歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Unix知識 >> Unix教程

Xinetd在solaris8安裝配置過程

Solaris安裝
  一、相關信息:
  1、 說明:
  xinetd取代了inetd+tcp_wrappers,並且提供了訪問控制、加強的日志和資源管理功能,已經成了Internet標准超級守護進程。但是現在還沒有在solaris上的完整安裝配置手冊,我希望寫一個關於在solaris上的傻瓜安裝配置手冊。
  2、 基本信息
  服務器基本信息:Sun-Fire-280R
  操作系統:SunOS 5.8 Generic_117350-02
  3、 Xinetd軟件信息
  軟件版本:2.3.10
  下載地址:
  ftp://ftp.sunfreeware.com/pub/freeware/sparc/8/xinetd-2.3.10-sol8-sparc-local.gz
  軟件包說明:該軟件包已經添加了--with-libwrap、--with-loadavg、--with-inet6編譯模塊選項。
  4、 系統默認使用xinetd的服務可以分為如下幾類:
  標准internet服務:telnet ftp
  信息服務:finger netstat systat
  郵件服務:imap imaps pop2 pop3 pops
  RPC服務:rquotad rstatd rusersd sprayd walld
  BSD服務:comsat exec login ntalk shell talk
  內部服務:chargen daytime echo servers services time
  安全服務:irc
  其他服務:name tftp uucp
  5、 更多支持信息:
  http://www.xinetd.org/
  
  二、安裝配置xinetd
  1、安裝過程
  1)#gzip –d xinetd-2.3.10-sol8-sparc-local.gz
  2)#pkgadd –d xinetd-2.3.10-sol8-sparc-local
  沒有報錯的話,安裝完畢。
  2、xinetd軟件安裝後的基本信息
  1)文檔位置:/usr/local/doc/xinetd
  裡面有安裝說明和配置文件文檔。
  2)命令位置:/usr/local/sbin/
  Xinetd、xconv.pl、itox
  3、配置過程:
  說明:配置主要涉及倆個文件:/etc/init.d/inetsvc(需要修改)和/etc/xinetd.conf(需要生成)
  1)生成/etc/xinetd.conf文件:
  a) 說明:/etc/xinetd.conf這個文件是由/etc/inetd.conf文件轉換生成的!主要是xinetd替代inetd以後的配置文件
  b) 生成命令:
  # /usr/local/sbin/xconv.pl < /etc/inetd.conf > /etc/xinetd.conf
  c) 注意:
  在/etc/inetd.conf裡面可以事先去掉不必要的端口,如finger、login等,在/etc/xinetd.conf可以得到比較簡潔的配置文。(我在轉換前在/etc/inetd.conf文件裡只保留了telnet和ftp)需要別的服務如ssh等可以自己添加。
  2)修改/etc/init.d/inetsvc文件:
  主要有倆個地方需要修改:
  a) 修改一:(建議注釋掉舊的配置,添加新的配置)
  修改前:/usr/bin/pkill -x -u 0 'in.named|inetd'
  修改後:/usr/bin/pkill -x -u 0 'in.named|xinetd'
  b) 修改二:
  修改前/usr/sbin/inetd -s &
  修改後:/usr/local/sbin/xinetd -s &
  3)測試:
  停止原來的服務:# /etc/init.d/inetsvc stop
  啟動新的服務:# /etc/init.d/inetsvc start
  檢查進程:#ps –ef|grep inetd
  殺掉得到的進程號:#kill -9 ***
  查看xinetd的進程:#ps –ef|grep xinetd
  顯示如下xinetd配置正常:
  root 158 1 0 15:41:50 ? 0:00 /usr/local/sbin/xinetd –s
  備注:
  Xinetd啟動過程有問題,一般是/etc/xinetd.conf配置文件的原因。
  
  三、用xinetd限制ssh登陸配置過程:
  1、測試方法:
  1)編輯/etc/xinetd.conf:
  添加如下:
  service ssh
  {
  socket_type = stream
  wait = no
  user = root
  server = /usr/local/sbin/sshd
  port = 22
  server_args = -i
  only_from = 192.0.0.109
  }
  2、測試過程:
  重新啟動機器,查看xinetd加載是否正常。
  從內網192.0.0.109 ssh登陸服務器可以登陸為正常。
  別的IP ssh登陸服務器不可以登陸為正常。
  3、注意:
  SSH安裝以後,不用在/etc/rc2.d下面添加S99sshd,因為xinetd已經可以啟動ssh進程了。否則達不到限制ip的作用。
  
  四、備注:
  安裝完成以後服務器狀態:
  #nmap -P0 127.0.0.1
  22/tcp open ssh
  只留了ssh端口,而且可以限制ssh登陸的IP地址為:內網的192.0.0.109
  
