Skip to content

xinetd

wikipedia xinetd

In computer networking, xinetd (Extended Internet Service Daemon) is an open-source super-server daemon,[3] runs on many Unix-like systems and manages Internet-based connectivity.

It offers a more secure alternative to the older inetd ("the Internet daemon"), which most modern Linux distributions have deprecated.[4]

Description

xinetd listens for incoming requests over a network and launches the appropriate service for that request.[5] Requests are made using port numbers as identifiers and xinetd usually launches another daemon to handle the request. It can be used to start services with both privileged and non-privileged port numbers.

xinetd features access control mechanisms such as TCP Wrapper ACLs, extensive logging capabilities, and the ability to make services available based on time. It can place limits on the number of servers that the system can start, and has deployable defense mechanisms to protect against port scanners, among other things.

On some implementations of Mac OS X, this daemon starts and maintains various Internet-related services, including FTP and telnet. As an extended form of inetd, it offers enhanced security. It replaced inetd in Mac OS X v10.3, and subsequently launchd replaced it in Mac OS X v10.4. However, Apple has retained inetd for compatibility purposes.

Configuration

Configuration of xinetd resides in the default configuration file /etc/xinetd.conf and configuration of the services it supports reside in configuration files stored in the /etc/xinetd.d directory. The configuration for each service usually includes a switch to control whether xinetd should enable or disable the service.

When the wait is on yes the xinetd will not receive request for the service if it has a connection. So the number of connections is limited to one. It provides very good protection when we want to establish only one connection per time.

There are many more options available for xinetd. In most Linux distributions the full list of possible options and their description is accessible with a "man xinetd.conf" command.

To apply the new configuration a SIGHUP signal must be sent to the xinetd process to make it re-read the configuration files. This can be achieved with the following command: kill -SIGHUP "PID". PID is the actual process identifier number of the xinetd, which can be obtained with the command pgrep xinetd.[6][7]