Red Hat Linux 9: Red Hat Linux ��ȥ��
��Υڡ��	�� 15��TCP��åѡ��`xinetd`	��Υڡ��

15.4. `xinetd`��ե��

xinetd��ե��ϰʲ��Τ褦�ˤʤ�ޤ��

/etc/xinetd.conf — ��Х�� xinetd��ե��롣
/etc/xinetd.d/�ǥ��쥯�ȥ� — ��ƤΥ��ӥ��ͭ�Υե��ޤ��ǥ��쥯�ȥꡣ

15.4.1. `/etc/xinetd.conf`�ե��

/etc/xinetd.conf�ˤϡ�xinetd��θ�� ƤΥ��ӥ��ƶ��Ū�ʹ��꤬�ޤޤ�Ƥ��ޤ��xinetd ��ӥ��Ϥ��1��ɤ߹��ޤ�뤿�ᡢ��ѹ��ȿ�Ǥ��褦�ˤ��뤿��ˤ� ��ԤϤޤ��xinetd��ӥ��Ƶ�ư��ɬ�פ��ޤ��ʲ��˥��ץ�� /etc/xinetd.conf�ե��򼨤��ޤ��

defaults
{
        instances               = 60
        log_type                = SYSLOG authpriv
        log_on_success          = HOST PID
        log_on_failure          = HOST
        cps                     = 25 30
}
includedir /etc/xinetd.d

��ιԤϡ�xinetd�Τ��ޤ��ޤ�¦�̤��椷�ޤ��

instances — xinetd�� 1�٤��н�Ǥ��׵��ꤷ�ޤ��
log_type — xinetd��ꤷ�� authpriv��Ѥ��ޤ��ϥ��ȥ꡼�� /var/log/secure�ե��˽񤭹��ߤޤ�� FILE /var/log/xinetdlog�Τ褦�ʥǥ��쥯�ƥ��֤򤳤�� ɲä��ȡ�/var/log/�ǥ��쥯�ȥ��xinetdlog�� ե��ޤ��
log_on_success — xinetd��ꤷ�ơ��³�� ɤ��ޤ��ǥե��ȤǤϡ��⡼�ȥۥ��Ȥ� IP��ɥ쥹��׵��ץ��Ƥ��륵��С��Υץ��ID�� Ͽ��ޤ��
log_on_failure — xinetd��ꤷ�ơ��³��Ԥ��뤫�ɤ�� ϡ��³��Ĥ��Ƥ��ʤ��ɤ��ޤ��
cps — xinetd��ꤷ�� ɤΥ��ӥ��ˤ��25��³�ʾ�ϵ��Ĥ��ʤ��褦�ˤ��ޤ��θ��٤��ã ��ϡ��ӥ��30�ä��ٷƤ��ޤ��
includedir /etc/xinetd.d/ —/etc/xinetd.d/�ǥ��쥯�ȥ�� 륵��ӥ��ͭ��ե��Ƥ��륪�ץ��ޤ�ޤ��Υǥ��쥯�ȥ�� ܺ٤ˤĤ��Ƥ��15.4.2�򻲾Ȥ��Ʋ��

	��
	¿��ξ�硢`/etc/xinetd.conf`��`log_on_success`�� `log_on_failure`��ξ��ϡ��˥��ӥ��ͭ�Υ��ե��Խ�� ޤ��ͳ�ǡ��Υե��뤬��ʾ�˳��륵��ӥ��ˤϤ��¿��ξ��ɽ�� ǽ��ޤ��󥰥��ץ��ξܺ٤ˤĤ��Ƥ��15.4.3.1��

15.4.2. `/etc/xinetd.d/`�ǥ��쥯�ȥ�

/etc/xinetd.d/�ǥ��쥯�ȥ��Υե��ˤϡ�xinetd�� Ƥ��ƥ��ӥ��ե��ȡ��Υ��ӥ��˴�Ϣ��ե��̾��ޤޤ�� ޤ��xinetd.conf�ξ��Ʊ�ͤˤ��Υե��xinetd ��ӥ��Ϥ��ˤ��ɤ߹��ޤ�ޤ��ѹ��ȿ�Ǥ��뤿��ˤϡ��Ԥ�xinetd ��ӥ��Ƶ�ư��ɬ�פ��ޤ��

/etc/xinetd.d/�ǥ��쥯�ȥ��Υե��Υե��ޥåȤ� /etc/xinetd.conf��Ʊ��Ѥ��ޤ��ƥ��ӥ�� ꤬�̡��Υե��˳�Ǽ��Ƥ��ͳ�ϡ��ޥ��ñ�ˤ��뤳�Ȥȡ� ¾�Υ��ӥ��˱ƶ��Ϳ��ǽ��ʤ��ʤ뤫��Ǥ��

��Υե��뤬�ɤΤ褦�˹��뤫��Τ�ˤϡ� /etc/xinetd.d/telnet�ե��θ��Ʋ��

service telnet
{
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        log_on_failure  += USERID
        disable         = yes
}

��ιԤϡ�telnet��ӥ��Τ��ޤ��ޤ�¦�̤��椷�ޤ��

service — ��ӥ�̾��ޤ�� ̾/etc/services�ե��˥ꥹ�Ȥ��Ƥ�� ӥ��˹�碌�ޤ��
flags — ��³�ΰ٤�ɬ�פʿ��°�� åȤ��ޤ��REUSE��xinetd��Ф�� Telnet��³�Υ��åȤ�ƻ��Ѥ��褦�˻ؼ��ޤ��
socket_type — �ͥåȥ��åȤ� ��פ�stream��ꤷ�ޤ��
wait — ��ӥ��󥰥륹��å�(yes)�� ϥޥ��å�(no)��ޤ��
user — �ץ��¹Ԥ˻��Ѥ��桼��ID��ޤ��
server — ��ư��ͽ��ΥХ��ʥ�¹ԥե��ޤ��
log_on_failure — ��xinetd.conf�� Ƥ��ʪ��ɲä��ơ�log_on_failure�ѤΥ��󥰥ѥ�᡼��ޤ��
disable — ��ӥ��ͭ��ɤ��ޤ��

15.4.3. `xinetd`��ե��ѹ�

xinetd��ݸ��Ƥ��륵��ӥ��Ѥˤ��ѤǤ��¿��μ�� ǥ��쥯�ƥ��֤��ޤ��Υ��Ϥ��Ū�˻��Ѥ��Ƥ��륪�ץ�� Ĵ��ޤ��

15.4.3.1. ��󥰥��ץ��

�ʲ��Υ��󥰥��ץ��ϡ�/etc/xinetd.conf�� /etc/xinetd.d/�ǥ��쥯�ȥ��Υ��ӥ��ͭ�� ե��ξ��ѤǤ��ޤ��

�ʲ��ˤ��Ū�˻��Ѥ��Ƥ��󥰥��ץ��ΰ��ɽ��ޤ��

ATTEMPT — ��Ԥλ�Ԥ��ä��¤��ޤ� (log_on_failure)��
DURATION — ��⡼�ȥ��ƥ�ˤ�äƻ��Ѥ��줿 ��ӥ��λ��֤�Ĺ��ޤ�(log_on_success)��
EXIT — ��ӥ��ν�λ��ơ��Ͻ��륷��ʥ�� ޤ�(log_on_success)��
HOST — ��⡼�ȥۥ��Ȥ�IP��ɥ쥹(log_on_failure�� log_on_success)��ޤ��
PID — �׵��Ƥ��륵��С��Υץ��ID��ޤ� (log_on_success)��
RECORD — ��ӥ��ȤǤ��ʤ��ˡ��⡼�ȥ��ƥ�� ؤ��Ͽ��ޤ��login��finger�ʤɤ�� ӥ��Τߤ��Υ��ץ��(log_on_failure)��ѤǤ��ޤ��
USERID — ��ƤΥޥ��åɥ��ƥ�ΰ٤� RFC 1413��줿��ˡ��Ѥ��Ƥ��⡼�ȥ桼��ޤ� (log_on_failure��log_on_success)��

��󥰥��ץ��Ū�ꥹ�ȤˤĤ��Ƥϡ�xinetd.conf��man�ڡ��

15.4.3.2. ��Υ��ץ��

xinetd�Υ桼��ϡ�TCP��åѡ��ۥ��ȥ��§�λ��Ѥ�� xinetd��ե��ͳ�ǤΥ��Ѱդ��Ϥ�� ξ��Ǥ��ޤ��TCP��åѡ��ۥ��ȥ��ե��λ��Ѥ˴ؤ�� 15.2�Ǹ��뤳�Ȥ��Ǥ��ޤ��Υ��Ǥ� ��ӥ��ؤΥ��椹�뤿��xinetd�λ��Ѥ��ޤ��

	��
	TCP��åѡ��Ȥϰۤʤꡢ`xinetd`�δ��Ԥ�`xinetd`��ӥ�� Ƶ�ư��ˤΤߡ��ؤ��ѹ��ȿ�Ǥ��ޤ��

xinetd�ۥ��ȥ��ϡ�TCP��åѡ��ǻ��Ѥ��Ƥ��ˡ�� ۤʤ�ޤ��TCP��åѡ��ƤΥ��2�ĤΥե��롢/etc/hosts.allow�� /etc/hosts.deny��֤��Τ��Ф��ơ�/etc/xinetd.d�� ƥ��ӥ��ե��Ϥ��켫�ȤΥ��浬§��ޤळ�Ȥ��Ǥ��ޤ��

�ʲ��Υۥ��ȥ��ץ��ϡ�xinetd�ˤ�äƥ��ݡ��Ȥ��Ƥ��ޤ��

only_from — ��Υۥ��ȤΤߤ˥��ӥ��λ��Ѥ��Ĥ��ޤ��
no_access — �ꥹ�Ȥˤ��ۥ��ȤΥ��ӥ��Ѥ��ݤ��롣
access_times — ��Υ��ӥ��ѤǤ��ꤹ�롣 ��λ��24��ַ��HH:MM-HH:MM��ɽ��򤹤�ɬ�פ��ޤ��

only_from��no_access��ץ�� IP��ɥ쥹��ϥۥ��̾�ΰ��뤤�ϥͥåȥ��Τλ��꤬�Ǥ��ޤ�� TCP��åѡ��ͤˡ��ȶ��xinetd�� 礹�뤳�Ȥˤ�ꡢ��줾��³��Ԥε�Ͽ��ܺ٤˼��ʤ��顢 �ػߤ��Ƥ��ۥ��Ȥ��׵��֥��å��ƥ��ƥ��򶯲��Ǥ��ޤ��

�㤨�С��ʲ��/etc/xinetd.d/telnet�ե��ϡ�� ͥåȥ��롼�פ��Telnet��֥��å��ơ��Ĥ��줿�桼�� ⡢��ǽ�ʻ��Ӥ��¤��٤˻��ѤǤ��ޤ��

service telnet
{
        disable         = no
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        log_on_failure  += USERID
        no_access       = 10.0.1.0/24
        log_on_success  += PID HOST EXIT
        access_times    = 09:45-16:15
}

��Ǥϡ�10.0.1.2�ʤɤ�10.0.1.0/24�ͥåȥ��Υ��饤��ȥ��ƥब�� Telnet��ӥ��˥��ߤ��硢�ʲ��Τ褦��ɽ��å�� Ȥˤʤ�ޤ��

Connection closed by foreign host.

��ˡ��Υ��Ԥϡ��Τ褦��/var/log/secure�� ˵�Ͽ��ޤ��

May 15 17:38:49 boo xinetd[16252]: START: telnet pid=16256 from=10.0.1.2
May 15 17:38:49 boo xinetd[16256]: FAIL: telnet address from=10.0.1.2
May 15 17:38:49 boo xinetd[16252]: EXIT: telnet status=0 pid=16256

TCP��åѡ��xinetd��ʻ�Ѥ��硢2�Ĥ� ��ᥫ�˥��֤δط��򤹤뤳�Ȥ��פǤ��

��饤��Ȥ��³��׵�򤷤��xinetd�ˤ�ä�³�� ư��ν��ʲ��˼��ޤ��

xinetd�ǡ��libwrap.a�饤�֥�ꥳ�� ͳ��ơ�TCP��åѡ��ۥ��ȥ��§�˥��ޤ��⤷��ݤε�§��饤��ȥۥ��Ȥ� Ŭ�礹��ʤ�С��³��Ǥ��ޤ��Ĥε�§��饤��ȥۥ��Ȥ�Ŭ�礹��硢��³�� xinetd��Ϥ��ޤ��
xinetd�ǡ��ϡ�xinetd��ӥ�� ׵ᤵ�줿��ӥ��ξ��ΰ٤ˡ��ȤΥ��浬§��å��ޤ��⤷�� ݤε�§��饤��ȥۥ��Ȥ�Ŭ�礹��硢��³��Ǥ��ޤ��¾�� ϡ�xinetd��׵ᤵ�줿��󥹥��󥹤򳫻Ϥ��³�� Ϥ��ޤ��

	��
	TCP��åѡ��`xinetd`��ʻ�Ѥ��硢 ��դ�ɬ�פǤ��ߥ��ɤ��̷�̤򾷤��Ȥˤʤ�ޤ��

15.4.3.3. �Х��ɤȥ��쥯�ȥ��ץ��

xinetd�ѤΥ��ӥ��ϡ��ӥ��򤢤�IP��ɥ쥹�� Х��ɤ��Υ��ӥ��Ѥ��׵��̤�IP��ɥ쥹��ۥ��̾��뤤�� ݡ��Ȥإ��쥯�Ȥ��ޤ��

�Х��ǥ��󥰤ϡ��ӥ��ͭ��ե��bind��ץ�� 椵��Ƥ��ꡢ��ӥ��򥷥��ƥ��IP��ɥ쥹��Ϣ�뤷�ޤ��ꤵ��ȡ� bind��ץ��ϡ��IP��ɥ쥹�ΰ٤��׵�Τߤ򤽤Υ��ӥ�� Ĥ򤷤ޤ��ˡ�ǰۤʤ륵��ӥ��ϰۤʤ�ͥåȥ��󥿡��ե�� ץ١��ǥХ��ɤǤ��ޤ��

��ϡ��ä�ʣ��Υͥåȥ��ץ��ʣ��IP��ɥ쥹��ꤷ��ƥ�ˤ� ��ʤ�ΤǤ��Τ褦�ʥ��ƥ�Ǥϡ�Telnet�ʤɤΰ��Ǥʤ��ӥ��ϥץ饤�١��Ȥ� �ͥåȥ��³��Ƥ��륤�󥿡��ե��ǤΤߥ�å��󤹤�褦�ˤ��ơ��󥿡��ͥå� ��³�Υ��󥿡��ե��Ǥϥ�å��󤷤ʤ��褦��Ǥ��ޤ��

redirect��ץ��ϡ�IP��ɥ쥹��ϥۥ��̾�Ȥ��³�� ݡ��ֹ��դ��ޤ��ӥ��ꤷ�ơ��Υ��ӥ��Ѥ��׵�� ꤷ��ۥ��Ȥ��ϥݡ��ֹ�˥��쥯�ȤǤ��褦�ˤ��ޤ��ε�ǽ�� Ʊ��ƥ��Υݡ��Ȥ��̤Υݡ��Ȥإݥ��Ȥ��롢��뤤��׵��Ʊ��ޥ�� ̤�IP��ɥ쥹�إ��쥯�Ȥ��롢��뤤��׵��̤Υ��ƥ�ȥݡ��ֹ�� ư��롢��뤤�Ϥ��Υ��ץ��ȹ礻�򤹤��˻��ѤǤ��ޤ��ͤ� ��ơ��ƥ��Υ��ӥ��³��Ƥ��桼��ϡ��ʤ�¾�Υ��ƥ�� 褦�ˤǤ��ޤ��

xinetd�ǡ��ϡ��ꥯ��Ȥ��饤��ȥޥ��ȼºݤ˥��ӥ��󶡤�� ۥ��Ȥ��³��Ƥ��֤��ͭ��ʥץ��2�ĤΥ��ƥ�֤ǥǡ��ž��뤳�Ȥˤ�äơ� ��Υ��쥯�Ȥ�¸��ޤ��

bind��redirect��ץ��ϡ� ��餬��˻��Ѥ��ˤϤä��Ƚ�̤Ǥ��ޤ��ӥ��򥷥��ƥ�� IP��ɥ쥹�˥Х��ɤ��ơ��θ夽�Υ��ӥ��Ѥ��׵��1��ܤΥޥ�� 뤳�Ȥ��Ǥ��2��ܤΥޥ��˥��쥯�Ȥ��뤳�Ȥˤ�ꡢ��Υ��ƥब ��̤Υͥåȥ��ΰ٤˥��ӥ��󶡤��뤳�Ȥ˻��ѤǤ��ޤ��̤��ˡ�Ȥ�� ʣ��ۡ��Υޥ��Υ��ӥ��Τ�IP��ɥ쥹�ؤ�Ϫ�褵��뤳�Ȥ� ��¤��ꡢ�ޤ��Υ��ӥ��׵�򤽤��Ū�Ѥ��򤷤��ޥ�� 쥯�Ȥ��Τ˻��ѤǤ��ޤ��

�㤨�С�Telnet��ӥ��Ѥˤ��ǥե��Ȥ��ƻ��Ѥ��Ƥ�� ƥ��ͤ��Ƹ��ޤ��礦��

service telnet
{
        socket_type		= stream
        wait			= no
        server			= /usr/sbin/in.telnetd
        log_on_success		+= DURATION USERID
        log_on_failure		+= USERID
        bind                    = 123.123.123.123
        redirect                = 10.0.1.13 21 23
}

