Inetd
Encyclopedia
inetd is a super-server
daemon
on many Unix
systems that manages Internet
services. First appearing in 4.3BSD http://www.freebsd.org/cgi/man.cgi?query=inetd, it is generally located at
, inetd listens on designated ports
used by internet services such as FTP
, POP3, and telnet
. When a TCP
packet or UDP
packet arrives with a particular destination port number, inetd launches the appropriate server program to handle the connection. For services that are not expected to run with high loads, this method uses memory more efficiently, since the specific servers run only when needed. Furthermore, no network code is required in the application-specific daemons, as inetd hooks the sockets directly to stdin, stdout and stderr of the spawned process. For protocols that have frequent traffic, such as HTTP and POP3, a dedicated server that intercepts the traffic directly may be preferable.
telnet 23/tcp
The corresponding line in the
version 5.1) is
telnet stream tcp6 nowait root /usr/sbin/telnetd telnetd -a
This tells inetd to launch the program
Generally TCP sockets are handled by spawning a separate server to handle each connection concurrently. UDP sockets are generally handled by a single server instance that handles all packets on that port.
Some simple services, such as echo
, are handled directly by inetd, without spawning an external server.
. It expects a command line argument containing a filename for a log file, and then it logs all strings sent through the socket to the log file.
The example uses stdio functions and it responds to network traffic coming in on stdin. In this case, we want all messages logged to a single file, so we only want one instance of the service running to service all requests. This means UDP is the correct protocol to use. First, an unused port number must be selected. In this sample, 9999 will be used. The
errorLogger 9999/udp
And the entry in
errorLogger dgram udp wait root /usr/local/bin/errlogd errlogd /tmp/logfile.txt
This tells inetd to run the
Note: the functionality of the above example is usually implemented by using syslog
and a process like syslogd. syslogd would normally be started in parallel with inetd, not as an inetd service.
inetd replacements
In recent years, because of the security limitations in the original design of inetd, it has been replaced by xinetd
, rlinetd, ucspi-tcp
, and others in many systems. Distributions of Linux
especially have many options and Mac OS X
(beginning with Mac OS X v10.2
) uses xinetd
. As of version Mac OS X v10.4
, Apple has merged the functionality of inetd into launchd
.
The services provided by inetd can be omitted entirely. This is becoming more common where machines are dedicated to a single function. For example, an HTTP server could be configured to just run httpd
and have no other ports open. A dedicated firewall could have no services started.
Security concerns
While the inetd concept as a service dispatcher is not inherently insecure, the long list of services that inetd traditionally provided gave computer security experts pause. The possibility of a service having an exploitable flaw, or the service just being abused, had to be considered. Unnecessary services were disabled and "off by default" became the mantra. It is not uncommon to find an
Super-server
A super-server or sometimes called a service dispatcher is a type of daemon run generally on Unix-like systems.- Usage :It starts other servers when needed, normally with access to them checked by a TCP wrapper. It uses very few resources when in idle state...
daemon
Daemon (computer software)
In Unix and other multitasking computer operating systems, a daemon is a computer program that runs as a background process, rather than being under the direct control of an interactive user...
on many Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
systems that manages Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
services. First appearing in 4.3BSD http://www.freebsd.org/cgi/man.cgi?query=inetd, it is generally located at
/usr/sbin/inetd
.Function
Often called a super-serverSuper-server
A super-server or sometimes called a service dispatcher is a type of daemon run generally on Unix-like systems.- Usage :It starts other servers when needed, normally with access to them checked by a TCP wrapper. It uses very few resources when in idle state...
, inetd listens on designated ports
TCP and UDP port
In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. A port is associated with an IP address of the host, as well as the type of protocol used for communication...
used by internet services such as FTP
File Transfer Protocol
File Transfer Protocol is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server...
, POP3, and telnet
TELNET
Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection...
. When a TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
packet or UDP
User Datagram Protocol
The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
packet arrives with a particular destination port number, inetd launches the appropriate server program to handle the connection. For services that are not expected to run with high loads, this method uses memory more efficiently, since the specific servers run only when needed. Furthermore, no network code is required in the application-specific daemons, as inetd hooks the sockets directly to stdin, stdout and stderr of the spawned process. For protocols that have frequent traffic, such as HTTP and POP3, a dedicated server that intercepts the traffic directly may be preferable.
