbsp;peacefully.&nbsp;&nbsp;<BR>Another&nbsp;thing&nbsp;that&nbsp;differs&nbsp;is&nbsp;the&nbsp;configuration&nbsp;files;&nbsp;the&nbsp;two&nbsp;are&nbsp;mutually&nbsp;&nbsp;<BR>incompatible.&nbsp;xinetd's&nbsp;conf&nbsp;file&nbsp;contains&nbsp;more&nbsp;information&nbsp;than&nbsp;inetd&nbsp;does&nbsp;i&nbsp;<BR>n&nbsp;order&nbsp;to&nbsp;handle&nbsp;the&nbsp;additional&nbsp;security&nbsp;parameters.&nbsp;<BR>----------------------------------------------------------------------------&nbsp;<BR>----&nbsp;<BR>Installation&nbsp;<BR>First&nbsp;you&nbsp;need&nbsp;to&nbsp;download&nbsp;the&nbsp;latest&nbsp;source&nbsp;from&nbsp;xinetd.org&nbsp;to&nbsp;some&nbsp;conveni&nbsp;<BR>ent&nbsp;directory&nbsp;(ie.,&nbsp;/usr/local/src).&nbsp;Once&nbsp;downloaded,&nbsp;expand&nbsp;the&nbsp;archive&nbsp;and&nbsp;<BR>&nbsp;change&nbsp;to&nbsp;its&nbsp;directory.&nbsp;(If&nbsp;running&nbsp;Mac&nbsp;OS&nbsp;X(S),&nbsp;there&nbsp;is&nbsp;a&nbsp;section&nbsp;later&nbsp;&nbsp;<BR>in&nbsp;this&nbsp;tutorial&nbsp;that&nbsp;has&nbsp;additional&nbsp;to&nbsp;assist&nbsp;you&nbsp;in&nbsp;this&nbsp;process.)&nbsp;<BR>It&nbsp;is&nbsp;possible&nbsp;to&nbsp;compile&nbsp;xinetd&nbsp;with&nbsp;libwrap&nbsp;support&nbsp;by&nbsp;adding&nbsp;the&nbsp;--with-l&nbsp;<BR>ibwrap&nbsp;flag&nbsp;to&nbsp;./configure.&nbsp;This&nbsp;allows&nbsp;xinetd&nbsp;to&nbsp;use&nbsp;the&nbsp;hosts.{allow&nbsp;|&nbsp;den&nbsp;<BR>y}&nbsp;mechanism.&nbsp;To&nbsp;do&nbsp;so,&nbsp;you'll&nbsp;need&nbsp;to&nbsp;have&nbsp;tcp_wrappers&nbsp;installed,&nbsp;and&nbsp;the&nbsp;&nbsp;<BR>requisite&nbsp;libraries&nbsp;in&nbsp;place.&nbsp;The&nbsp;decision&nbsp;to&nbsp;do&nbsp;so&nbsp;is&nbsp;up&nbsp;to&nbsp;the&nbsp;individual&nbsp;&nbsp;<BR>admin.&nbsp;This&nbsp;option&nbsp;exists&nbsp;mostly&nbsp;to&nbsp;help&nbsp;those&nbsp;more&nbsp;comfortable&nbsp;with&nbsp;the&nbsp;wra&nbsp;<BR>pper&nbsp;mechanism&nbsp;to&nbsp;more&nbsp;easily&nbsp;configure&nbsp;xinetd.&nbsp;We&nbsp;suggest&nbsp;that&nbsp;you&nbsp;do&nbsp;not&nbsp;c&nbsp;<BR>ompile&nbsp;the&nbsp;software&nbsp;with&nbsp;libwrap&nbsp;support&nbsp;unless&nbsp;you&nbsp;have&nbsp;the&nbsp;need;&nbsp;it&nbsp;is&nbsp;bes&nbsp;<BR>t&nbsp;and&nbsp;most&nbsp;flexible&nbsp;to&nbsp;do&nbsp;without&nbsp;it.&nbsp;<BR>Further&nbsp;options&nbsp;are&nbsp;available&nbsp;(such&nbsp;as&nbsp;install&nbsp;paths,&nbsp;ipv6&nbsp;support,&nbsp;etc)&nbsp;and&nbsp;<BR>&nbsp;you&nbsp;should&nbsp;read&nbsp;the&nbsp;install&nbsp;docs&nbsp;to&nbsp;determince&nbsp;which&nbsp;of&nbsp;these&nbsp;settings&nbsp;is&nbsp;c&nbsp;<BR>orrect&nbsp;for&nbsp;you.&nbsp;<BR>Once&nbsp;you've&nbsp;run&nbsp;./configure&nbsp;with&nbsp;the&nbsp;options&nbsp;you&nbsp;need,&nbsp;run&nbsp;&quot;make&quot;&nbsp;followed&nbsp;b&nbsp;<BR>y&nbsp;&quot;make&nbsp;install&quot;&nbsp;as&nbsp;root.&nbsp;Assuming&nbsp;xinetd&nbsp;makes&nbsp;and&nbsp;installs&nbsp;with&nbsp;no&nbsp;errors,&nbsp;<BR>&nbsp;the&nbsp;next&nbsp;thing&nbsp;to&nbsp;do&nbsp;is&nbsp;configure&nbsp;it.&nbsp;If&nbsp;it&nbsp;doesn't,&nbsp;you&nbsp;may&nbsp;wish&nbsp;to&nbsp;subscr&nbsp;<BR>ibe&nbsp;to&nbsp;the&nbsp;xinetd&nbsp;maillist&nbsp;by&nbsp;sending&nbsp;a&nbsp;message&nbsp;to&nbsp;<A HREF="mailto:majordomo@synack.net">majordomo@synack.net</A>&nbsp;with&nbsp;<BR>&nbsp;a&nbsp;body&nbsp;of&nbsp;&quot;subscribe&nbsp;xinetd&quot;.&nbsp;<BR>----------------------------------------------------------------------------&nbsp;<BR>----&nbsp;<BR>Configuration&nbsp;file&nbsp;basics&nbsp;<BR>xinetd&nbsp;ships&nbsp;with&nbsp;a&nbsp;perl&nbsp;script&nbsp;(installed&nbsp;in&nbsp;the&nbsp;same&nbsp;directory&nbsp;as&nbsp;the&nbsp;xine&nbsp;<BR>td&nbsp;binary)&nbsp;that&nbsp;conveniently&nbsp;converts&nbsp;an&nbsp;inetd.conf&nbsp;into&nbsp;a&nbsp;xinetd.conf.&nbsp;It&nbsp;m&nbsp;<BR>ay&nbsp;be&nbsp;invoked&nbsp;as&nbsp;&quot;/usr/sbin/xconv.pl&nbsp;&lt;&nbsp;/etc/inetd.conf&nbsp;&gt;&nbsp;/tmp/xinetd.conf&quot;,&nbsp;&nbsp;<BR>where&nbsp;&quot;/usr/sbin&quot;&nbsp;is&nbsp;your&nbsp;path&nbsp;to&nbsp;the&nbsp;xinetd&nbsp;executable.&nbsp;<BR>xconv.pl&nbsp;will&nbsp;try&nbsp;to&nbsp;make&nbsp;a&nbsp;xinetd.conf&nbsp;from&nbsp;your&nbsp;original&nbsp;inetd.conf&nbsp;as&nbsp;bes&nbsp;<BR>t&nbsp;it&nbsp;can,&nbsp;but&nbsp;most&nbsp;admins&nbsp;will&nbsp;want&nbsp;(read:&nbsp;need)&nbsp;to&nbsp;modify&nbsp;the&nbsp;xinetd.conf&nbsp;i&nbsp;<BR>t&nbsp;generates.&nbsp;For&nbsp;instance,&nbsp;many&nbsp;BSD's&nbsp;(including&nbsp;Mac&nbsp;OS&nbsp;X&nbsp;[Server])&nbsp;require&nbsp;&nbsp;<BR>that&nbsp;each&nbsp;service&nbsp;have&nbsp;a&nbsp;&quot;groups&nbsp;=&nbsp;yes&quot;&nbsp;setting.&nbsp;<BR>The&nbsp;defaults&nbsp;section&nbsp;<BR>xconv.pl&nbsp;by&nbsp;default&nbsp;makes&nbsp;a&nbsp;defaults&nbsp;section&nbsp;that&nbsp;looks&nbsp;something&nbsp;like&nbsp;this:&nbsp;<BR>&nbsp;<BR>&nbsp;defaults&nbsp;<BR>&nbsp;{&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#The&nbsp;maximum&nbsp;number&nbsp;of&nbsp;requests&nbsp;a&nbsp;particular&nbsp;service&nbsp;may&nbsp;handle&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;at&nbsp;once.&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;instances&nbsp;&nbsp;&nbsp;=&nbsp;25&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;The&nbsp;type&nbsp;of&nbsp;logging.&nbsp;&nbsp;This&nbsp;logs&nbsp;to&nbsp;a&nbsp;file&nbsp;that&nbsp;is&nbsp;specified.&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;Another&nbsp;option&nbsp;is:&nbsp;SYSLOG&nbsp;syslog_facility&nbsp;[syslog_level]&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;log_type&nbsp;&nbsp;&nbsp;&nbsp;=&nbsp;FILE&nbsp;/var/log/servicelog&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;What&nbsp;to&nbsp;log&nbsp;when&nbsp;the&nbsp;connection&nbsp;succeeds.