Table of Contents
Advertisement
152
}
The first line defines the service's name that is being configured. Then, the lines within the brackets
contain a variety of different settings that define how this service is supposed to be started and used.
The wu-ftp file states that the FTP service uses a streaming socket type (rather than dgram), the
binary executable file to use, the arguments to pass to the binary, the information to log in addition to
the /etc/xinetd.conf settings, the priority with which to run the service, and more.
The use of xinetd with a particular service also can serve as a basic level of protection from a
Denial of Service (DoS) attack. The max_load option takes a floating point value to set a CPU
usage threshold when no more connections for a particular service will be accepted, preventing certain
services from overwhelming the system. The cps option accepts an integer value to set a rate limit on
the number of connections available per second. Configuring this value to something low, such as 3,
will help prevent attackers from being able to flood your system with too many simultaneous requests
for a particular service.
Access Control within xinetd
Users of xinetd services can choose to use the TCP wrapper host access control files (hosts.al-
low and hosts.deny), provide access control via the xinetd configuration files, or a mixture of
both. Information concerning the use of TCP wrapper host access control files can be found in Section
9.2, Host-Based Access Control Lists. This section will discuss using xinetd to control access to
the services it controls.
Unlike TCP wrapper host access control files, any changes to xinetd con-
figuration files require a restart of the xinetd service, as well as a restart
of any service affected by the change, to go into affect.
The xinetd host access control available through its various configuration files is different from the
method used by TCP wrappers. While TCP wrappers places all of the access configuration within two
files, /etc/hosts.allow and /etc/hosts.deny, each service's file in /etc/xinetd.d
can contain access control rules based on the hosts that will be allowed to use that service.
wait
user
server
server_args
log_on_success
log_on_failure
nice
disable
Chapter 9:TCP Wrappers and xinetd
= no
= root
= /usr/sbin/in.ftpd
= -l -a
+= DURATION USERID
+= USERID
= 10
= yes
Note
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat LINUX 7.2
Related Products for Red Hat LINUX 7.2
- Red Hat LINUX 7.1 - ISERIES
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.1
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
- Red Hat ENTERPRISE LINUX 5 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 - LVM ADMINISTRATION
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
Need help?
Do you have a question about the LINUX 7.2 and is the answer not in the manual?
Questions and answers