編者:Wrapper和xinetd是實現Linux的存取限制一種方式。我們在第一篇文章中介紹了其基本原理和安裝編譯的方法,在第二篇文章中跟大家仔細說了一下它的配置。沒有看到的朋友可以去看一下頁面底部的相關文章。今天講到一些實例,便於大家的理解和掌握。最後還提到了日志管理。 配置實例 1. defaults配置 【范例1】/etc/xinetd.conf # Simple configuration file for xinetd # Some defaults, and include /etc/xinetd.d/ defaults { instances = 60 log_type = SYSLOG authpriv log_on_sUCcess = HOST PID log_on_failure = HOST cps = 25 30 } includedir /etc/xinetd.d 解讀:RedHat 7.x建議的配置方法不是將所有服務項都寫在一個文件裡面,/etc/xinetd.conf是作為默認配置文件用的,/etc/xinetd.d目錄下面的每個文件對應一個服務。前面說過,默認項的設置是作用於所有服務的,由此可以看出上面的對所有服務都是設置了60個實例、設置的日志方式為SYSLOG authpriv,登陸成功時記錄HOST和PID,失敗時僅記錄HOST, 每秒最多處理25個連接,如果超過這個數目的連接則等待30秒後繼續處理。Includedir指令指定了配置文件的目錄是/etc/xinetd.d 2.telnet的配置 【范例1】/etc/xinetd.d/telnet # default: on # description: The telnet server serves telnet sessions; it uses # unencrypted username/passWord pairs for authentication. service telnet { disable = no flags = REUSE socket_type = stream wait = no user = root instances = 10 server = /usr/sbin/in.telnetd log_on_failure += USERID rlimit_as = 8M rlimit_cpu=20 } 解讀: 1、 instances的設置覆蓋了defaults項的設置; 2、 log_on_failure屬性在defaults項的基礎上加上了USERID。 3、 對TELNET服務設置了資源限制,最多可用內存為8M,CPU每秒處理20個進程。 3 .echo的配置 【范例3.1】/etc/xinetd.d/echo # default: off # description: An echo server. This is the tcp # version. service echo { disable = yes type = INTERNAL id = echo-stream socket_type = stream protocol = tcp user = root wait = no } 【范例3.2】/etc/xinetd.d/echo-udp # default: off # description: An echo server. This is the udp # version. service echo { disable = yes type = INTERNAL UNLISTED id = echo-dgram socket_type = dgram protocol = udp user = root wait = yes port = 7 } 解讀:由於它們的服務名相同,只是socket類型不同,所以,使用id屬性來區分。 4. RPC類服務例子 【范例4】/etc/xinetd.d/rstatd service rstatd { type = RPC socket_type = dgram protocol = udp server = /usr/etc/rpc.rstatd wait = yes user = root rpc_version = 2-4 env =LD_LIBRARY_PATH=/etc/securelib } 5. 自定義的服務配置范例 【范例4】/etc/xinetd.d/sample service sample { type = UNLISTED socket_type = stream protocol = tcp server = /usr/bin/sample port =20020 } xinetd進程 1 啟動與中止: 如果你使用的是7.x 的默認安裝: /etc/rc.d/init.d/xinetd start /etc/rc.d/init.d/xinetd stop /etc/rc.d/init.d/xinetd restart /etc/rc.d/init.d/xinetd reload 或者 /sbin/service xinetd start /sbin/service xinetd stop /sbin/service xinetd restart /sbin/service xinetd reload 如果你使用的是6.x上的自行編譯安裝: 你需要自行建立xinetd啟動腳本: touch /var/run/xinetd.pid touch /var/lock/subsys/xinetd chmod 755 /etc/rc.d/init.d/xinetd 你可以用下面的命令來控制進程: /etc/rc.d/init.d/xinetd start /etc/rc.d/init.d/xinetd stop /etc/rc.d/init.d/xinetd restart /etc/rc.d/init.d/xinetd reload vi /etc/rc.d/init.d/xinetd ##文件內容如下: /etc/rc.d/init.d/xinetd文件內容 #!/bin/bash # # xinetd This starts and stops xinetd. # # chkconfig: 345 56 50 # description: xinetd is a powerful replacement for inetd. # xinetd has Access control machanisms, extensive # logging capabilities, the ability to make services # available based on time, and can place # limits on the number of servers that can be started, # among other things. # # processname: /usr/sbin/xinetd # config: /etc/sysconfig/network # config: /etc/xinetd.conf # pidfile: /var/run/xinetd.pid prog="xinetd" PATH=/sbin:/bin:/usr/bin:/usr/sbin # Source function library. . /etc/rc.d/init.d/functions # Get config. test -f /etc/sysconfig/network && . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "yes" ] exit 0 [ -f /usr/sbin/xinetd ] exit 1 [ -f /etc/xinetd.conf ] exit 1 RETVAL=0 start(){ echo -n $"Starting $prog: " # Need to get rid of localization for external services - # it doesn't make much sense to have i18n on the server side here LANG=en_US LC_TIME=en_US LC_ALL=en_US LC_MESSAGES=en_US LC_NUMERIC=en_US LC_MONETARY=en_US LC_COLLATE=en_US