Installation guide

ManualsBrandsPythonQ ManualsIndustrial248-8XX

121

122

123

124

125

126

127

128

129

130

Chapter 8. TCP Wrappers and xinetd 123

instances of this service is under a particular threshold, and any other rules speciﬁed for that service

or all xinetd services are followed. Once the target service is brought up for the connecting client,

xinetd goes back to sleep, waiting for additional requests for the services it manages.

8.3.1. xinetd Conﬁguration Files

The xinetd service is controlled by the /etc/xinetd.conf ﬁle, as well as the various service-

speciﬁc ﬁles in the /etc/xinetd.d/ directory.

8.3.1.1. /etc/xinetd.conf

The xinetd.conf ﬁle is the parent of all xinetd-controlled service conﬁguration ﬁles, as the

service-speciﬁc ﬁles are also parsed every time xinetd starts. By default, xinetd.conf contains

some basic conﬁguration settings that apply to every service. Below is an example of a typical

xinetd.conf:

defaults

{

instances = 60

log_type = SYSLOG authpriv

log_on_success = HOST PID

log_on_failure = HOST

cps = 25 30

}

includedir /etc/xinetd.d

These lines control various aspects of xinetd:

• instances — Sets the maximum number of requests a particular service can handle at once.

• log_type — Tells xinetd to use the authpriv log, speciﬁed in /etc/syslog.conf

and set to /var/log/secure by default, rather than using another speciﬁc ﬁle. Using

FILE /var/log/xinetdlog here instead would move xinetd logging to a separate

/var/log/xinetdlog ﬁle.

• log_on_success — Lets xinetd know what to log if the connection is successful. By default,

the remote host’s IP address and the process ID of server processing the request are recorded.

• log_on_failure — Tells xinetd what to log if the connection fails or is not allowed.

• cps — Tells xinetd to allow no more than 25 connections per second to a given service. If this

limit is reached, the service is retired for 30 seconds.

Note

Both the log_on_success and log_on_failure settings in /etc/xinetd.conf are often modiﬁed

by each service, meaning that successful and failed connections will usually log more information

than is indicated in /etc/xinetd.conf.

Various logging options are available in /etc/xinetd.conf and the service-speciﬁc xinetd con-

ﬁguration ﬁles:

• ATTEMPT — Logs the fact that a failed attempt was made. (log_on_failure)

• DURATION — Logs the length of time the service is used by a remote system. (log_on_success)