Recipe 3.12 Restricting Access by Time of Day

Previous page
Table of content
Next page

3.12.1 Problem

You want a service to be available only at certain times of day.

3.12.2 Solution

For xinetd , use its access_times attribute. For example, to make telnetd accessible from 8:00 a.m. until 5:00 p.m. (17:00) each day:

/etc/xinetd.conf or /etc/xinetd.d/telnet: service telnet {         ...         access_times = 8:00-17:00 }

For inetd, we'll implement this manually using the m4 macro processor and cron. First, invent some strings to represent times of day, such as "working" to mean 8:00 a.m. and "playing" to mean 5:00 p.m. Then create a script (say, inetd-services) that uses m4 to select lines in a template file, creates the inetd configuration file, and signals inetd to reread it:

/usr/local/sbin/inetd-services: #!/bin/sh m4 "$@" /etc/inetd.conf.m4 > /etc/inetd.conf.$$ mv /etc/inetd.conf.$$ /etc/inetd.conf kill -HUP `pidof inetd`

Copy the original /etc/inetd.conf file to the template file, /etc/inetd.conf.m4. Edit the template to enable services conditionally according to the value of a parameter, say, TIMEOFDAY. For example, the Telnet service line that originally looks like this:

telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd

might now look like:

ifelse(TIMEOFDAY,working,telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd)

which means "if TIMEOFDAY is working, include the Telnet line, otherwise don't." Finally, set up crontab entries to enable or disable services at specific times of day, by setting the TIMEOFDAY parameter:

0  8 * * * /usr/local/sbin/inetd-services -DTIMEOFDAY=working 0 17 * * * /usr/local/sbin/inetd-services -DTIMEOFDAY=playing

3.12.3 Discussion

For xinetd, we can easily control each service using the access_times parameter. Times are specified on a 24-hour clock.

For inetd, we need to work a bit harder, rebuilding the configuration file at different times of day to enable and disable services. The recipe can be readily extended with additional parameters and values, like we do with TIMEOFDAY. Notice that the xinetd solution uses time ranges, while the inetd solution uses time instants (i.e., the minute that cron triggers inetd-services).

3.12.4 See Also

xinetd.conf(5), inetd.conf(5), m4(1), crontab(5).

Previous page
Table of content
Next page
Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Inside Network Security Assessment: Guarding Your IT Infrastructure
Oracle Developer Forms Techniques
C++ How to Program (5th Edition)
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy