小企鵝開談 : [分享]Xinetd在solaris8安裝配置過程

# /usr/local/sbin/xconv.pl < /etc/inetd.conf > /etc/xinetd.conf

/usr/bin/pkill -x -u 0 'in.named|inetd'

/usr/bin/pkill -x -u 0 'in.named|xinetd'

/usr/sbin/inetd -s &

/usr/local/sbin/xinetd -s &

# /etc/init.d/inetsvc stop

# /etc/init.d/inetsvc start

#ps ?ef|grep inetd

#kill -9 ***

#ps ?ef|grep xinetd

root 158 1 0 15:41:50 ? 0:00 /usr/local/sbin/xinetd ?s

service ssh
{
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/sshd
port = 22
server_args = -i
only_from = 192.0.0.109
}

＃nmap -P0 127.0.0.1
22/tcp open ssh

# more /etc/xinetd.conf
# This file generated by xconv.pl, included with the xinetd
# package. xconv.pl was written by Rob Braun (bbraun@synack.net)
#
# The file is merely a translation of your inetd.conf file into
# the equivalent in xinetd.conf syntax. xinetd has many
# features that may not be taken advantage of with this translation.
# Please refer to the xinetd.conf man page for more information
# on how to properly configure xinetd.


# The defaults section sets some information for all services
defaults
{
#The maximum number of requests a particular service may handle
# at once.
instances = 25

# The type of logging. This logs to a file that is specified.
# Another option is: SYSLOG syslog_facility [syslog_level]
log_type = FILE /var/log/servicelog

# What to log when the connection succeeds.
# PID logs the pid of the server processing the request.
# HOST logs the remote host's ip address.
# USERID logs the remote user (using RFC 1413)
# EXIT logs the exit status of the server.
# DURATION logs the duration of the session.
log_on_success = HOST PID

# What to log when the connection fails. Same options as above
log_on_failure = HOST RECORD

# The maximum number of connections a specific IP address can
# have to a specific service.
per_source = 5
}

#service ftp
{
flags = NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/local/bin/tcpd
server_args = in.ftpd
}

#service telnet
{
flags = NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/local/bin/tcpd
server_args = in.telnetd

}


service ssh
{
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/sshd
port = 22
server_args = -i
only_from = 192.0.0.109
}

## more /etc/init.d/inetsvc
#!/sbin/sh
#
# Copyright (c) 1995, 1997-1999 by Sun Microsystems, Inc.
# All rights reserved.
#
#ident "@(#)inetsvc 1.24 99/03/21 SMI"

#
# This is third phase of TCP/IP startup/configuration. This script
# runs after the NIS/NIS+ startup script. We run things here that may
# depend on NIS/NIS+ maps.
#

case "$1" in
'start')
;; # Fall through -- rest of script is the initialization code

'stop')
# /usr/bin/pkill -x -u 0 'in.named|inetd'
/usr/bin/pkill -x -u 0 'in.named|xinetd'
exit 0
;;

*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac

# If boot variables are not set, set variables we use
[ -z "$_INIT_UTS_NODENAME" ] && _INIT_UTS_NODENAME=`/usr/bin/uname -n`

if [ -z "$_INIT_PREV_LEVEL" ]; then
set -- `/usr/bin/who -r`
_INIT_PREV_LEVEL="$9"
fi

#
# wait_nis
# Wait up to 5 seconds for ypbind to obtain a binding.
#
wait_nis ()
{
for i in 1 2 3 4 5; do
server=`/usr/bin/ypwhich 2>/dev/null`
[ $? -eq 0 -a -n "$server" ] && return 0 || sleep 1
done
return 1
}

#
# We now need to reset the netmask and broadcast address for our network
# interfaces. Since this may result in a name service lookup, we want to
# now wait for NIS to come up if we previously started it.
#
domain=`/usr/bin/domainname 2>/dev/null`

[ -z "$domain" ] || [ ! -d /var/yp/binding/$domain ] || wait_nis || 
echo "WARNING: Timed out waiting for NIS to come up" >& 2

#
# Re-set the netmask and broadcast addr for all IP interfaces. This ifconfig
# is run here, after waiting for name services, so that "netmask +" will find
# the netmask if it lives in a NIS map. The 'D' in -auD tells ifconfig NOT to
# mess with the interface if it is under DHCP control
#
/usr/sbin/ifconfig -auD4 netmask + broadcast +

# Uncomment these lines to print complete network interface configuration
# echo "network interface configuration:"
# /usr/sbin/ifconfig -a

#
# If this machine is configured to be an Internet Domain Name System (DNS)
# server, run the name daemon. Start named prior to: route add net host,
# to avoid dns gethostbyname timout delay for nameserver during boot.
#
if [ -f /usr/sbin/in.named -a -f /etc/named.conf ]; then
echo 'starting internet domain name server.'
/usr/sbin/in.named &
fi

if [ "$_INIT_NET_STRATEGY" = "dhcp" ]; then
dnsdomain=`/sbin/dhcpinfo DNSdmain`
else
dnsdomain=
fi

if [ -n "$dnsdomain" ]; then
dnsservers=`/sbin/dhcpinfo DNSserv`
if [ -n "$dnsservers" ]; then
if [ -f /etc/resolv.conf ]; then
/usr/bin/rm -f /tmp/resolv.conf.$$
/usr/bin/sed -e '/^domain/d' -e '/^nameserver/d' 
/etc/resolv.conf >/tmp/resolv.conf.$$
fi
echo "domain $dnsdomain" >>/tmp/resolv.conf.$$
for name in $dnsservers; do
echo nameserver $name >>/tmp/resolv.conf.$$
done
else
if [ -f /etc/resolv.conf ]; then
/usr/bin/rm -f /tmp/resolv.conf.$$
/usr/bin/sed -e '/^domain/d' /etc/resolv.conf 
>/tmp/resolv.conf.$$
fi
echo "domain $dnsdomain" >>/tmp/resolv.conf.$$
fi

#
# Warning: The umask is 000 during boot, which requires explicit
# setting of file permission modes when we create files.
#
/usr/bin/mv /tmp/resolv.conf.$$ /etc/resolv.conf
/usr/bin/chmod 644 /etc/resolv.conf

# Add dns to the nsswitch file, if it isn't already there.
/usr/bin/rm -f /tmp/nsswitch.conf.$$
/usr/bin/awk ' $1 ~ /^hosts:/ {
n = split($0, a);
newl = a[1];
if ($0 !~ /dns/) {
printf("#%s # Commented out by DHCP
", $0);
updated = 0;
for (i = 2; i <= n; i++) {
if (updated == 0 && index(a[i], "[") == 1) {
newl = newl" dns";
updated++;
}
newl = newl" "a[i];
}
if (updated == 0) {
newl = newl" dns";
updated++;
}
if (updated != 0)
newl = newl" # Added by DHCP";
else
newl = $0;
printf("%s
", newl);
} else
printf("%s
", $0);
} $1 !~ /^hosts:/ { printf("%s
", $0); }' /etc/nsswitch.conf 
>/tmp/nsswitch.conf.$$

/usr/bin/mv /tmp/nsswitch.conf.$$ /etc/nsswitch.conf
/usr/bin/chmod 644 /etc/nsswitch.conf

elif grep '# Added by DHCP$' /etc/nsswitch.conf >/dev/null 2>&1; then

# If we added DNS to a hosts line in the nsswitch, remove it.
/usr/bin/rm -f /tmp/nsswitch.conf.$$
/usr/bin/sed 
-e '/# Added by DHCP$/d' 
-e 's/^(#hosts:)(.*[^#])(#.*)$/hosts: 2/' 
/etc/nsswitch.conf >/tmp/nsswitch.conf.$$

