service, xinetd, and chkconfig
| < Day Day Up > |
| xinetd and service are startup-related programs related to enabling and disabling services. /sbin/service was mentioned earlier as a command used to start services in general (see the "Networking Background" section for more information about ports and services in general). In the earlier smb example, we verified that it was running using the following service command: # /sbin/service smb status smbd (pid 933) is running... nmbd (pid 938) is running... # The /sbin/service command is used to start services. It calls the startup script, such as smb in this case, and performs the desired function, such as producing status in this case. There is no man page for service, but you will see it issued in examples often. The /etc/xinetd.d directory contains a lot of configuration files that are used by the internet daemon xinetd. If, for example, you want to run ftp, you may have to change the /etc/xinetd.d/ftp file and set disable = no to enable ftp on your system. You would then issue the following command to restart xinetd: # /sbin/service xinetd restart Stopping xinetd: [ OK ] Starting xinetd: [ OK ] # Take a look at a long listing of the files in /etc/xinetd.d and cat the file ftp on our IA-32 system. You would edit wu-ftp on both our Red Hat Advanced Server Integrity server and on the IA-32 system, but use ftp in this example: # cd /etc/xinetd.d # ll total 24 -rw-r--r-- 1 root root 297 Apr 4 2002 chargen -rw-r--r-- 1 root root 317 Apr 4 2002 chargen-udp -rw-r--r-- 1 root root 297 Apr 4 2002 daytime -rw-r--r-- 1 root root 317 Apr 4 2002 daytime-udp -rw-r--r-- 1 root root 289 Apr 4 2002 echo -rw-r--r-- 1 root root 308 Apr 4 2002 echo-udp -rw-r--r-- 1 root root 318 Jun 25 2001 finger -rw-r--r-- 1 root root 304 Jun 19 05:49 ftp -rw-r--r-- 1 root root 267 Apr 17 11:04 kotalk -rw-r--r-- 1 root root 267 Apr 17 11:04 ktalk -rw-r--r-- 1 root root 259 Jul 24 2001 ntalk -rw-r--r-- 1 root root 361 Jul 24 2001 rexec -rw-r--r-- 1 root root 378 Jul 24 2001 rlogin -rw-r--r-- 1 root root 431 Jul 24 2001 rsh -rw-r--r-- 1 root root 317 Apr 11 00:04 rsync -rw-r--r-- 1 root root 314 Apr 4 2002 servers -rw-r--r-- 1 root root 312 Apr 4 2002 services -rw-r--r-- 1 root root 392 Apr 7 20:15 sgi_fam -rw-r--r-- 1 root root 362 Jun 29 04:04 swat -rw-r--r-- 1 root root 247 Jul 24 2001 talk -rw-r--r-- 1 root root 304 Jun 19 05:43 telnet -rw-r--r-- 1 root root 321 Apr 4 2002 time -rw-r--r-- 1 root root 317 Apr 4 2002 time-udp -rw-r--r-- 1 root root 329 Jun 19 06:23 wu-ftpd # cat ftp # default: on # description: The telnet server serves telnet sessions; it uses \ # unencrypted username/password pairs for authentication. service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no } # As you look at the contents of the /etc/xinetd.d directory, it's important to note that often, new ftp-related programs are introduced into Linux. I mentioned wu-ftp earlier, and we see that here. If this were Red Hat 9, you might see vsftp or others as well. As you can see from the output of the cat command, at this time, ftp is enabled because disable = no. You may consider this to be a potential security problem. If so, we would perform the following steps to turn off ftp:
Alternatively, you could use the chkconfig command. chkconfig is a powerful command-line utility for updating and querying system service runlevel information. The following example uses chkconfig with the --list option to see the status of ftp, then use the chkconfig and specify ftp off, and then re-run chkconfig to see the new value of ftp: # chkconfig --list keytable 0:off 1:on 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off sendmail 0:off 1:off 2:on 3:off 4:off 5:off 6:off kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off random 0:off 1:off 2:on 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ipchains 0:off 1:off 2:on 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off lpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rhnsd 0:off 1:off 2:off 3:on 4:on 5:on 6:off autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off identd 0:off 1:off 2:off 3:off 4:off 5:off 6:off radvd 0:off 1:off 2:off 3:off 4:off 5:off 6:off snmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off isdn 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off vncserver 0:off 1:off 2:off 3:off 4:off 5:off 6:off yppasswdd 0:off 1:off 2:off 3:off 4:off 5:off 6:off ypserv 0:off 1:off 2:off 3:off 4:off 5:off 6:off ypxfrd 0:off 1:off 2:off 3:off 4:off 5:off 6:off smb 0:off 1:off 2:off 3:off 4:off 5:off 6:off arpwatch 0:off 1:off 2:off 3:off 4:off 5:off 6:off httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off webmin 0:off 1:off 2:on 3:on 4:off 5:on 6:off xinetd based services: chargen-udp: off chargen: off daytime-udp: off daytime: off echo-udp: off echo: off services: off servers: off time-udp: off time: off ftp: on <--- ftp is on swat: on sgi_fam: on kotalk: off ktalk: off finger: off rexec: off rlogin: off rsh: off ntalk: off talk: off telnet: on rsync: off wu-ftpd: on # chkconfig ftp off <--- set ftp off # chkconfig --list keytable 0:off 1:on 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off sendmail 0:off 1:off 2:on 3:off 4:off 5:off 6:off kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off random 0:off 1:off 2:on 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ipchains 0:off 1:off 2:on 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off lpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rhnsd 0:off 1:off 2:off 3:on 4:on 5:on 6:off autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off identd 0:off 1:off 2:off 3:off 4:off 5:off 6:off radvd 0:off 1:off 2:off 3:off 4:off 5:off 6:off snmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off isdn 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off vncserver 0:off 1:off 2:off 3:off 4:off 5:off 6:off yppasswdd 0:off 1:off 2:off 3:off 4:off 5:off 6:off ypserv 0:off 1:off 2:off 3:off 4:off 5:off 6:off ypxfrd 0:off 1:off 2:off 3:off 4:off 5:off 6:off smb 0:off 1:off 2:off 3:off 4:off 5:off 6:off arpwatch 0:off 1:off 2:off 3:off 4:off 5:off 6:off httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off webmin 0:off 1:off 2:on 3:on 4:off 5:on 6:off xinetd based services: chargen-udp: off chargen: off daytime-udp: off daytime: off echo-udp: off echo: off services: off servers: off time-udp: off time: off ftp: off <--- ftp is now off swat: on sgi_fam: on kotalk: off ktalk: off finger: off rexec: off rlogin: off rsh: off ntalk: off talk: off telnet: on rsync: off wu-ftpd: on [root@linuxdev xinetd.d]# chkconfig makes this process much easier (on Advanced Server, you would specify wu-ftpd). You may want to take a look at the chkconfig man page because it lists other functionalities not covered here. This is a great tool for quickly changing whether services are enabled. As a sidenote, you may want to perform the same process for wu-fptd. When determining what services to turn on and off, keep in mind that enabling ftp, telnet, and other services can reduce your overall security. telnet, for example, transmits passwords in clear text that can be read by "sniffing" your network. Now, take a look at the commands you can issue to shut down your system. |
| < Day Day Up > |
EAN: 2147483647
Pages: 100