  -----------------------------------------------------
  完整的/etc/init.d/inetsvc文件:
  # more /etc/init.d/inetsvc
  #!/sbin/sh
  #
  # Copyright (c) 1995, 1997-1999 by Sun Microsystems, Inc.
  # All rights reserved.
  #
  #ident "@(#)inetsvc 1.24 99/03/21 SMI"
  
  #
  # This is third phase of TCP/IP startup/configuration. This script
  # runs after the NIS/NIS+ startup script. We run things here that may
  # depend on NIS/NIS+ maps.
  #
  
  case "$1" in
  'start')
  ;; # Fall through -- rest of script is the initialization code
  
  'stop')
  # /usr/bin/pkill -x -u 0 'in.named|inetd'
  /usr/bin/pkill -x -u 0 'in.named|xinetd'
  exit 0
  ;;
  
  *)
  echo "Usage: $0 { start | stop }"
  exit 1
  ;;
  esac
  
  # If boot variables are not set, set variables we use
  [ -z "$_INIT_UTS_NODENAME" ] && _INIT_UTS_NODENAME=`/usr/bin/uname -n`
  
  if [ -z "$_INIT_PREV_LEVEL" ]; then
  set -- `/usr/bin/who -r`
  _INIT_PREV_LEVEL="$9"
  fi
  
  #
  # wait_nis
  # Wait up to 5 seconds for ypbind to obtain a binding.
  #
  wait_nis ()
  {
  for i in 1 2 3 4 5; do
  server=`/usr/bin/ypwhich 2>/dev/null`
  [ $? -eq 0 -a -n "$server" ] && return 0 || sleep 1
  done
  return 1
  }
  
  #
  # We now need to reset the netmask and broadcast address for our network
  # interfaces. Since this may result in a name service lookup, we want to
  # now wait for NIS to come up if we previously started it.
  #
  domain=`/usr/bin/domainname 2>/dev/null`
  
  [ -z "$domain" ] || [ ! -d /var/yp/binding/$domain ] || wait_nis || echo "WARNING: Timed out waiting for NIS to come up" >& 2
  
  #
  # Re-set the netmask and broadcast addr for all IP interfaces. This ifconfig
  # is run here, after waiting for name services, so that "netmask +" will find
  # the netmask if it lives in a NIS map. The 'D' in -auD tells ifconfig NOT to
  # mess with the interface if it is under DHCP control
  #
  /usr/sbin/ifconfig -auD4 netmask + broadcast +
  
  # Uncomment these lines to print complete network interface configuration
  # echo "network interface configuration:"
  # /usr/sbin/ifconfig -a
  
  #
  # If this machine is configured to be an Internet Domain Name System (DNS)
  # server, run the name daemon. Start named prior to: route add net host,
  # to avoid dns gethostbyname timout delay for nameserver during boot.
  #
  if [ -f /usr/sbin/in.named -a -f /etc/named.conf ]; then
  echo 'starting internet domain name server.'
  /usr/sbin/in.named &
  fi
  
  if [ "$_INIT_NET_STRATEGY" = "dhcp" ]; then
  dnsdomain=`/sbin/dhcpinfo DNSdmain`
  else
  dnsdomain=
  fi
  
  if [ -n "$dnsdomain" ]; then
  dnsservers=`/sbin/dhcpinfo DNSserv`
  if [ -n "$dnsservers" ]; then
  if [ -f /etc/resolv.conf ]; then
  /usr/bin/rm -f /tmp/resolv.conf.$$
  /usr/bin/sed -e '/^domain/d' -e '/^nameserver/d' /etc/resolv.conf >/tmp/resolv.conf.$$
  fi
  echo "domain $dnsdomain" >>/tmp/resolv.conf.$$
  for name in $dnsservers; do
  echo nameserver $name >>/tmp/resolv.conf.$$
  done
  else
  if [ -f /etc/resolv.conf ]; then
  /usr/bin/rm -f /tmp/resolv.conf.$$
  /usr/bin/sed -e '/^domain/d' /etc/resolv.conf >/tmp/resolv.conf.$$
  fi
  echo "domain $dnsdomain" >>/tmp/resolv.conf.$$
  fi
  
  #
  # Warning: The umask is 000 during boot, which requires explicit
  # setting of file permission modes when we create files.
  #
  /usr/bin/mv /tmp/resolv.conf.$$ /etc/resolv.conf
  /usr/bin/chmod 644 /etc/resolv.conf
  
  # Add dns to the nsswitch file, if it isn't already there.
  /usr/bin/rm -f /tmp/nsswitch.conf.$$
  /usr/bin/awk ' $1 ~ /^hosts:/ {
  n = split($0, a);
  newl = a[1];
  if ($0 !~ /dns/) {
  printf("#%s # Commented out by DHCP\n", $0);
  updated = 0;
  for (i = 2; i <= n; i++) {
  if (updated == 0 && ind
Copyright © Linux教程網 All Rights Reserved