ºìÁªLinuxÃÅ»§
Linux°ïÖú

ʹÓÃxinetd

·¢²¼Ê±¼ä:2005-12-16 11:28:04À´Ô´:ºìÁª×÷Õß:frog
********

µ¼ÑÔ

********



xinetdµÄ×î³õµÄ×÷Õߣ¬Panagoitis Tsirigotis (panos@cs.colorado.edu)¡£ºÃÏñÒѾ­Í£Ö¹ÁËÕâ
¸öÏîÄ¿¡£ Rob Braun (bbraun@synack.net)¼ÌÐøÁËÕâ¸ö¹¤×÷£¬ÏÖÔÚ¸ºÔðά»¤Õâ¸öÈí¼þ°ü¡£ÎªÁËÄÜ
ʹselect( )ÔÚÎÒµÄÀϵÄlibc5ϵͳÉÏʹÓã¬ÎÒ²»µÃ²»¸øµ±Ç°µÄ°üÌí¼Ó¼¸¶ÔÍ·Îļþ£¬ÕâÊÇÎÒ×¢Òâµ½µÄ
ÎÊÌâ¡£»òÐíÄãÐèÒªËüÃÇ£¬ÈçÏ£º



xinetd/internals.c.orig



Fri Jun 16 19:00:15 2000

+++ xinetd/internals.c

Fri Jun 16 19:00:53 2000

@@ -12,6 +12,8 @@

#include

#include

#include

#include

#include

#include "sio.h"

*****************

¹ØÓÚ xinetd

*****************

xinetd ÓÃͬÑù¹¦Äܵģ¬À©Õ¹Á˵ÄÓ﷨ȡ´úÁË inetdÖеÄͨÓõÄÐС£ ÁíÍ⣬»¹Ìí¼ÓÁËÈÕÖ¾¹¦ÄܺͷÃ
ÎÊ¿ØÖÆ¡£ ËäÈ» inetd ʹÓÃVenemaµÄ tcp_wrappers Èí¼þ(tcpd)¿ØÖÆTCPµÄÁ¬½Ó, µ«ÊÇÄã²»ÄÜ¿Ø
ÖÆUDPÁ¬½Ó¡£¶øÇÒ£¬inetd¶Ô RPC (portmapper)ÀàÐ͵ķþÎñÒ²´¦Àí²»ºÃ¡£ ÁíÍâ, ËäȻʹÓÃinetdÄã
¿ÉÒÔ¿ØÖÆÁ¬½ÓËÙ¶È ( ͨ¹ý¸øwait»òÊÇ no wait ±äÁ¿¸½¼ÓÒ»¸öÊý, ÀýÈçnowait.1 ÿ¸ö Ò»ÃëÖÓÒ»¸ö
ʵÀý)£¬Äã²»ÄÜ¿ØÖÆʵÀýµÄ×î´óÊý¡£ÕâÄܵ¼Ö½ø³Ì±í¹¥»÷£¬ÀýÈ磬һ¸öÓÐЧµÄ¾Ü¾ø·þÎñ¹¥»÷¡£Í¨¹ýʹ
Óà xinetd£¬ÎÒÃÇ¿ÉÒÔ·ÀÖ¹ÕâÑù¡£

ÎÒÆô¶¯xinetdͨ³£ÓÃÏÂÃæµÄÃüÁ°ÑËü·ÅÔÚÎÒµÄInternet·þÎñÆô¶¯½Å±¾ÖУº
/usr/sbin/xinetd -filelog /var/adm/xinetd.log -f /etc/xinetd.conf
Õâ¸æËß xinetd ¶ÔËùÓеķþÎñ¶¼½øÐмͼ£¬ÈÕÖ¾±£´æµ½Îļþ /var/adm/xinetd.log ÖУ¬²¢ÇÒʹÓÃ
ÅäÖÃÎļþ /etc/xinetd.conf.¡£ÕâƪÎÄÕÂÖеĴóÁ¿Æª·ù¶¼½«ÓÃÔÚÕâ¸öÉèÖÃÎļþÉÏ¡£

