1. Unix Inetd
  2. Inetd Linux

28.2. The inetd Super-Server The daemon is sometimes referred to as a Super-Server because it manages connections for many services. Instead of starting multiple applications, only the inetd service needs to be started.

When a connection is received for a service that is managed by inetd, it determines which program the connection is destined for, spawns a process for that program, and delegates the program a socket. Using inetd for services that are not heavily used can reduce system load, when compared to running each daemon individually in stand-alone mode. Primarily, inetd is used to spawn other daemons, but several trivial protocols are handled internally, such as chargen, auth, time, echo, discard, and daytime. This section covers the basics of configuring inetd. 28.2.1. Configuration File Configuration of inetd is done by editing /etc/inetd.conf.

Working with inetd and xinetd. It can turn virtually any script or program into a service. Working with inetd and xinetd, the Internet 'super server'.

Each line of this configuration file represents an application which can be started by inetd. By default, every line starts with a comment ( #), meaning that inetd is not listening for any applications. To configure inetd to listen for an application's connections, remove the # at the beginning of the line for that application. After saving your edits, configure inetd to start at system boot by editing /etc/rc.conf: inetdenable='YES' To start inetd now, so that it listens for the service you configured, type: # service inetd start Once inetd is started, it needs to be notified whenever a modification is made to /etc/inetd.conf. 28.2.2. Command-Line Options Like most server daemons, inetd has a number of options that can be used to modify its behavior. By default, inetd is started with -wW -C 60.

Unix Inetd

These options enable TCP wrappers for all services, including internal services, and prevent any IP address from requesting any service more than 60 times per minute. To change the default options which are passed to inetd, add an entry for inetdflags in /etc/rc.conf.

Inetd

If inetd is already running, restart it with service inetd restart. The available rate limiting options are.

C maximum Specify the default maximum number of simultaneous invocations of each service, where the default is unlimited. May be overridden on a per-service basis by using max-child in /etc/inetd.conf.C rate Specify the default maximum number of times a service can be invoked from a single IP address per minute. May be overridden on a per-service basis by using max-connections-per-ip-per-minute in /etc/inetd.conf.R rate Specify the maximum number of times a service can be invoked in one minute, where the default is 256. A rate of 0 allows an unlimited number.s maximum Specify the maximum number of times a service can be invoked from a single IP address at any one time, where the default is unlimited. May be overridden on a per-service basis by using max-child-per-ip in /etc/inetd.conf.

Inetd Linux

Additional options are available. Refer to for the full list of options.

28.2.3. Security Considerations Many of the daemons which can be managed by inetd are not security-conscious. Some daemons, such as fingerd, can provide information that may be useful to an attacker. Only enable the services which are needed and monitor the system for excessive connection attempts. Max-connections-per-ip-per-minute, max-child and max-child-per-ip can be used to limit such attacks. By default, TCP wrappers is enabled. Consult for more information on placing TCP restrictions on various inetd invoked daemons.