Commands

Commands

fingerd

[-wul] [-pL path]

Returns a human-readable status report on either the system or a particular person. Options to this command should be specified in /etc/inetd.conf.

Example: This daemon is usually invoked by inetd (which uses tcpd to provide access control and logging services). To start fingerd, add the following line to your inetd.conf file:

finger stream tcp nowait root /usr/sbin/tcpd in.fingerd

-w

Tell fingerd to include a welcome banner, which contains some system information (uptime, OS nae, release) with output.

-u

Reject all requests of the form "finger @host".

-l

Log information about requests.

-p

Specify an alternate location for fingerd to find the finger program.

ftpd

[ -d ] [ -v ] [ -l ] [ -ttimeout ] [ -Tmaxtimeout ] [ -a ] [ -A ] [ -L ] [ -i ] [ -o ] -uumask ]

ftpd is the File Transfer Protocol server.

Example: This daemon is usually invoked by inetd via the tcpd daemon (which provides logging and access control). To start ftpd with logging (-l) and access control (-a), add the following line to your inetd.conf file:

ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a

-d, -v

Send debugging information to the syslog.

-l

Log information about each ftp session to the syslog.

-a

Enable use of the ftpaccesss configuration file.

-A

Disable use of the ftpaccess configuration file.

-L

Log all commands sent to the ftpd server to the syslog.

-i

Log all files received to the xferlog.

-o

Log all files transmitted to the xferlog.

-u

Specify a default umask.

gated

[ -c ] [ -C ] [ -n ] [ -N ] [ -t trace_options ] [ -f config_file ] [ trace_file ]

Gated is a routing service that handles a variety of routing protocols. It may be configured to some or all of the protocols that it is capable of handling.

Example: It's a good idea to invoke this command via gdc. But to invoke from the command line as a background process (&), type

gated &

-c

Tell gated to parse the configuration file, report any syntax errors, and exit.

-C

Tell gated to parse the configuration file for syntax errors.

-n

Prohibit gated from modifying the kernel forwarding table.

-N

Tell gated not to run as a daemon.

-ttrace_options

Allow the user to specify a comma-separated list of trace options on the command line.

-f config_file

Specify a nondefault configuration file.

gdc

[ -q ] [ -n ] [ -c coresize ] [ -f filesize ] [ -m datasize ] [ -s stacksize ] [ -t seconds ] command

This command is the gated controller, a user interface for controlling the gated routing daemon. You can use it to stop, start, signal, maintain configuration files, and generate or maintain core dumps.

Example: To invoke gated and send all output to the system log, use

gdc -q start

graphics/tip.gif

In order for these controls to take effect, you must start gated with gdc.

 

-n

Do not check the kernel forwarding table.

-q

Log any output to the system log (quiet operation).

-tseconds

Allow the user to specify how long gdc will wait for gated to complete startup, shutdown, and other operations.

-ccoresize

Specify an upper limit on the size of core dumps that may be generated by gated. Typically used to increase the system default when it is too small to be useful.

-ffilesize

Specify a maximum file size that a gated started with gdc can produce.

-mdatasize

Specify an upper limit on the size of the data segment of a gated started with gdc.

-sstacksize

Specify the maximum size of a stack of a gated started by gdc.

The following actions may be specified at the command line:

checkconf

Check /etc/gated.conf for syntax errors.

checknew

Check /etc/gated.conf+ for syntax errors.

newconf

Replace /etc/gated.conf with /etc/gated.conf+.

backout

Move the old configuration file (/etc/gated.conf-) back into place as the current active gated.conf. Also rotate the current /etc/gated.conf to /etc/gated.conf+.

BACKOUT

Same as backout (above), but will overwrite any existing /etc/gated.conf+.

modeconf

Set all configuration files to mode 664, owner=root, group=gdmaint.

createconf

If /etc/gated.conf+ does not exist, create a zero length file with the file mode set to 664, owner=root, group=gdmaint.

running

Test to see if gated is currently running.

start

Start gated.

stop

Stop gated.

restart

Stop and restart gated.

rmcore

Delete any gated core dump file.

rmdump

Delete any gated state dump file.

rmparse

Delete any parse error file generated by checkconf or checknew.

/usr/sbin/in.identd

[-i|-w|-b] [-t<seconds>] [-u<uid>] [-g<gid>] [-p<port>] [-a<address>] [-c<charset>] [-C[<key- file>]] [-o] [-e] [-l] [-V] [-m] [-N] [-d] [-F<format>] [kernelfile [kmemfile]]

identd is an implementation of the IDENT user identification protocol. It works by looking up specific TCP/IP connections and returning the user name of the process owning the connection.

Example: This daemon is usually invoked by inetd. To start identd with logging (-l option) and without letting it display operating system information (-o option), add the following line to your inetd.conf file:

auth stream tcp nowait nobody /usr/sbin/in.identd in.identd -l -o

-i

Use this flag when starting the daemon from inetd with the nowait option. It will make inetd start one identd daemon for each connection request.

-w

Use this flag when starting the daemon from inetd with the wait option. It will start a single copy of identd upon receiving the first connection request and handle subsequent requests without having to do the necessary nlist lookup in the kernel file at startup time. This is the preferred mode of operation.

-b

Run the daemon in standalone mode without assistance from inetd.

-t<seconds>

Tell identd to timeout after the specified number of seconds.

-u<uid>

Tell identd to switch to the specified user id number after binding itself to the TCP/IP port when using -b mode of operation.

-g<gid>

Tell identd to switch to the specified group id number after binding itself to the TCP/IP port when using -b mode of operation.

-p

Specify an alternative port number to bind to when operating in -b mode.

-a<address>

Specify the local address to bind the socket to when operating in -b mode.

-V

Display version information and exit.

-l

Use the system logging daemon.

-o

Tell identd not to reveal the operating system it is run on (security feature).

-d

Tell identd to return "UNKNOWN-ERROR", rather than "NO-USER" or "INVALID-PORT" errors (security feature).

-c

Add the optional character set designator to the reply generated.

-C[<keyfile>]

Tell identd to return encrypted tokens, rather than user names. The tokens are created using DES keyed off the first line of the specified keyfile.

-n

Tell identd to return user numbers, rather than user names.

-N

When this flag is invoked, identd will check for a ".noident" file in the home directory of each user that identd is about to identify. If the file exists, identd will return HIDDEN-USER, rather than user information.

-m

Allow multiple requests to be processed per session.

-d

Debugging mode. This option violates the protocol and may create security holes. Use with caution.

-F<format>

Display information in the specified format. Format is one of

 

%u

user name

 

%U

user number

 

%g

(primary) group name

 

%G

(primary) group number

 

%l

list of all groups by name

 

%L

list of all groups by number

 

%p

process ID of running process

 

%c

command name

 

%C

command and arguments

-v

Display verbose output.

-f<config-file>

Use the specified configuration file, rather than the default. Currently useless, as there are no configuration files involved.

/usr/etc/imapd

Supports the IMAP4 remote mail access protocol, typically on port 143.

Example: This daemon is usually invoked by inetd. To start imapd, use

imap stream tcp nowait root /usr/sbin/tcpd imapd

inetd

[-d] [-q queuelength] [configuration file]

Inetd is the "mother" of daemons. It doesn't directly provide any user services, but it calls other daemons that do. Inetd was created because many daemons are needed only occasionally. However, in order to be of use, daemons have to monitor ports for service requests. To do the monitoring, they take up system resources which can be a significant burden if you have a lot of services configured. Inetd alleviates the problem by monitoring the ports for other daemons and calling them as needed. Inetd should be started at boot time by using this command: /etc/rc.local.

Example: To invoke inetd, create a script with the following line:

inetd &

-d

Invoke inetd in debug mode.

-qqueuelength

Specify the length of a socket listen queue (default 128).

klogd

[ -c n ] [ -d ] [ -f fname ] [ -iI ] [ -n ] [ -o ] [ -p ] [ -s ] [ -k fname ] [ -v ]

klogd is the kernel log daemon. It intercepts and logs Linux kernel messages.

Example: This daemon is usually invoked by init, perhaps with the following line (and runs it in the background):

klogd &

-c n

Specify the default log level of console messages.

-d

Displays debug mode.

-f file

Log to the specified file, rather than syslog.

-i, -I

Send a signal to the currently executing klogd daemon.

-n

Do not automatically background.

-o

Read and log all messages in the kernel message buffers, then exit (one-shot mode).

-p

Load kernel module symbol information whenever an Oops string is found in the kernel message stream (paranoid mode).

-s

Use the system call interface to access the kernel message buffers.

-k file

Use the specified file as the source of kernel symbol information.

-v

Display version information and exit.

lpd

[-l] [port#]

lpd is the line printer daemon. It handles the manipulation of spooled files and any actual printing. It gets printer information from printcap. The original invocation listens only for requests; it forks off child processes to handle any requests received.

Example: This daemon is usually invoked by an rc script. To start lpd with logging, put a line such as the following in a script:

lpd -l &

-l

Turn logging of requests on.

port#

Allow the user to specify an internet port number on the command line, rather than letting the process obtain the port number from getservbyname.

/usr/sbin/rpc.mountd

[ -f exports-file ] [ -d facility ] [ -P port ] [ -Dhnprv ][ --debug facility ] [ --exports-file=file ] [ --help ][ --allow-non-root ] [ --re-export ] [ --version ]

mountd is the NFS mount daemon. Before exporting a file system, it checks /etc/exports for permission. If the request is approved, it creates a file handle for the requested directory and adds an entry to /etc/rmtab. When unmounting, the entry in /etc/ rmtab is removed.

Example: This daemon is usually invoked via script at boot time with this line:

mountd &

To startd mountd from inetd, add the following two lines to /etc/inetd.conf:

mount/1-2 dgram rpc/udp wait root /usr/sbin/rpc.mountd rpc.mountd

mount/1-2 stream rpc/tcp wait root /usr/sbin/rpc.mountd rpc.mountd

-f or --exports-file

Specify an export file other than the default, /etc/exports.

-d or --debug

Enable verbose logging of each transaction to standard error.

-F or --foreground

Run mountd in the foreground.

-h or --help

Display help information and exit.

-n or --allow-non-root

Permit mount requests that do not originate from reserved IP ports.

-Pportnumor --portportnum

Specify a port for inetd to listen on. Typically, the port number is specified in /etc/services.

-p or --promiscuous

Tell mountd to service any host on the network.

-r or --re-export

Allow reexport of imported NFS of SMB filesystems.

-v or --version

Display version information and exit.

named

[-d debuglevel] [-p port#] [-(b|c) config_file] [-f -q -r][-u user_name] [-g group_name] [-t directory] [-w directory][config_file]

Named is the Internet domain name server. It resolves host names into IP addresses. Named gets configuration information from /etc/named.conf.

Example: This daemon is usually invoked by inetd. To start named with some debugging information, use

named -d 1 &

-ddebuglevel

Specify the level of debugging information.

-pport#

Tell named to use the specified remote port number.

-(b|c)config_file

Specify an alternate configuration file (default is /etc/named.conf).

-f

Tell named to run in the foreground.

-q

Trace all incoming queries if NAMED has been compiled with QRYLOG defined.

-r

Allow name resolution only from local (primary or secondary) zones (recursion off).

-uuser_name

Tell named to run as the specified user after initialization.

-ggroup_name

Tell named to run as the specified group after initialization.

-tdirectory

Tell named to chroot into the specified directory after processing any command line arguments.

-wdirectory

Specify a working directory for the server.

/usr/sbin/rpc.nfsd

[ -f exports-file ] [ -d facility ] [ -P port ] [ -R dirname ][ -Fhlnprstv ] [ --debug facility ] [ --exports-file=file ][ --foreground ] [ --help ] [ --allow-non-root ] [ --re-export ][ --public-root dirname ] [ --port port ] [ --log-transfers ][ --version ] [ numservers ]

The nfsd program is an NFS service daemon that handles client filesystem requests.

Example: This daemon is usually started at system boot time. To start nfsd form with re-exported of filesystems that have themselves been imported (-r option), add the following line to a script:

nfsd -r &

-f or --exports-file

Tell nfsd to use the specified exports file.

-d facility or --debug facility

Enable verbose debugging.

-F or --foreground

Tell nfsd to run in the foreground.

-h or --help

Display help information and exit.

-l or --log-transfers

Attempt to log all files transferred by the NFS server.

-n or --allow-non-root

Permit servicing of NFS requests that do not originate from reserved IP ports.

-P portnum or --port portnum

Tell nfsd to listen on the specified port, rather than port 2049.

-p or --promiscuous

Allow nfsd to serve any host on the network.

-r or --re-export

Allow filesystems that have themselves been remotely mounted on the host system to be re-exported.

-R or --public-root

Specify the directory associated with the public file handle.

-v or --version

Display version information.

pppd

[ tty_name ] [ speed ] [ options ]

pppd is the point-to-point protocol daemon. PPP is a method for transmitting datagrams over serial connections.

Example: To start pppd on tty10 with baud rate 14400, use

pppd tty10 14400

<tty_name>

Specifies a tty to use for communication (may be /dev/<something>).

<speed>

Specify a baud rate for data transfer.

active-filter filter-expression

Specify a packet filter used to determine which packets are link activity.

asyncmap <map>

Set the async character to <map>.

Auth

Require authentication before transmitting packets.

callname

Read options from the file /etc/ppp/peers/name.

connect script

Use the specified executable or shell command to set up the serial line.

Crtscts

Tell pppd to use hardware flow control to control the flow of data on the serial port.

Defaultroute

Add a default route to the system routing tables, using the peer as the gateway, when IPCP negotiation is completed.

disconnect scrip

Run the specified script when pppd closes the link.

escape xx,yy,...

Escape the specified list of characters when transmitting. Characters are specified as a comma-separated list of hexadecimal codes.

file name

Read command line options from the specified file.

Lock

Tell pppd to create a uucp-style lock file for the serial device to ensure exclusive access.

mru n

Specify a Maximum Receive Unit (MRU) of n. The MRU value is the upper limit on the size of packets received.

mtu n

Specify a Maximum Receive Unit (MRU) of n. The MRU value is the upper limit on the size of packets transmitted.

passive

Allow pppd to passively wait for a connection.

<local_IP_address>: <remote_IP_address>

Specify the local or remote interface IP addresses.

chap-interval n

Rechallenge the peer every n seconds.

chap-max-challenge n

Specify an upper limit on the number of challenges.

chap-restart n

Specify retransmission interval for challenges of n seconds.

Debug

Enable connection debugging.

default-asyncmap

Disable asyncmap negotiation.

default-mru

Disable Maximum Receive Unit negotiation.

demand

Tell ppp to initiate the link only on demand.

domaind

Append the domain name "d" to the local host name for authentication purposes.

holdoffn

Specify the number of seconds to wait before re-initialization after a link is terminated.

idlen

Tell pppd to disconnect if the link is idle for n seconds.

ipcp-accept-local

Tell pppd to accept the peer's idea of the local IP address.

ipcp-accept-remote

Tell pppd to accept the peer's ide of its remote IP address.

ipcp-max-configuren

Set the maximum number of IPCP configure-request transmissions to n (default is 10).

ipx

Enable the IPXCP and IPX protocols.

ipx-networkn

Set the IPX network number in the IPXCP configure request frame to n, a hexadecimal number (without a leading 0x).

ipx-noden:m

Set the IPX node numbers (local:peer).

ipx-router-name <string>

Specify the name of the IPX router.

kdebugn

Enable debugging code in the kernel-level PPP driver. The argument n is a number that is the sum of the following values: 1 to enable general debug messages, 2 to request that the contents of received packets be printed, and 4 to request that the contents of transmitted packets be printed.

lcp-echo-failuren

Instruct pppd to presume the peer is dead when n LCP echo requests are sent without receiving a valid LCP echo reply.

lcp-echo-intervaln

Tell pppd to send an LCP echo request every n seconds.

lcp-max-configuren

Set the maximum number of LCP configure-request transmissions to n (default is 10).

lcp-max-terminaten

Specify a maximum number of LCP terminate-request transmissions.

lcp-restartn

Specify an LCP restart interval.

Local

Do not use the modem control lines.

Login

Use the system password database for authenticating the peer using PAP, and record the user in the system wtmp file.

maxconnectn

Terminate the connection after the specified number of seconds.

Modem

Tell pppd to use the modem control lines (default).

ms-dns <addr>

Allow pppd to supply a Microsoft Domain Name Server address to clients.

ms-wins <addr>

Allow pppd to supply a Windows Internet Name Server address to clients.

name name

Specify a local system name (for authentication purposes).

netmaskn

Specify an IP netmask of n.

noaccomp

Disable any use of Address/Control compression.

noauth

Do not require peer authentication.

nobsdcomp

Disable any use of BSD-Compress compression.

noccp

Disable any use of Compression Control Protocol (CCP).

nocrtscts

Disable hardware flow control over the serial port.

nodefaultroute

Disable the default route option.

nodeflate

Disable any use of deflate compression.

nodetach

Do not detach from the controlling terminal.

noip

Disable IPCP negotiation and IP communication.

noipx

Disable the IPXCP and IPX protocols.

nomagic

Disable magic number negotiation.

nopcomp

Disable protocol field compression negotiation.

nopersist

Exit immediately when a connection terminates.

nopredictor1

Do not accept or agree to Predictor-1 compression.

noproxyarp

Disable proxyarp.

pass-filter filter-expression

Specify a packet filter to apply to data packets in order to determine which packets will be allowed to pass.

persist

Try to re-open a terminated connection, rather than exiting.

predictor1

Compress frames using Predictor-1 compression.

refuse-chap

Do not allow authentication with CHAP.

refuse-pap

Do not allow authentication with PAP.

require-chap

Require the peer to authenticate itself by using Challenge Handshake Authentication Protocol (CHAP) authentication.

require-pap

Require the peer to authenticate itself using Password Authentication Protocol (PAP) authentication.

silent

Do not transmit LCP packets to initiate a connection.

usehostname

Force the use of the specified hostname as the local system name.

user name

Specify a user name to be used for authenticating on the peer.

vj-max-slots n

TCP/IP header compression and decompression code to n, where 2 < = n < = 16. Specify the number of connection slots to be used by the Van Jacobson.

xonxoff

Use software flow control to control the flow of data on the serial port.

rexecd

Rexecd is the remote execution server. It provides remote program execution capabilities with name/password authentication.

Example: This command has no options. To start rexecd, use

rexecd

rlogind

[-ahlLn]

This program is the server for the rlogin program. It provides remote login access based on privileged port numbers from trusted hosts. As the use of this daemon can be something of a security hole, you should configure and use it with caution.

Example: To start rlogind, allowing use of the .rhosts file for access control (-h option), add the following line to your inetd.conf file:

login stream tcp nowait root /usr/sbin/tcpd in.rlogind

-a

Ask the host for verification.

-h

Allow use of superuser ".rhosts" files.

-l

Do not allow authentication base on the user's .rhosts file.

-L

Do not allow authentication base on .rhosts hosts.equiv files.

-n

Disable keep-alive messages.

rshd

[-ahlnL]

This program is the server for the rcmd and rsh programs. It provides remote execution capabilities with authentication based on privileged port numbers for trusted hosts. Obviously, the use of this daemon can constitute a huge security hole. Configure and use it with caution.

Example: To start rshd with logging (-L), add the following line to your inetd.conf file:

shell stream tcp nowait root /usr/sbin/tcpd in.rshd -L

-l

Prevents authentication based on the user's .rhosts file.

-h

If user is superuser, this option may override the -l option and allow authentication based on .rhosts file.

-n

Disable transport-level keep alive messages.

-L

Log all successful accesses to syslogd as auth.info messages.

rwhod

[-bpa]

Rwhod maintains the database used by rwho and ruptime.

Example: To start rwhod allowing both broadcast and point-to-point interfaces, use

rwhod -a

-b

Use only broadcast interfaces (e.g., ethernets).

