- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- xinet question
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2010 12:48 PM
тАО07-11-2010 12:48 PM
I need to enable xinet on several Linux machines (SLES 9/10).
Can anyone tell me what are the security risks?
thanks,
A.K.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2010 12:55 PM
тАО07-11-2010 12:55 PM
Re: xinet question
http://www.xinet.com/index.php
http://www.xinetd.org/
> Can anyone tell me what are the security
> risks?
Knowing nothing (else) about what you're
doing, I can't.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2010 01:14 PM
тАО07-11-2010 01:14 PM
Re: xinet question
I am installing nrpe package and would like to enable it to allow access from the Nagios host.
BTW,
what other options I can use instead of xinet?
Thanks,
A.K.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-11-2010 07:31 PM
тАО07-11-2010 07:31 PM
Re: xinet question
don't know what you're talking about. A
Google search for:
nrpe nagios xinet
gets redirected to a search for:
nrpe nagios xinetd
I assume, for good reason.
> Do you mean "xinet" or "xinetd"?
Still wondering...
That Google search, by the way, turns up
several documents which might be useful,
depending on what you're really looking for.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-12-2010 05:13 AM
тАО07-12-2010 05:13 AM
Solution"xinetd" on the other hand, is a very common and very widely used software component for running network services on many Unix-style systems, not only Linux. It is the "internet super-server daemon". See the description in Wikipedia:
http://en.wikipedia.org/wiki/Inetd
Traditional Unix systems may still use "inetd", but many Linux distributions and some Unix systems already offer xinetd instead of inetd by default.
xinetd allows you to restrict the source IP addresses and the number of connections allowed for each service you run through xinetd. These are very useful features for keeping your network services secure.
xinetd can run many services at the same time, and its default configuration may include several traditional "debugging/testing" services (chargen, discard, echo, time, daytime): make sure you disable these services unless you really need them.
Every network service can be a security risk - but xinetd is so simple, stable and widely used that it should be a pretty small risk when properly configured. I would be more concerned about NRPE: because it is normally used to gather information from the system, it may have to run more complex things, possibly even as root. Be very very careful in configuring NRPE.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-13-2010 02:50 AM
тАО07-13-2010 02:50 AM
Re: xinet question
Edit the file /etc/xinetd.d/nrpe
and add the only_from attribute for this service. To the right of the equals sign add IP addresses (or whole subnets) for clients' source IPs who are permitted to connect to nrpe.
There, of course, should be the IP address of your Nagios server among them.
After having made changes to the file send the xinetd PID a SIGHUP or execute "service xinetd reload".
Then enable a service check on your Nagios server that accesses your nrpe (probably you would have to define some nrpe check command on the nrpe host in e.g. /ect/nagios/nrpe.cfg first; but for any changes/additions to that file you don't need to reload xinetd like above because the nrpe daemon is spawned each time a connect request comes in anew by xinetd whereupon it reads the contents of nrpe.cfg)