*****************

±àÒëʱѡÏî

*****************

ÄãÓ¦¸Ã×¢ÒâµÄ3¸ö±àÒëʱµÄÑ¡ÏîÌṩÁ˶îÍâµÄ·ÃÎÊ¿ØÖÆ libwrap£¬ loadavg (ÓÃÓÚ¼àÊÓ¸ºÔؾùºâ£©
ºÍ IPv6 Ö§³Ö¡£¶ÔÓÚ´ó¶àÊýlibwrap¡°Ã÷°×¡°µÄÊØ»¤½ø³Ì (Èç portmapper ºÍsendmail)£¬ÔÚÉèÖÃ
½Å±¾ÖеÄ``with-libwrap''Ñ¡Ïî ¸æËß xinetdÖ§³Ötcp_wrappersÎļþ/etc/hosts.allow
ºÍ/etc/hosts.deny¡£xinetd µÄÕâЩѡÏî¾ÍÏñ¶Ô inetdÄÇÑùÖ§³ÖËùÓÐµÄ xinetd¿ØÖƵļàÊÓ½ø
³Ì¡£ ×¢ÒâÈç¹ûÄã´ÓÍ·¿ªÊ¼×ö xinetdµÄ»°£¬¾Í¿ÉÒÔ×ö·ÃÎÊ¿ØÖÆ£¬²»ÔÙÐèÒªtcpd¡£²»¹ÜÔõÑù¶Ôlibwrap
µÄÖ§³ÖÊÇÓÐÓõÄ--Èç¹ûÄã´Óinetd/tcpdǨÒƲ¢ÇÒÒ²²»Ïë¸Ä±äÄãµÄ·ÃÎÊÎļþµÄ»° ¡£

µÚ¶þ¸öÓÐȤµÄÉèÖÃÑ¡ÏîÊÇÖ§³Ö¸ºÔؾùºâ¼àÊÓ£¬ÔÚ ./configure½Å±¾ÖÐʹÓÃwith-loadavgÑ¡
Ïî¡£sendmail Ö§³ÖÔڸ߸ºÔصÄʱºòÈ¥µôÁ¬½Ó£¬¼Ù¶¨ËüÒѾ­ÍÑÀëÁË¿ØÖƲ¢ÇÒÕýÔÚµ±µô»úÆ÷¡£ÓÃÕâ¸öÑ¡
Ïî¿ÉÒÔ¼¤»îmax_load Ñ¡ÏîÒÔÏÞÖÆÈκÎÁ¬½Ó»òÊÇ»ùÓÚ¸ºÔؾùºâ»úÆ÷µÄËùÓзþÎñ¡£

×îºó£¬Ìí¼Ó IPv6Ö§³Ö ¿ÉÒÔͨ¹ýÔÚ ./configure ½Å±¾ÖÐʹÓà with-inet6 capabilityÑ¡ÏîÀ´
Íê³É¡£Õâʹxinetd Ö§³Ö IPv6µØÖ·ºÍÁ¬½Ó¡£×¢ÒâҪʹÕâ¸öÉúЧµÄ»°ÄãµÄºËÐÄ£¨ºÍÍøÂ磩±ØÐëÖ§
³Ö IPv6¡£µ±È»ÁË£¬IPv4 ÈÔÈ»±»Ö§³Ö¡£

**************

ÅäÖÃÎļþ

**************

The xinetd ÅäÖÃÎļþ£¬Í¨³£¿ÉÒÔÊÖ¹¤»òÊÇ×Ô¶¯´Ó inetd.confÎļþÉú³É¡£ Ç°Õß·Ñʱ¼äÇÒÈÝÒ׳ö
´í£»ºóÕß¿ÉÒÔͨ¹ý itoxÈí¼þ»òÕßxconv.pl ½Å±¾ÇáÒ×Íê³É¡£ËäÈ» itoxÈí¼þÕýÔÚ±»È¡Ïû¶øÇãÏòÓÚʹ
ÓÃxconv.pl ½Å±¾£¬ËüÈÔÈ»ºÜÓÐÓᣵ«ÊÇ,ҪעÒâÖظ´µÄÔËÐÐËü»á¸²¸ÇÔ­ÓеÄÅäÖÃÎļþ¡£itox
ºÍxconv¶¼ÒÔͬÑùµÄ·½Ê½¹¤×÷£¬ÎÒÃÇÓà itoxÀ´½øÐÐÑÝʾ£»

