xinetd

最後更新: 2021-08-23

介紹

 

super-server: only daemon process started and it listens on all service ports for the services

multi-threaded: forking of a new server process for each new connection request

single-threaded: xinetd will stop handling new requests for them until the server dies.

 


Check version

 

xinetd -version

xinetd Version 2.3.14 libwrap loadavg

 


Usage

 

xinetd [-d] [-f config_file] [-filelog filename] [-syslog facility] [-pidfile filename] \

          [-reuse] [-limit proc_limit] [-logprocs limit] [-shutdownprocs limit] [-cc interval]

有用的 opts

-d                           # debug  <-- 相當有用, 因為 Default 有錯都不會在 stdout 看到

-limit proc_limit       # number of concurrently running processes that can be started by xinetd

xinetd -d -f /etc/xinetd.conf

... DEBUG: 9132 {handle_includedir} Reading included configuration file: /etc/xinetd.d/munin [file=/etc/xinetd.conf] [line=6]
... ERROR: 9132 {check_entry} service/protocol combination not in /etc/services: munin/tcp

 


Configure File

 

# 主設定檔

/etc/xinetd.conf

defaults
{
    ...
    log_type = SYSLOG daemon info
}
includedir /etc/xinetd.d

# 每一個 Service 都有自己的設定檔:

/etc/xinetd.d/service

service <service_name>
{
    <attribute> <assign_op> <value> <value> ...
    ...
}

service_name

必須在 /etc/services

assign_op

  • '=' 
  • '+= means adding a value to the set
  • '-=' means removing  a  value  from  the  set.

Example:

/etc/xinetd.d/munin-node

service munin
{
    disable         = no
    socket_type     = stream
    protocol        = tcp
    wait            = no
    instances       = 1
    user            = munin-node
    group           = munin-node
    only_from       = 192.168.88.175
    server          = /usr/bin/munin-node
    log_type        = /var/log/munin-node.log
    log_on_failure  = HOST
    log_on_success  = HOST
}

disable:

"yes" or "no"

socket_type:

stream | dgram | raw | seqpacket

一般而言, 都是用 stream

dgram: UDP

raw: service that requires direct access to IP

protocol:

The protocol must exist in /etc/protocols.

wait:

  • yes => single-threaded
  • no  => xinetd will keep handling new service requests and xinetd will accept the connection.

instances:

number of servers that can be simultaneously active. Default: UNLIMITED

user & group:

執行的 permission

only_from:

X.X.X.X/32                          # list of IP addresses

server:

行的 dasmon (i.e. munin-node, rsync)

log_type:

  • SYSLOG: syslog_facility [syslog_level]
  • FILE:  file

Other Opts

server_args:

The arguments passed to the server

cps:

cps m n

  • m    # incoming connections is higher than this, the service will  be temporarily disabled.
  • n     # seconds to wait before re-enabling the service (default 10)

max_load:

load at which the service will stop accepting connections.

nice:

server priority

bind:

Allows a service to be bound to a specific interface on the machine

log_on_X:

log_on_failure

determines what information is logged when a server cannot be started

HOST         # logs the remote host address.

ATTEMPT     # logs the fact that a failed attempt was made

log_on_success

flags:

  • NOLIBWRAP  # This disables internal calling of the tcpwrap library to determine access to the service.
  • IPv6             # Sets the service to be an IPv6 service (AF_INET6)
  • IPv4             # Sets the service to be an IPv4 service (AF_INET)
  • KEEPALIVE   # If the service is a tcp service and the KEEPALIVE flag is set
  • NODELAY     # If the service is a tcp service and the NODELAY flag is set

 


Reload configure file

 

killall -HUP xinetd

 


Doc

man 5 xinetd.conf

 


Other