-p

Use only point to point interfaces.

-a

Use all interfaces.

syslogd

[ -d ] [ -f config file ] [ -h ] [ -l hostlist ] [ -m interval ] [ -n ][ -p socket ] [ -r ] [ -s domainlist ] [ -v ]

This program provides facilities for logging and kernel message trapping. Logging may be either local or remote.

Example: This daemon is usually invoked at boot time by one or another of the rc scripts. To start syslogd with timestamping at 20-minute intervals (-m option), use

syslogd -m &

-d

Run in debug mode.

-fconfig file

Specify an alternate configuration file.

-h

Allow syslogd to forward any remote messages to defined forwarding hosts.

-lhostlist

Specify a host that should be logged only by hostname, rather than by a fully qualified domain name.

-minterval

Mark timestamps to the system log at regular intervals.

-n

Do not auto background.

-psocket

Specify an alternate UNIX domain socket, rather than /dev/log.

-r

Allow syslogd to receive messages from the network via an Internet domain socket.

-sdomainlist

Specify domain names to be stripped off before logging.

-v

Display version information and exit.

talkd

This daemon is the program that notifies user B that user A wants to have a conversation via talk.

Example: This command has no options. Talkd is usually started by inetd, which uses tcpd to do the actual invocation. To start talkd, add the following line to your inetd.conf file:

talk dgram udp wait root /usr/sbin/tcpd in.talkd

tcpd

This daemon is used to provide access control and logging for standard TCP/IP services. It monitors incoming requests for telnet, finger, ftp, exec, rsh, rlogin, tftp, talk, comsat, etc., and services their requests, logging and booting people out as necessary. Inetd uses this program to invoke other tcp daemons.

Example: This daemon is usually invoked by inetd. To use tcpd to invoke ftpd, add the following line to your inetd.conf file:

ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a

/usr/sbin/in.telnetd

[-hns] [-a authmode] [-D debugmode] [-L loginprg] [-S tos][-X authtype] [-edebug] [-debug port]

Telnetd is the daemon that services telnet requests.

Example: This daemon is usually invoked by inetd. To start telnetd, use

telnetd &

-a authmode

Specify the authentication mode.

debug

Turns on authentication debugging code.

user

Only allows connections when the remote user can provide user authentication information.

valid

Only allows connections when the remote user can provide user authentication information.

other

Equivalent to "valid".

none

Does not require authentication.

off

Disables the authentication code.

 

-D debugmode

Specify one of the following debug modes:

options

Prints information about the negotiation of telnetoptions.

report

Prints the options information, plus some additional information about what processing is going on.

netdata

Displays the data stream received by telnetd.

ptydata

Displays data written to the pty.

exercise

Has not been implemented yet.

 

-edebug

Enable encryption debugging code.

-h

Disable printing of host information until the login verification is completed.

-L loginprg

Specify a login program other than the default.

-n

Disable TCP keep alives.

-s

Allow only SecurID logins.

-S tos

Set type of service to tos.

-X authtype

Disable the use of the specified type of authentication.

tftpd

[directory ]

This command supports the trivial file transfer protocol.

Example: This daemon is usually invoked by inetd. To start tftpd, use

tftpd &

rpc.yppasswdd

[-D directory] [-e chsh|chfn]

rpc.yppasswdd

[-s shadow] [-p passwd] [-e chsh|chfn]

When using NIS, change passwords across the network with yppasswd. Yppasswdd is the server daemon.

Example: To start yppasswdd, use

yppasswdd &

-Ddirectory

Specify a directory where the passwd and shadow passwd files may be found.

-ppasswdfile

Tell rpc.yppasswdd to use a source file other than /etc/passwd.

-sshadowfile

Tell rpc.yppasswdd to use a source file other than /etc/passwd.

-e [chsh|chfn]

Enable users to change either their shell or GECOS field.

-v --version

Display version information and exit.

-m

No effect. Included for compatibility.

 



Linux Desk Reference
Linux Desk Reference (2nd Edition)
ISBN: 0130619892
EAN: 2147483647
Year: 2000
Pages: 174
Authors: Scott Hawkins

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net