Controlling Access to Your Services with xinetd
Creatures of the Linux Underworld
Whenever you learn about controlling access to a Linux box, one "creature" you usually encounter is the "superdaemon." A superdaemon is a daemon that controls other daemons--and daemons are typically network service control programs that run long-term behind the scenes, waiting for when they need to step into action.
In the Linux realm, "the superdaemon" has typically referred inetd, which handles requests for a number of daemons that either aren't used often enough to justify running in the background all of the time, or have such a simple job that a standalone daemon simply isn't needed. The problem with inetd is that this superdaemon makes little attempt to be secure. It allows you to disable various services if you don't want to use them, but there is no fine control available.
Enter xinetd (http://www.xinetd.org). This program is a "secure" replacement for inetd, meaning in this case that it offers many features that allow you to control who accesses which services, and from where. I always keep the Titanic in mind when I talk about security or safety, meaning that nothing is fully secure, but any level of native access control in the superdaemon certainly helps us to protect our systems.
Some distributions (such as Mandrake and Red Hat) currently come with xinetd installed and enabled by default. Yours might include xinetd but not by default, or you can download the tool from the project site.
- 1Linux Top 3: Fedora 24, Peppermint 7 and Solus 1.2
- 2Linux Top 3: Alpine Linux 3.4, deepin 15.2 and Linux Lite 3.0
- 3Linux 4.7 Set to Boost Live Patching, Security and Power Management
- 4Linux 4.6 Charred Weasel adds USB 3.1 Support
- 5Linux Top 3: OpenIndiana 2016.04, Ubuntu 16.04 and Debian's New Leader