Setup
The file/etc/services
is used to map port numbers and protocols to service names, and the file /etc/inetd.conf
is used to map service names to server names. For example, if a TCP request comes in on port 23, /etc/services
showstelnet 23/tcp
The corresponding line in the
/etc/inetd.conf
file (in this case, taken from a machine running AIXAIX operating system
AIX AIX AIX (Advanced Interactive eXecutive, pronounced "a i ex" is a series of proprietary Unix operating systems developed and sold by IBM for several of its computer platforms...
version 5.1) is
telnet stream tcp6 nowait root /usr/sbin/telnetd telnetd -a
This tells inetd to launch the program
/usr/sbin/telnetd
with the command line arguments telnetd -a
. inetd automatically hooks the socket to stdin, stdout, and stderr of the server program.Generally TCP sockets are handled by spawning a separate server to handle each connection concurrently. UDP sockets are generally handled by a single server instance that handles all packets on that port.
Some simple services, such as echo
ECHO protocol
The Echo Protocol is a service in the Internet Protocol Suite defined in RFC 862. It was originally proposed for testing and measurement of round-trip times in IP networks....
, are handled directly by inetd, without spawning an external server.
Creating an inetd service
This is a simple inetd service, written in CC (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
. It expects a command line argument containing a filename for a log file, and then it logs all strings sent through the socket to the log file.
The example uses stdio functions and it responds to network traffic coming in on stdin. In this case, we want all messages logged to a single file, so we only want one instance of the service running to service all requests. This means UDP is the correct protocol to use. First, an unused port number must be selected. In this sample, 9999 will be used. The
/etc/services
entry will look like this:errorLogger 9999/udp
And the entry in
/etc/inetd.conf
will look like this:errorLogger dgram udp wait root /usr/local/bin/errlogd errlogd /tmp/logfile.txt
This tells inetd to run the
/usr/local/bin/errlogd
program, with the commandline: errlogd /tmp/logfile.txt
(refer to the inetd.conf man page for information on the other arguments). The first argument contains the filename to be used for the log file: /tmp/logfile.txt
. inetd will run the service when needed, and attach port 9999 to the input and output streams, and all strings sent to that port will be logged to the file. By specifying wait, it tells inetd to only use one instance of the server to handle all requests.Note: the functionality of the above example is usually implemented by using syslog
Syslog
Syslog is a standard for computer data logging. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them...
and a process like syslogd. syslogd would normally be started in parallel with inetd, not as an inetd service.
inetd replacements
In recent years, because of the security limitations in the original design of inetd, it has been replaced by xinetd
Xinetd
In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon which runs on many Unix-like systems and manages Internet-based connectivity...
, rlinetd, ucspi-tcp
Ucspi-tcp
ucspi-tcp is a public domain Unix TCP command-line tool for building TCP client-server applications. It consists of super-server tcpserver and tcpclient application....
, and others in many systems. Distributions of Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
especially have many options and Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
(beginning with Mac OS X v10.2
Mac OS X v10.2
Mac OS X version 10.2 "Jaguar" is the third major release of Mac OS X, Apple's desktop and server operating system. It superseded Mac OS X v10.1 code name Puma and preceded Mac OS X Panther...
) uses xinetd
Xinetd
In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon which runs on many Unix-like systems and manages Internet-based connectivity...
. As of version Mac OS X v10.4
Mac OS X v10.4
Mac OS X v10.4 Tiger is the fifth major release of Mac OS X, Apple's desktop and server operating system for Macintosh computers. Tiger was released to the public on 29 April 2005 for US$129.95 as the successor to Mac OS X Panther , which had been released 18 months earlier...
, Apple has merged the functionality of inetd into launchd
Launchd
launchd is a unified, open-source service management framework for starting, stopping and managing daemons, applications, processes, and scripts...
.
The services provided by inetd can be omitted entirely. This is becoming more common where machines are dedicated to a single function. For example, an HTTP server could be configured to just run httpd
Httpd
httpd stands for Hypertext Transfer Protocol Daemon .The implied meaning can be:* Apache HTTP Server* Canopy HTTPd HTTP server* CERN HTTPd HTTP server* Lighttpd HTTP server* NCSA HTTPd HTTP server...
and have no other ports open. A dedicated firewall could have no services started.
Security concerns
While the inetd concept as a service dispatcher is not inherently insecure, the long list of services that inetd traditionally provided gave computer security experts pause. The possibility of a service having an exploitable flaw, or the service just being abused, had to be considered. Unnecessary services were disabled and "off by default" became the mantra. It is not uncommon to find an
/etc/inetd.conf
with almost all the services commented out in a modern Unix distribution.