��Υե��bind��redirect��ץ��ϡ� �ޥ��Telnet��ӥ��󥿡��ͥåȤ˸��IP��ɥ쥹(123.123.123.123)�� Х��ɤ��Ƥ��뤳�Ȥ��ꤷ�ޤ��ˤϡ�123.123.123.123��줿 Telnet��ӥ��ؤ��׵��2��ܤΥͥåȥ��ץ��̤��ơ��IP��ɥ쥹�� 10.0.1.13�˥��쥯�Ȥ��졢��ϥե��Υ��ƥष�� Ǥ��ʤ��褦�ˤʤäƤ��ޤ��ե��Ϥ��θ塢��2�ĤΥ��ƥ�֤��̿�� ޤ��Τǡ��³��Ƥ��륷��ƥ�ϼºݤˤ��̤Υޥ��³��Ƥ��֤Ǥ� 123.123.123.123��³��Ƥ��褦�˸��ޤ��

��ε�ǽ�ϡ��֥��ɥХ��³��1�Ĥθ��IP��ɥ쥹�򤷤Ƥ��桼�� ä��Ω��ޤ��NAT(Network Address Translation)��Ѥ��Ȥ�� Ѥ�IP��ɥ쥹��Ѥ��롢��ȥ��ޥ��ظ�ˤ��륷��ƥ�� ȥ��ޥ��Υޥ��󤫤��ѤǤ��ޤ��󡣤��xinetd�� 椵��Ƥ��Υ��ӥ��bind��redirect ��ץ��ꤵ��Ƥ��硢��Υ��ȥ��ޥ��ϳ��ƥ�ȥ��ӥ�� 󶡤��褦��ꤵ��Ƥ��ޥ��֤ǤΥץ��ΰ��Ȥ��ư��뤳�Ȥ� �Ǥ��ޤ��ˤϡ��Ƽ��xinetd��ȥ��󥰥��ץ��󤬡� ��쥯�Ȥ��줿��ӥ��Ʊ��³�ο��̤��¤��ʤɤΡ��ɲä��ݸ�󶡤��뤳�Ȥ� �ʤ�ޤ��

15.4.3.4. �꥽��Υ��ץ��

xinetd�ǡ��ϡ�DoS(Denial of Service��ӥ��ε��)��⤫�� Ф��Ū��٥��ݸ��ɲä��뤳�Ȥ��Ǥ��ޤ��ʲ��Υꥹ�ȤǤϡ��Τ褦�� Τʤ��¤Ǥ��ǥ��쥯�ƥ��֤�ɽ��ޤ��

per_source — ��IP��ɥ쥹��Υ��ӥ��Ѥ� ��󥹥��󥹤κ��ޤ��Τߤ��Ȥ��Ƽ��դ�� xinetd.conf��xinetd.d/�Υ��ӥ� ��ͭ��ե��ǻ��ѤǤ��ޤ��
cps — ��ä��³��ޤ�� Υǥ��쥯�ƥ��֤��֤˥��ڡ��줿2�Ĥ��Ȥ��ޤ�� 1��ܤ�1�ô֤��³��Ĥ��Ǥ��2��ܤϥ��ӥ��Ƴ�� xinetd��Ե��ɬ�פΤ��֤��ÿ��Ǥ�� Τߤ��Ȥ��Ƽ��դ��xinetd.conf�� xinetd.d/�ǥ��쥯�ȥ�Υ��ӥ��ͭ�� ե��ξ��ǻ��ѤǤ��ޤ��
max_load — ��ӥ��CPU��Ѹ³�� ޤ��ϰ��˾��դ��ޤ��

¾�ˤ��ѤǤ��xinetd�ѤΥ꥽��ץ�� ޤ��ܺ٤�Red Hat Linux ��ƥ� ������С� ��ƥ��Ȥ��Ϥ��ޤ��xinetd.conf�� man�ڡ��⻲�Ȥ��Ʋ��

��Υڡ��	�ۡ��	��Υڡ��
`xinetd`	��	��¾�Υ꥽��

15.4. xinetd������ե�����

15.4.1. /etc/xinetd.conf�ե�����

15.4.2. /etc/xinetd.d/�ǥ��쥯�ȥ�

15.4.3. xinetd����ե�������ѹ�

15.4.3.1. �����󥰥��ץ����

15.4.3.2. ������������Υ��ץ����

15.4.3.3. �Х���ɤȥ�����쥯�ȥ��ץ����

15.4.3.4. �꥽���������Υ��ץ����