Index of /itools/SECURITY/XINETD

      Name                    Last modified       Size  Description


[DIR] Parent Directory        19-Apr-2005 00:40      -  
[TXT] AIDE                    28-Jun-1993 07:42     1k  
[TXT] COMPILE_                28-Jun-1993 07:19    10k  
[   ] FSMA_2_0.TAR            28-Jun-1993 07:19    24k  
[TXT] INSTALL                 28-Jun-1993 07:19     4k  
[   ] MISC_1_2.TAR            28-Jun-1993 07:19    40k  
[   ] PSET_1_1.TAR            28-Jun-1993 07:19    24k  
[   ] SIO_1_5_.TAR            28-Jun-1993 07:19   160k  
[   ] STR_1_2_.TAR            28-Jun-1993 07:19    40k  
[TXT] UNPACK_S                28-Jun-1993 07:19     2k  
[   ] XINETD_2.TAR            28-Jun-1993 07:19   360k  
[   ] XLOG_1_0.TAR            28-Jun-1993 07:19    48k  


======================================================================
ATTENTION: vi users set your tabstop to 3 to make this file (and all
           other files) look nice on your screen
======================================================================

Q. What is xinetd ?
A. xinetd is a replacement for inetd, the internet services daemon.


Q: I am not a system administrator; what do I care about an inetd replacement ?
A: xinetd is not just an inetd replacement. Anybody can use it to start servers
	that don't require privileged ports because xinetd does not require that the 
	services in its configuration file be listed in /etc/services.


Q. Is it compatible with inetd ?
A. No, its configuration file has a different format than inetd's one
   and it understands different signals. However the signal-to-action 
	assignment can be changed and a program has been included to convert 
	inetd.conf to xinetd.conf.


Q. Why should I use it ?
A. Because it is a lot better (IMHO) than inetd. Here are the reasons:

      1) It can do access control on all services based on:
            a. address of remote host 
            b. time of access

      2) Extensive logging abilities:
            a. for every server started it can log:
                    i) the time when the server was started
						 ii) the remote host address
						iii) who was the remote user (if the other end runs a 
							  RFC931 server)
                   iv) how long the server was running
               (i, ii and iii can be logged for failed attempts too).
            b. for some services, if the access control fails, it can
               log information about the attempted access (for example,
               it can log the user name and command for the rsh service)

      3) It provides hard reconfiguration:
				a. kills servers for services that are no longer in the 
					configuration file
				b. kills servers that no longer meet the access control criteria

      4) No limit on number of server arguments

		5) Access control works on all services, whether multi-threaded or
			single-threaded and for both the TCP and UDP protocols.
			All UDP packets can be checked as well as all TCP connections.

		6) It can prevent denial-of-access attacks by 
				a. placing limits on the number of servers for each service
				b. placing an upper bound on the number of processes it will fork
				c. placing limits on the size of log files it creates