$ itox < /etc/inetd.conf > xinetd.conf

¸üÐÂһЩµÄÈí¼þ£¬xconv£¬¿ÉÒÔÀí½â×¢ÊÍ£¬²¢ÇÒ±È itox¶Ôtcpd ÓõøüºÃ£¬Ê¹Óà itox£¬Äã²»µÃ²»Ö¸
¶¨ÊØ»¤½ø³ÌµÄ·¾¶ £¬Èç /usr/sbin¡£ ÄãÏëÒª°üº¬µÄµÚÒ»¶Î¾ÍÊÇĬÈϵĶΣ¬¾ÍÏñÃû×ֵݵʾµÄÄÇ
Ñù£¬Ä¬ÈϵÄinetd·þÎñ¡£

defaults

{

instances = 25

log_type = FILE /var/adm/servicelog

log_on_success = PID HOST EXIT

flags = NORETRY

log_on_failure = HOST RECORD ATTEMPT

only_from = 129.22.0.0

no_access = 129.22.210.61

disabled = nntp uucp tftp bootps who

shell login exec

disabled += finger

}



ÂíÉÏ£¬ ÎÒÃÇ¿ÉÒÔÁ˽â xinetd ÉèÖòÎÊýµÄÓï·¨£º

<ָʾdirective> <²Ù×÷·ûoperator> <Öµvalue>.

xinetd ָʾ·ûÁÐÔÚ±íÒ»ÖУ¬ÔÚÕâÀïÎÒÃǽ«ºöÂÔ flags£¬type£¬env ºÍ passenvָʾ·û¡£ ÎÒ¶Ô½«
¶Ôonly_from ºÍ no_accessÒÔ¼°¶îÍâµÄÈÕ־ѡÏî¼ÓÒÔ¸ü¶àµÄÌÖÂÛ

±í 1. xinetdµÄָʾ·û
-----------------------------------------------------------------------
ָʾ·û ÃèÊö
socket_type ÍøÂçÌ×½Ó×ÖÀàÐÍ, Á÷»òÕßÊý¾Ý°ü
protocol IP ЭÒé, ͨ³£ÊÇTCP»òÕß UDP
wait yes/no, µÈͬÓÚinetdµÄwait/nowait
user ÔËÐнø³ÌµÄÓû§ ID
server Ö´ÐеÄÍêÕû·¾¶
server_args ´«µÝ¸øserverµÄ±äÁ¿,»òÕßÊÇÖµ
instances ¿ÉÒÔÆô¶¯µÄʵÀýµÄ×î´óµÄÖµ
start max_load ¸ºÔؾùºâ
log_on_success ³É¹¦Æô¶¯µÄµÇ¼ÇÑ¡Ïî
log_on_failure Áª»úʧ°ÜµÄʱºòµÄÈÕÖ¾ÐÅÏ¢
only_from ½ÓÊܵÄÍøÂç»òÊÇÖ÷»ú
no_access ¾Ü¾ø·ÃÎʵÄÍøÂç»òÊÇÖ÷»ú
disabled ÓÃÔÚĬÈ쵀 {} ÖÐ ½ûÖ¹·þÎñ
log_type ÈÕÖ¾µÄÀàÐͺÍ·¾¶ FILE /SYSLOG
nice ÔËÐзþÎñµÄÓÅÏȼ¶
id ÈÕÖ¾ÖÐʹÓõķþÎñÃû
------------------------------------------------------------------------

²Ù×÷·û·Ç³£¼òµ¥£¬ = »òÕß+=¡£Óà =£¬Óұ߸ø¶¨µÄÖµ´«¸ø×ó±ßµÄָʾ·û¡£ +=Ò²ÊǷdz£Ö±½ÓµÄ£¬ÓÃÓÚ
¸øÒ»¸öÒѾ­Ö¸¶¨µÄָʾ·ûÌí¼ÓÒ»¸öÖµ¡£Ã»ÓÐËü£¬Ô­ÏȵÄָʾ·û¾Í»á±»¸²¸Ç£¬ÕâÑù¿ÉÒÔÓÃÀ´Õ¹¿ª·ÃÎÊÁÐ
±í£¬»òÕß¿çÔ½¶àÐС£

ÓÃÈçϵĸñʽÃèÊö·þÎñ£º
----------------------------------
·þÎñÃû
{
ָʾ·û = Öµ
ָʾ·û += Öµ
}
----------------------------------