&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;PID&nbsp;logs&nbsp;the&nbsp;pid&nbsp;of&nbsp;the&nbsp;server&nbsp;processing&nbsp;the&nbsp;request.&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;HOST&nbsp;logs&nbsp;the&nbsp;remote&nbsp;host's&nbsp;ip&nbsp;address.&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;USERID&nbsp;logs&nbsp;the&nbsp;remote&nbsp;user&nbsp;(using&nbsp;RFC&nbsp;1413)&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;EXIT&nbsp;logs&nbsp;the&nbsp;exit&nbsp;status&nbsp;of&nbsp;the&nbsp;server.&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;DURATION&nbsp;logs&nbsp;the&nbsp;duration&nbsp;of&nbsp;the&nbsp;session.&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;log_on_success&nbsp;=&nbsp;HOST&nbsp;PID&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;What&nbsp;to&nbsp;log&nbsp;when&nbsp;the&nbsp;connection&nbsp;fails.&nbsp;&nbsp;Same&nbsp;options&nbsp;as&nbsp;above&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;log_on_failure&nbsp;=&nbsp;HOST&nbsp;RECORD&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;The&nbsp;maximum&nbsp;number&nbsp;of&nbsp;connections&nbsp;a&nbsp;specific&nbsp;IP&nbsp;address&nbsp;can&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;have&nbsp;to&nbsp;a&nbsp;specific&nbsp;service.&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;per_source&nbsp;&nbsp;=&nbsp;5&nbsp;<BR>&nbsp;}&nbsp;<BR>Here&nbsp;we&nbsp;can&nbsp;begin&nbsp;to&nbsp;see&nbsp;some&nbsp;of&nbsp;the&nbsp;basic&nbsp;characteristics&nbsp;of&nbsp;a&nbsp;conf&nbsp;file.&nbsp;S&nbsp;<BR>ections&nbsp;have&nbsp;the&nbsp;general&nbsp;form:&nbsp;<BR>&nbsp;sectiontypeorname&nbsp;<BR>&nbsp;{&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&lt;attribute&gt;&nbsp;&lt;assign_op&gt;&nbsp;&lt;value&gt;&lt;value&gt;&nbsp;...&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&lt;anotherattribute&gt;&nbsp;&lt;assign_op&gt;&nbsp;&lt;value&gt;&lt;value&gt;&nbsp;...&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;...&nbsp;<BR>&nbsp;}&nbsp;<BR>Lines&nbsp;beginning&nbsp;with&nbsp;&quot;#&quot;&nbsp;are&nbsp;comments.&nbsp;Whitespace&nbsp;lines&nbsp;are&nbsp;ignored.&nbsp;There&nbsp;c&nbsp;<BR>an&nbsp;be&nbsp;only&nbsp;one&nbsp;defaults&nbsp;section&nbsp;in&nbsp;a&nbsp;xinetd.conf&nbsp;file.&nbsp;In&nbsp;the&nbsp;defaults&nbsp;secti&nbsp;<BR>on&nbsp;the&nbsp;assign_op&nbsp;is&nbsp;only&nbsp;a&nbsp;&quot;=&quot;.&nbsp;<BR>The&nbsp;defaults&nbsp;section,&nbsp;as&nbsp;its&nbsp;name&nbsp;implies,&nbsp;specifies&nbsp;default&nbsp;settings&nbsp;for&nbsp;th&nbsp;<BR>
12 3 4 5 下一页
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -