aboutsummaryrefslogtreecommitdiffstats
path: root/security/xinetd/pkg-descr
blob: 7cc29eccd957534eabc133a60e8bf718e3c2c600 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
Xinetd is a replacement for inetd, the internet services daemon.

Xinetd is not just an inetd replacement. Anybody can use it to
start servers that don't require privileged ports because xinetd
does not require that the services in its configuration file be
listed in /etc/services.

Its configuration file has a different format than inetd's one
and it understands different signals. However the signal-to-action 
assignment can be changed.

It is a lot better than inetd. Here are the reasons:

1) It can do access control on all services based on:
   a. address of remote host
   b. time of access

2) Access control works on all services, whether multi-threaded or
   single-threaded and for both the TCP and UDP protocols.  All UDP
   packets can be checked as well as all TCP connections.

3) It provides hard reconfiguration:
   a. kills servers for services that are no longer in the configuration file
   b. kills servers that no longer meet the access control criteria

4) It can prevent denial-of-access attacks by
   a. placing limits on the number of servers for each service (avoids
      process table overflows)
   b. placing an upper bound on the number of processes it will fork
   c. placing limits on the size of log files it creates

5) Extensive logging abilities:
   a. for every server started it can log:
      i) the time when the server was started
      ii) the remote host address
      iii) who was the remote user (if the other end runs a RFC-931/RFC-1413
            server)
      iv) how long the server was running
      (i, ii and iii can be logged for failed attempts too).
   b. for some services, if the access control fails, it can
      log information about the attempted access (for example,
      it can log the user name and command for the rsh service)

6) No limit on number of server arguments