X-based inetd replacement for security and management.

Submitted by:	markm

5 files changed, 75 insertions, 0 deletions

diff --git a/security/xinetd/Makefile b/security/xinetd/Makefile
new file mode 100644
index 000000000000..4264c51e11a4
--- /dev/null
+++ b/security/xinetd/Makefile
@@ -0,0 +1,25 @@
+# New ports collection makefile for:	xinetd
+# Version required:	2.1.7-freebsd.4
+# Date created:		28 June 1996
+# Whom:			markm
+#
+# $Id$
+#
+
+DISTNAME=	xinetd.2.1.7.4
+CATEGORIES+=	security
+MASTER_SITES=	ftp://ftp.telebase.com/pub/security/
+DISTFILES=	xinetd.2.1.7-freebsd.4.tar.gz
+
+WRKSRC=		${WRKDIR}/xinetd.2.1.7-freebsd.4
+
+MAINTAINER=	markm@FreeBSD.ORG
+
+do-build:
+	cd ${WRKSRC} ; ./compile-src -os freebsd2 -sf has_SB
+
+do-install:
+	cd ${WRKSRC}/xinetd ; make install
+	cd ${WRKSRC}/xinetd ; make install.man
+
+.include <bsd.port.mk>
diff --git a/security/xinetd/distinfo b/security/xinetd/distinfo
new file mode 100644
index 000000000000..b1f8239af228
--- /dev/null
+++ b/security/xinetd/distinfo
@@ -0,0 +1 @@
+MD5 (xinetd.2.1.7-freebsd.4.tar.gz) = f2be3c9013e1100774c10d26715b445b
diff --git a/security/xinetd/pkg-comment b/security/xinetd/pkg-comment
new file mode 100644
index 000000000000..51ae9c4d8eca
--- /dev/null
+++ b/security/xinetd/pkg-comment
@@ -0,0 +1 @@
+Replacement for inetd with control and logging
diff --git a/security/xinetd/pkg-descr b/security/xinetd/pkg-descr
new file mode 100644
index 000000000000..7cc29eccd957
--- /dev/null
+++ b/security/xinetd/pkg-descr
@@ -0,0 +1,44 @@
+Xinetd is a replacement for inetd, the internet services daemon.
+
+Xinetd is not just an inetd replacement. Anybody can use it to
+start servers that don't require privileged ports because xinetd
+does not require that the services in its configuration file be
+listed in /etc/services.
+
+Its configuration file has a different format than inetd's one
+and it understands different signals. However the signal-to-action 
+assignment can be changed.
+
+It is a lot better than inetd. Here are the reasons:
+
+1) It can do access control on all services based on:
+   a. address of remote host
+   b. time of access
+
+2) Access control works on all services, whether multi-threaded or
+   single-threaded and for both the TCP and UDP protocols.  All UDP
+   packets can be checked as well as all TCP connections.
+
+3) It provides hard reconfiguration:
+   a. kills servers for services that are no longer in the configuration file
+   b. kills servers that no longer meet the access control criteria
+
+4) It can prevent denial-of-access attacks by
+   a. placing limits on the number of servers for each service (avoids
+      process table overflows)
+   b. placing an upper bound on the number of processes it will fork
+   c. placing limits on the size of log files it creates
+
+5) Extensive logging abilities:
+   a. for every server started it can log:
+      i) the time when the server was started
+      ii) the remote host address
+      iii) who was the remote user (if the other end runs a RFC-931/RFC-1413
+            server)
+      iv) how long the server was running
+      (i, ii and iii can be logged for failed attempts too).
+   b. for some services, if the access control fails, it can
+      log information about the attempted access (for example,
+      it can log the user name and command for the rsh service)
+
+6) No limit on number of server arguments
diff --git a/security/xinetd/pkg-plist b/security/xinetd/pkg-plist
new file mode 100644
index 000000000000..95565ed9ad6e
--- /dev/null
+++ b/security/xinetd/pkg-plist
@@ -0,0 +1,4 @@
+man/man1/xinetd.1
+man/man5/xinetd.conf.5
+man/man5/xinetd.log.5
+sbin/xinetd