歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux綜合 >> Linux資訊 >> 更多Linux

RedHat-Wrapper和xinetd的實現(三)

  編者:Wrapper和xinetd是實現Linux的存取限制一種方式。我們在第一篇文章中介紹了其基本原理和安裝編譯的方法,在第二篇文章中跟大家仔細說了一下它的配置。沒有看到的朋友可以去看一下頁面底部的相關文章。今天講到一些實例,便於大家的理解和掌握。最後還提到了日志管理。    配置實例  1. defaults配置    【范例1】/etc/xinetd.conf     # Simple configuration file for xinetd    # Some defaults, and include /etc/xinetd.d/         defaults    {    instances = 60    log_type = SYSLOG authpriv    log_on_sUCcess = HOST PID    log_on_failure = HOST    cps = 25 30    }    includedir /etc/xinetd.d            解讀:RedHat 7.x建議的配置方法不是將所有服務項都寫在一個文件裡面,/etc/xinetd.conf是作為默認配置文件用的,/etc/xinetd.d目錄下面的每個文件對應一個服務。前面說過,默認項的設置是作用於所有服務的,由此可以看出上面的對所有服務都是設置了60個實例、設置的日志方式為SYSLOG authpriv,登陸成功時記錄HOST和PID,失敗時僅記錄HOST,    每秒最多處理25個連接,如果超過這個數目的連接則等待30秒後繼續處理。Includedir指令指定了配置文件的目錄是/etc/xinetd.d         2.telnet的配置   【范例1】/etc/xinetd.d/telnet     # default: on    # description: The telnet server serves telnet sessions; it uses   # unencrypted username/passWord pairs for authentication.    service telnet    {     disable = no     flags = REUSE     socket_type = stream      wait = no     user = root     instances = 10     server = /usr/sbin/in.telnetd     log_on_failure += USERID     rlimit_as = 8M     rlimit_cpu=20    }       解讀:    1、 instances的設置覆蓋了defaults項的設置;    2、 log_on_failure屬性在defaults項的基礎上加上了USERID。    3、 對TELNET服務設置了資源限制,最多可用內存為8M,CPU每秒處理20個進程。  3 .echo的配置     【范例3.1】/etc/xinetd.d/echo     # default: off    # description: An echo server. This is the tcp   # version.    service echo    {     disable = yes     type = INTERNAL     id = echo-stream     socket_type = stream     protocol = tcp     user = root     wait = no    }            【范例3.2】/etc/xinetd.d/echo-udp     # default: off    # description: An echo server. This is the udp   # version.    service echo    {     disable = yes     type = INTERNAL UNLISTED     id = echo-dgram     socket_type = dgram     protocol = udp     user = root     wait = yes     port = 7    }         解讀:由於它們的服務名相同,只是socket類型不同,所以,使用id屬性來區分。     4. RPC類服務例子     【范例4】/etc/xinetd.d/rstatd     service rstatd    {     type = RPC     socket_type = dgram     protocol = udp     server = /usr/etc/rpc.rstatd     wait = yes     user = root     rpc_version = 2-4     env =LD_LIBRARY_PATH=/etc/securelib    }                 5. 自定義的服務配置范例   【范例4】/etc/xinetd.d/sample     service sample    {     type = UNLISTED     socket_type = stream     protocol = tcp     server = /usr/bin/sample     port =20020    }     xinetd進程    1 啟動與中止:  如果你使用的是7.x 的默認安裝:    /etc/rc.d/init.d/xinetd start    /etc/rc.d/init.d/xinetd stop    /etc/rc.d/init.d/xinetd restart    /etc/rc.d/init.d/xinetd reload    或者    /sbin/service xinetd start    /sbin/service xinetd stop    /sbin/service xinetd restart    /sbin/service xinetd reload         如果你使用的是6.x上的自行編譯安裝:         你需要自行建立xinetd啟動腳本:    touch /var/run/xinetd.pid    touch /var/lock/subsys/xinetd    chmod 755 /etc/rc.d/init.d/xinetd         你可以用下面的命令來控制進程:    /etc/rc.d/init.d/xinetd start    /etc/rc.d/init.d/xinetd stop    /etc/rc.d/init.d/xinetd restart    /etc/rc.d/init.d/xinetd reload         vi /etc/rc.d/init.d/xinetd    ##文件內容如下:     /etc/rc.d/init.d/xinetd文件內容     #!/bin/bash         #         # xinetd This starts and stops xinetd.         #         # chkconfig: 345 56 50         # description: xinetd is a powerful replacement for inetd.        # xinetd has Access control machanisms, extensive        # logging capabilities, the ability to make services        # available based on time, and can place        # limits on the number of servers that can be started,        # among other things.         #         # processname: /usr/sbin/xinetd         # config: /etc/sysconfig/network         # config: /etc/xinetd.conf         # pidfile: /var/run/xinetd.pid         prog="xinetd"         PATH=/sbin:/bin:/usr/bin:/usr/sbin         # Source function library.         . /etc/rc.d/init.d/functions         # Get config.         test -f /etc/sysconfig/network && . /etc/sysconfig/network         # Check that networking is up.         [ ${NETWORKING} = "yes" ] exit 0         [ -f /usr/sbin/xinetd ] exit 1         [ -f /etc/xinetd.conf ] exit 1         RETVAL=0         start(){          echo -n $"Starting $prog: "          # Need to get rid of localization for external services -           # it doesn't make much sense to have i18n on the server side here          LANG=en_US          LC_TIME=en_US          LC_ALL=en_US          LC_MESSAGES=en_US          LC_NUMERIC=en_US          LC_MONETARY=en_US          LC_COLLATE=en_US




Copyright © Linux教程網 All Rights Reserved