·þÎñÃûÒ»¶¨ÒªÔÚ /etc/servicesÁгö £¬²¢ÇÒÒªÓÃʹÓúÏÊʵÄsocketºÍЭÒé¡£

*****************

¹ØÓÚ·ÃÎÊ¿ØÖÆ

*****************

¹ØÓÚ·ÃÎÊ¿ØÖƵÄÓм¸¾ä»°¡£ Ê×ÏÈ£¬ xinetd¿ØÖÆÁ¬½Ó£¬²»ÊÇͨ¹ý°ü£¬ËüÖ»ÊǸöÓû§·½µÄÊØ»¤½ø³Ì,Èç
ͬinetd Ò»Ñù¡£ ͬÑùµÄ, ¿ÉÒÔ´ò¶ÏÒ»¸ö±»·þÎñÆ÷½ûÖ¹µÄÖ÷»úµÄSYN»òÊÇconnect()¡£µ«²»ÄÜ´ò¶Ï
ÏóFIN [¶Ë¿ÚɨÃèʹÓôøÓÐFIN ±ê־λµÄTCP°ü£¬ ͨ³£ÊÇnmapÕâÑùµÄ¹¤¾ßÔËÐвúÉúµÄ]ÕâÑùµÄ¡°ÃØÃÜ
¡° ɨÃè¡£ ²»Òª°Ñ xinetd µ±×÷Ò»¸ö firewall ÓÃÒÔ×èÖ¹¶Ë¿ÚɨÃè¡£Ò»¸öÓо­ÑéµÄÈëÇÖÕßÄܹ»ÓÃÕâ
ЩÐÅÏ¢ÊÕ¼¯ÄãµÄ²»Í¬·þÎñµÄ·ÃÎÊÁÐ±í¡£ÐÒÔ˵ÄÊÇ, ÕâЩ¿ÉÒÔ±»xinetd¼Í¼¡£µ±Äã¿´µ½ÄãµÄÈÕÖ¾µÄʱ
ºòÄãµÄÒÉÂÇ»áÏûʧµÄ¡£

µÚ¶þ£¬ xinetd£¬ 2.1.8.8pre3°æ±¾£¬µ±Ò»¸öϵͳÊÔͼÁ¬½ÓµÄʱºò½øÐÐÃû×Ö²éÕÒ£¬ÒÔÇ°£¬ËüÔÚÆô¶¯µÄ
ʱºò½øÐвéÕÒ£¬ µ«ÊÇÏÖÔÚÒѾ­¸Ä±äÁË¡£

ʹÓ÷ÃÎÊ¿ØÖÆÕæµÄºÜ¼òµ¥¡£µÚÒ»¸öָʾ·ûÊÇ only_from, ÁгöÁË´ÓÄÄÒ»¸öÍøÂç»òÊÇÖ÷»úÎÒÃÇ¿ÉÒÔ½Ó
ÊÜÁ¬½Ó¡£Õâ¸ö¹æÔò¿ÉÒÔ±» no_access¸²¸Ç¡£ Äã¿ÉÒÔʹÓÃÍøÂçºÅ£¬Èç 10.0.0.0 »òÕß 10£¬»òÕßÊÇÍø
ÂçÃû£¬°üÀ¨ *.my.com »òÕß .my.com ¡£Ö÷»úÃû»òÕßÖ÷»úµÄ IPµØÖ·Ò²¿ÉÒÔÔÚÕâÀïʹÓÃָʾ
·û0.0.0.0 tÆ¥ÅäËùÓеÄÖ÷»ú£¬¼àÌýËùÓеĵØÖ·¡£Í¨¹ýʹÓà no_accessÒ»µ©·ûºÏ±ê×¼¾Ü¾ø¾Í»á±»½â
Îö¡£ ÔÙ˵һ±é£¬ÍøÂçºÍÖ÷»ú¿ÉÒÔÖ¸¶¨¡£

***********

·þÎñÅäÖÃ

***********

ÈÃÎÒÃÇ¿´Ò»Ð©»ù±¾µÄÓ¦ÓÃ.ÎÒÃÇÒª¿´µÄµÚÒ»¸ö»ù±¾µÄ·þÎñÊÇecho,ËüÊÇinetd ºÍ xinetd¹ÌÓеķþÎñ¡£

service echo
{
socket_type = stream
protocol = tcp
wait = no
user = root
type = INTERNAL
id = echo-stream
}

echo ×÷ΪrootÔËÐÐ, ÊÇÒ»¸ötcp Á÷ ²¢ÔÚÄÚ²¿´¦Àí¡£echo-streamָʾ·û½«³öÏÖÔÚÈÕÖ¾ÖС£Èç¹ûû
ÔÚonly_from»òÕßÊÇ no_access ָʾ·ûÖÐ,¶ÔÕâ¸ö·þÎñµÄ·ÃÎʲ»ÊÜÏÞÖÆ¡£ÏÖÔÚ£¬ÈÃÎÒÃÇ¿´Ò»¸öÕý¹æ
µÄ·þÎñ£¬daytime£º

service daytime
{
socket_type = stream
protocol = tcp
wait = no
user = nobody
server = /usr/sbin/in.date
instances = 1
nice = 10
only_from = 0.0.0.0
}

ÔÙ˵һ´Î£¬ÈκÎÈ˶¼¿ÉÒÔÁ¬½Ó, ²»¹ýÎÒÃÇÖ¸Ã÷ËüÒÔnobodyµÄÉí·ÝÔËÐÐÀ´·µ»ØÐÅÏ¢¡£ºÍÇ°Ò»¸öÀý×ÓÏà
±È£¬Õâ¸ö²¢Ã»ÓжîÍâµÄʲô¡£ÏÖÔÚÎÒÃÇ¿´ÁíÒ»¸ö·þÎñ secure shell version 1¡£ ÏÂÃæµÄÉèÖÿÉÒÔ
·ÀÖ¹sshd´øÀ´µÄ×ÊÔ´¿Ý½ß¡£

service ssh1
{
socket_type = stream
protocol = tcp
instances = 10
nice = 10
wait = no
user = root
server = /usr/local/sbin/sshd1
server_args = -i
log_on_failure += USERID
only_from = 192.168.0.0
no_access = 192.168.54.0
no_access += 192.168.33.0
}

ÔÚÕâÀÎÒÃǽ¨Á¢ÁËÇ°ÃæÎÒÃÇËù×÷µÄ¡£µ±×÷Ϊ³¬¼¶Óû§inetd»òÕß xinetdÖØе÷Óà sshd ÐèÒª
Óà -i ²ÎÊý£¬ ËùÒÔÎÒÃÇ°ÑËü·ÅÔÚÁË server_args ָʾ·ûºó¡£ ×¢Ò⣺°ÑÕâ¸ö±ê¼ÇÌí¼Óµ½server±ê
ʶ·û³ö»áµ¼ÖÂʧ°Ü¡£ÔÚÈκÎʱºòÖ»ÓÐÊ®¸öÈË¿ÉÒÔͬʱʹÓÃ, ÔÚÕâ¸ö·þÎñÆ÷ÉÏÕâ²»ÊÇÎÊÌ⣬Õâ¸öÀý×ÓÎÒ
ÃÇ´ÓÈÕÖ¾µÃµ½¡£ÁíÍâ×÷ΪĬÈÏÐÅÏ¢, Èç¹û²»ÄÜÁ¬½ÓµÄ»°£¬Á¬½Ó·½µÄÓû§ IDÔÚRFC 1413ÖÖÃèÊö¡£×î
ºó£¬ÎÒÃÇÓÐÁ½¸öÍøÂçÁÐ±í²»ÄÜ·ÃÎÊÕâ¸ö·þÎñÆ÷¡£

***************

ÈÕÖ¾ºÍ xinetd

***************

ÈÕÖ¾ÖÐÓм¸¸öÖµ¿ÉÒÔÓÃÓڵõ½ÄãµÄ·þÎñÆ÷µÄÐÅÏ¢

±í2 ²»Í¬µÄÈÕ־ָʾֵ
__________________________________________________________________________
Öµ ³É¹¦/ʧ°Ü ÃèÊö
PID success µ±Ò»¸öÁ¬½Ó³É¹¦Ê±µÇ¼Ç²úÉúµÄ½ø³ÌµÄ pid
HOST both µÇ¼ÇÔ¶³ÌÖ÷»úµØÖ·
USERID both µÇ¼ÇÔ¶³ÌÓû§µÄRFC 1413 ID
EXIT success µÇ¼Ç²úÉúµÄ½ø³ÌµÄÍê³É
DURATION success µÇ¼ÇÈÎÎñ³ÖÐøµÄʱ¼ä
ATTEMPT failure µÇ¼ÇÁ¬½Óʧ°ÜµÄÔ­Òò
RECORD failure ¹ØÓÚÁ¬½Óʧ°ÜµÄ¶îÍâµÄÐÅÏ¢
__________________________________________________________________________

