xinetd Access Control
Wednesday, June 17, 2009
When you have a system available from the Internet or remote location, you must consider applying some security on your system. In Redhat there are some services run by xinetd server. xinetd is consider a “super server” in Redhat linux environment.
Here I am going to show you how you can implement security on a service under xinetd in your system.
Below I have printed a sample /etc/xinetd.d/telnet file for our purpose –
# a sample /etc/xinetd.d/telnet file
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
only_from = 172.16.0.0/16
no_access = 172.16.1.2
per_source = 1
instances = 4
access_times = 13:00-17:00
}
# end of file
In the above sample file, -
disable = no (enable telnet service)
only_from = 172.16.0.0/16 (Telnet server will respond to clients from
no_access = 172.16.1.2 172.16.0.0/16 network only, except
172.16.1.2)
per_source = 1 (Per source only one connection will be
allowed)
instances = 4 (Total number of connection allowed is 4)
access_times = 13:00-15:00 (Connection will be allowed between 13 and
15 hrs)
However, whenever you modify /etc/xinetd.d/telnet file, never forget to restart the xinetd service. Run – service xinetd restart
Here I am going to show you how you can implement security on a service under xinetd in your system.
Below I have printed a sample /etc/xinetd.d/telnet file for our purpose –
# a sample /etc/xinetd.d/telnet file
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
only_from = 172.16.0.0/16
no_access = 172.16.1.2
per_source = 1
instances = 4
access_times = 13:00-17:00
}
# end of file
In the above sample file, -
disable = no (enable telnet service)
only_from = 172.16.0.0/16 (Telnet server will respond to clients from
no_access = 172.16.1.2 172.16.0.0/16 network only, except
172.16.1.2)
per_source = 1 (Per source only one connection will be
allowed)
instances = 4 (Total number of connection allowed is 4)
access_times = 13:00-15:00 (Connection will be allowed between 13 and
15 hrs)
However, whenever you modify /etc/xinetd.d/telnet file, never forget to restart the xinetd service. Run – service xinetd restart
Labels: command, linux administrator guide, Linux installation guide, linux security, modify xinetd service., pocket linux guide, red hat linux guide, service, xinetd, xinetd Access Control, xinetd server
posted by Gautam at 8:38 PM, | 
Post a Comment