Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
71727374757677787980
Chapter 2. Securing Your Network
62
service — Specifies the service name, usually one of those listed in the /etc/services file.
flags — Sets any of a number of attributes for the connection. REUSE instructs xinetd to reuse
the socket for a Telnet connection.
Note
The REUSE flag is deprecated. All services now implicitly use the REUSE flag.
socket_type — Sets the network socket type to stream.
wait — Specifies whether the service is single-threaded (yes) or multi-threaded (no).
user — Specifies which user ID the process runs under.
server — Specifies which binary executable to launch.
log_on_failure — Specifies logging parameters for log_on_failure in addition to those
already defined in xinetd.conf.
disable — Specifies whether the service is disabled (yes) or enabled (no).
Refer to the xinetd.conf man page for more information about these options and their usage.
2.3.4.3. Altering xinetd Configuration Files
A range of directives is available for services protected by xinetd. This section highlights some of the
more commonly used options.
2.3.4.3.1. Logging Options
The following logging options are available for both /etc/xinetd.conf and the service-specific
configuration files within the /etc/xinetd.d/ directory.
The following is a list of some of the more commonly used logging options:
ATTEMPT — Logs the fact that a failed attempt was made (log_on_failure).
DURATION — Logs the length of time the service is used by a remote system (log_on_success).
EXIT — Logs the exit status or termination signal of the service (log_on_success).
HOST — Logs the remote host's IP address (log_on_failure and log_on_success).
PID — Logs the process ID of the server receiving the request (log_on_success).
USERID — Logs the remote user using the method defined in RFC 1413 for all multi-threaded
stream services (log_on_failure andlog_on_success).
For a complete list of logging options, refer to the xinetd.conf man page.
2.3.4.3.2. Access Control Options
Users of xinetd services can choose to use the TCP Wrappers hosts access rules, provide access
control via the xinetd configuration files, or a mixture of both. Refer to Section 2.3.2, “TCP Wrappers
Configuration Files” for more information about TCP Wrappers hosts access control files.