/usr/bin/mv /tmp/nsswitch.conf.$$ /etc/nsswitch.conf
/usr/bin/chmod 644 /etc/nsswitch.conf
fi

if [ "$_INIT_NET_STRATEGY" = "dhcp" ]; then
#
# if DHCP doesn't return a hostname, use "unknown" so
# client can resolve IP address into a local hostname.
#
hostname=`/sbin/dhcpinfo Hostname`
if [ -z "$hostname" ]; then
hostname="unknown"
fi

ipaddr=`/sbin/dhcpinfo Yiaddr`

/usr/bin/rm -f /tmp/hosts.$$ /tmp/hosts_clear.$$

# Delete any old lines added by dhcp.
/usr/bin/sed -e '/# Added by DHCP$/d' /etc/inet/hosts 
> /tmp/hosts_clear.$$

shift $# # Clear $0-9 first in case grep fails
set -- `/usr/bin/grep "^[ ]*$ipaddr[ ]" 
/tmp/hosts_clear.$$ 2>/dev/null`

if [ $# -gt 0 ]; then
#
# IP address is already in the hosts file. Ensure the
# associated hostname is the same as the Hostname
# property returned by the DHCP server.
#
/usr/bin/sed -e "/^[ ]*${ipaddr}[ ]/s/${2}/${hostname}/" 
/tmp/hosts_clear.$$ >/tmp/hosts.$$
else
#
# IP address is missing from the hosts file. Now check
# to see if the hostname is present with a different IP.
#
shift $# # Clear $0-9 in case grep fails
set -- `/usr/bin/grep -s -v '^#' /tmp/hosts_clear.$$ | 
/usr/bin/egrep "[ ]${hostname}([ ]|$)"`

if [ $# -gt 0 ]; then
#
# Hostname is present in the hosts file. Rewrite this
# line to have the new IP address and the DHCP comment.
#
/usr/bin/sed -e "/^[ ]*${1}[ ]/d" 
/tmp/hosts_clear.$$ >/tmp/hosts.$$

shift # Shift off $1 (the old IP)

echo "$ipaddr $*c" | /usr/bin/tr ' ' '	' 
>>/tmp/hosts.$$

echo "	# Added by DHCP" >>/tmp/hosts.$$
else
#
# Hostname is not present in the hosts file.
# Add a new line for the host at the end of
# the new hosts file.
#
/usr/bin/mv /tmp/hosts_clear.$$ /tmp/hosts.$$
echo "${ipaddr}	${hostname}	# Added by DHCP" 
>>/tmp/hosts.$$
fi
fi

# Update loopback transport hosts files
for inet in /etc/net/*/hosts; do
echo "# RPC hosts" > $inet
echo "$hostname	$hostname" >> $inet
/usr/bin/chmod 644 $inet
done

/usr/bin/rm -f /tmp/hosts_clear.$$
/usr/bin/mv /tmp/hosts.$$ /etc/inet/hosts
/usr/bin/chmod 644 /etc/inet/hosts
fi

#
# Add a static route for multicast packets out our default interface.
# The default interface is the interface that corresponds to the node name.
# Run in background subshell to avoid waiting for name service.
#

(
if [ "$_INIT_NET_STRATEGY" = "dhcp" ]; then
mcastif=`/sbin/dhcpinfo Yiaddr` || mcastif=$_INIT_UTS_NODENAME
else
mcastif=$_INIT_UTS_NODENAME
fi

echo "Setting default IPv4 interface for multicast:" 
"add net 224.0/4: gateway $mcastif"

/usr/sbin/route -n add -interface "224.0/4" "$mcastif" >/dev/null
) &

#
# Run inetd in "standalone" mode (-s flag) so that it doesn't have
# to submit to the will of SAF. Why did we ever let them change inetd?
#
#/usr/sbin/inetd -s &
/usr/local/sbin/xinetd -s &