ÕâÑù£¬¿ÉÒÔÌí¼ÓһЩ±ê×¼µÄÐÐÖ¸Ã÷ÈÕÖ¾£¬¾ÍÏñÏÂÃæµÄÑù×Ó¡£¶ÔÒ»¸ö³É¹¦Á¬½ÓµÄ·þÎñ, ÎÒÃÇͨ³£ÏëµÇ¼Ç
·þÎñ²úÉúµÄ½ø³Ìid, Á¬½ÓµÄÖ÷»úºÍÍ˳öµÄʱ¼ä£º
log_on_success = PID HOST EXIT
Õâ¿ÉÒÔ¸øÎÒÃÇÓÐÓõÄÐÅÏ¢ÓÃÀ´ÅÅ´í£¬ ²¢Ã÷°×·þÎñÆ÷Á¬½Ó. Õë¶Ôʧ°Ü, ÎÒÃÇ¿ÉÒԼǼÎÒÃÇÏëÒªµÄ£º
log_on_failure = HOST RECORD ATTEMPT

Here we log the host that connected, ¾Ü¾øÁ¬½ÓµÄÔ­ÒòºÍ¹ØÓÚÁ¬½ÓÖ÷»úµÄ¶îÍâµÄÐÅÏ¢(ÓɵÄʱ
ºòÊÇÄÇЩÊÔͼÁ¬½ÓµÄÓû§µÄ ID)¡£ÍƼöÄãÕâÑù×ö£¬¿ÉÒÔ¶ÔÄãµÄ·þÎñÆ÷ÓÐÒ»¸öºÃµÄ°ÑÎÕ¡£ »¹¿´ÉÏÃ棬
ÔÚÎÒÃǵÄĬÈ϶ÎÖУ¬ÎÒÃǵÄÈÕ־дÔÚ /var/adm/servicelogÖС£ÎÒÃÇÖ¸¶¨ËùÓÐÐÅÏ¢£¬³É¹¦ºÍʧ°ÜµÄ
¶¼Òª±» xinetd¼Ç¼¡£ÎÒÃǵĴó¶àÊýÐÅÏ¢¿´ÆðÀ´ÏñÕâÑù£º

00/9/13@16:05:07: START: pop3 pid=25679 from=192.168.152.133
00/9/13@16:05:09: EXIT: pop3 status=0 pid=25679
00/10/3@19:28:18: USERID: telnet OTHER :www

ʹÓÃÕâ¸öÐÅÏ¢, ¿ÉÒÔÇáÒ×¶Ô xinetd ÅÅ´íºÍ½øÐкÍÕý³£²Ù×÷¡£Ò²¿ÉÒÔÈÝÒ×·¢ÏÖ°²È«ÎÊÌâ £¬ÈçÄãÊÔͼ
×èÖ¹µÄÁ¬½ÓÆóͼ£¬ ÔÚÈÕÖ¾Öмòµ¥µÄÓà grep ×÷ ``FAIL'' ¹ýÂË£¬ ÕâЩÏîÏÔʾÈçÏ£º

00/10/4@17:04:58: FAIL: telnet address from=216.237.57.154
00/10/8@22:25:09: FAIL: pop2 address from=202.112.14.184

ÕæÕýµÄ°²È«ÎÊÌâÐèÒªÁíÍâµÄÎÄÕ£¬µ«ÊÇ£¬Õâ×ãÒÔ˵Ã÷£¬¼ÈÈ»µØÖ·¿ÉÒÔαÔ죬²»Òª°ÑµØÖ·±¨¸æ¿´×÷¹Ì¶¨
µÄÐÅÏ¢¡£ xinetd.logÎļþ£¬°üº¬ÁË´Ó xinetdµÃµ½µÄÐÅÏ¢. Á¬½Ó³ö´íµÄʱºò×÷ΪÅÅ´íÐÅÏ¢ºÜÓÐÓá£

00/10/25@21:10:48 xinetd[50]: ERROR: service echo-stream,

accept:

Connection reset by peer

**********************

ÖØÐÂÅäÖÃ xinetd

**********************

ÔÚxinetd.confÔËÐеÄʱºò£¬Äã¿ÉÒԱ༭ xinetd.conf Îļþ¡£ ÒªÖØÐÂÅäÖ㬷¢ËÍÒ»¸öÐźÅl

SIGUSR1 ¸ø xinetd ½ø³Ì£º

# ps -ax | grep xinetd

50 ? S 5:47 /usr/sbin/xinetd -filelog /var/adm/xinetd.log -f /etc/xinetd.conf

# kill -SIGUSR1 50

²ì¿´ÈÕÖ¾ÎļþµÄβ²¿È·±£ÄãµÄÅäÖú͸Ķ¯ÒѾ­ÉúЧ¡£Èç¹ûÄãÊǸöÔ¶³ÌÓû§µÄ»°ÒªÈ·±£ÄãÍ˳öºó»¹¿ÉÒÔ
ÖØеǽ½øÀ´¡£

×¢ÒâʹÓÃ-HUP£¬¶ÔxinetdÖØÐÂÅäÖ㬻áʵ¼Êµ¼Ö xinetd Í£Ö¹²Ù×÷¡£ ´ÓÉè¼ÆµÄ½Ç¶È¿´£¬Õâ¿ÉÒÔ×èÖ¹
ºÚ¿ÍÖØÐÂÅäÖÃÄãµÄ xinetd²¢ÇÒÎÞÐèÀí½âÎĵµ¾Í¿ÉÒÔÖØÐÂÔØÈëËü¡£

*********************

ºÎʱʹÓà xinetd

*********************

ÒÔÎÒ¸öÈ˶øÑÔ£¬¶ÔËùÓеķþÎñÎÒ¶¼Ê¹Óà xinetd£» Ψһһ¸ö¶ÔÐÔÄÜÓÐÓ°ÏìµÄ·þÎñÊÇÎÒµÄweb ÊØ»¤½ø
³Ì Apache¡£²»µÃ²»Æô¶¯Ì«¶àµÄ½ø³Ì£¬Ì«¿ìÁËʱ¼äµÄЧÂÊÊǸöÎÊÌâ¡£DNS ·þÎñÒ²²»Ó¦¸ÃÓà xinetd£»
ÐÔÄÜÏûºÄÌ«´ó¡£

sendmail ·þÎñÎÒҲʹÓÃÁË xinetd£¬¶ÔÓÚÔÊÐíÁ¬½ÓµÄ¿Í»§£¬ÎÒÄܹ»½øÐÐÍêÃÀµÄ¿ØÖÆ¡£Õë¶Ô
sendmailÎÒµÄÉèÖÃÈçÏ£º

service smtp

{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/sendmail
server_args = -bs
instances = 20
nice = 10
only_from += 0.0.0.0
no_access += 129.22.122.84 204.0.224.254
}

¼´Ê¹ÊÇÔÚÒ»¸ö¸ßÁ÷Á¿µÄÓʼþ·þÎñÆ÷ÉÏ£¬¶ÔÐÔÄܵÄÓ°ÏìÒ²ÊÇ¿ÉÒÔºöÂÔ²»¼ÆµÄ¡£ ÎÒ»¹°Ñsshd ÔØÈë
µ½xinetd ÒÔ±ã×èÖ¹¶ÔËüµÄ½ø³Ì±í¹¥»÷¡£

********

½áÂÛ

********

ÎÒÏ£ÍûÕâƪÎÄÕ¶ÔÄãÅäÖûòÕßÊǸù¾ÝÐèÒªµ÷ÕûinetdºÜÓаïÖú¡£ÕýÈçÄãËù¿´µ½µÄ£¬ËüÌṩµÄÌØÐÔÒª
±ÈinetdÉõÖÁtcp_wrappersÇ¿´óµÄ¶à¡£Solar Designer http://www.openwall.com/) ÓÐÒ»¸ö²¹¶¡
ÊÇÕë¶ÔÉÔ¾ÉÒ»µãµÄxinetdµÄ°æ±¾µÄ£¬2.2.1°æ±¾£¬ÔÊÐí»ùÓÚIP µÄʵÀý¿ØÖÆ£¬ÕâÓÐÖúÓÚ×èÖ¹¼òµ¥µÄ½ø
³Ì±í¹¥»÷¡£×¢Ò⣬²»¹ÜÔõÑù£¬¼òµ¥µÄαÔì¿ÉÒÔÈƹýËü¡£ÎÒ²»ÖªµÀÊÇ·ñÕâ¸ö°ü¶ÔÒÔºóµÄ xinetdÊÇ·ñÒ²
ÊÊÓá£
ÎÄÕÂÆÀÂÛ

¹²ÓÐ 0 ÌõÆÀÂÛ