Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsSoftwareNETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
919293949596979899100
92 Chapter 8. Controlling Access to Services
0 — Halt
1 — Single-user mode
2 — Not used (user-definable)
3 — Full multi-user mode
4 — Not used (user-definable)
5 — Full multi-user mode (with an X-based login screen)
6 — Reboot
If you configured the X Window System during the Red Hat Linux installation program, you
had the option of choosing a graphical or text login screen. If you chose a text login screen,
you are operating in runlevel 3. If you chose a graphical login screen, you are operating in
runlevel 5.
The default runlevel can be changed by modifying the /etc/inittab file, which contains a
line near the top of the file similar to the following:
id:3:initdefault:
Change the number in this line to the desired runlevel. The change will not take effect until
you reboot the system.
To change the runlevel immediately, use the command telinit followed by the runlevel
number. You must be root to use this command.
8.2. TCP Wrappers
Many UNIX system administrators are accustomed to using TCP wrappers to manage ac-
cess to certain network services. Any network services managed by xinetd (as well as any
program with built-in support for libwrap) can use TCP wrappers to manage access. xinetd
can use the /etc/hosts.allow and /etc/hosts.deny files to configure access to system
services. As the names imply, hosts.allow contains a list of rules clients allowed to access
the network services controlled by xinetd, and hosts.deny contains rules to deny access.
The hosts.allow file takes precedence over the hosts.deny file. Permissions to grant or
deny access can be based on individual IP address (or hostnames) or on a pattern of clients.
See the Official Red Hat Linux Reference Guide and the hosts_access man page for details.
8.2.1. xinetd
To control access to Internet services, use xinetd, which is a secure replacement for inetd.
The xinetd daemon conserves system resources, provides access control and logging, and
can be used to start special-purpose servers. xinetd can be used to provide access only to
particular hosts, to deny access to particular hosts, to provide access to a service at certain
times, to limit the rate of incoming connections and/or the load created by connections, etc.
xinetd runs constantly and listens on all of the ports for the services it manages. When a
connection request arrives for one of its managed services, xinetd starts up the appropriate
server for that service.
The configuration file for xinetd is /etc/xinetd.conf, but you will notice upon
inspection of the file that it only contains a few defaults and an instruction to include the
/etc/xinetd.d directory. To enable or disable a xinetd service, edit its configuration file in
the /etc/xinetd.d directory. If the disable attribute is set to yes, the service is disabled.
If the disable attribute is set to no, the service is enabled. If you edit any of the xinetd
configuration files or change its enabled status using Serviceconf, ntsysv, or chkconfig,
you must restart xinetd with the command service xinetd restart before the changes