XINETD
In a Nutshell - CIW Course Section 3, Part B1, Chapter 12
XINETD Configuration Files
Extended Internet Services Daemon (xinetd) starts programs that provide Internet services. Some of it's many features are listed below:
- can perform access control
- can prevent service attacks
- has extensive logging capabilities
- can offload services to a remote host
- supports Internet Protocol version 6 (IPv6)
- facilitates user interaction
To configure IP services, you can edit the various scripts in the /etc/xinetd.d/ directory. These scripts include finger, rlogin, rsh, swat, telnet and vnc.
An example of the telnet script is shown below:
| # default: on # description: The telnet server serves telnet sessions; it uses \ # unencrypted username/password pairs for authentication. service telnet { disable = no flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID } |
Finger
System administrators often disable finger. It has a long history of security problems and tends to reveal too much information about users. The finger protocol allows you to gain information about local and remote users on a particular system.
Finger can display the user's logon name, real name, idle time, and login time. It can be controlled by editing it's script in the /etc/xinetd.d/ directory.