Tcp Wrappers - Red Hat ENTERPRISE LINUX 3 System Administration Manual

152
0 — Halt
•
1 — Single-user mode
•
2 — Not used (user-definable)
•
3 — Full multi-user mode
•
4 — Not used (user-definable)
•
5 — Full multi-user mode (with an X-based login screen)
•
6 — Reboot
•
If you use a text login screen, you are operating in runlevel 3. If you use a graphical login screen, you
are operating in runlevel 5.
The default runlevel can be changed by modifying the
the top of the file similar to the following:
id:5:initdefault:
Change the number in this line to the desired runlevel. The change do not take effect until you reboot
the system.
To change the runlevel immediately, use the command
You must be root to use this command. The
file; it only changes the runlevel currently running. When the system is rebooted, it is booted in to the
runlevel specified in

21.2. TCP Wrappers

Many UNIX system administrators are accustomed to using TCP wrappers to manage access to
certain network services. Any network services managed by
with built-in support for
/etc/hosts.allow
names imply,
hosts.allow
controlled by
xinetd
takes precedence over the
individual IP address (or hostnames) or on a pattern of clients. Refer to the Red Hat Enterprise Linux
Reference Guide and
details.
21.2.1.
xinetd
To control access to Internet services, use
daemon conserves system resources, provides access control and logging, and can be used to
xinetd
start special-purpose servers.
access to particular hosts, to provide access to a service at certain times, to limit the rate of incoming
connections and/or the load created by connections, and more
runs constantly and listens on all ports for the services it manages. When a connection request
xinetd
arrives for one of its managed services,
The configuration file for
and an instruction to include the
edit its configuration file in the
service is disabled. If the
configuration files or change its enabled status using the Services Configuration Tool,
the
xinetd
ntsysv, or
chkconfig
the
/etc/xinetd.d
.
/etc/inittab
) can use TCP wrappers to manage access.
libwrap
and
/etc/hosts.deny
contains a list of rules that allow clients to access the network services
, and
hosts.deny
hosts.deny
in section 5 of the man pages (
hosts_access
can be used to provide access only to particular hosts, to deny
xinetd
xinetd
is
xinetd /etc/xinetd.conf
/etc/xinetd.d
/etc/xinetd.d
attribute is set to no, the service is enabled. You can edit any of
disable
. For a list of network services controlled by
directory with the command
Chapter 21. Controlling Access to Services
/etc/inittab
telinit
command does not change the
telinit
files to configure access to system services. As the
contains rules to deny access. The
file. Permissions to grant or deny access can be based on
, which is a secure replacement for
xinetd
starts up the appropriate server for that service.
, but the file only contains a few defaults
directory. To enable or disable an
directory. If the
ls /etc/xinetd.d
file, which contains a line near
followed by the runlevel number.
/etc/inittab
(as well as any program
xinetd
xinetd
hosts.allow
man 5 hosts_access
xinetd
attribute is set to yes, the
disable
, review the contents of
xinetd
.
can use the
file
) for
. The
inetd
service,