{{Short description|Computer networking software}} {{Lowercase title}} {{ infobox software | name = xinetd | caption = | developer = Rob Braun | latest_release_version = 2.3.15 | latest_release_date = {{start date and age|2012|05|09|df=yes}} | programming language = C, Shell<ref>{{cite web |url=https://github.com/xinetd-org/xinetd |title=xinetd-org/xinetd |website=GitHub |access-date=2014-07-10}}</ref> | operating_system = Unix-like | genre = Daemon | repo = {{URL|https://github.com/xinetd-org/xinetd}} | license = Open-source<ref>{{cite web |url=https://github.com/xinetd-org/xinetd/blob/master/COPYRIGHT |title=COPYRIGHT |website=GitHub |date=2003-02-19 |access-date=2014-07-10}}</ref> | website = {{url|https://web.archive.org/web/20051227095035/http://www.xinetd.org:80/}}{{dead link|date=July 2014}} | discontinued = yes }}

In computer networking, '''xinetd''' (''Extended Internet Service Daemon'') is an open-source super-server daemon which runs on many Unix-like systems, and manages Internet-based connectivity.<ref> {{cite book | last1 = Wells | first1 = Nicholas | chapter = 4: Using Simple Network Services | title = Guide to Linux Installation and Administration | year = 2000 | url = https://books.google.com/books?id=jQE-iUCjUKAC | volume = 1 | location = Boston, Massachusetts | publisher = Cengage Learning EMEA | publication-date = 2000 | page = 167 | isbn = 9780619000974 | access-date = 2017-07-03 | quote = [...] the superserver (also called a metaserver) [...] listens on multiple network ports and starts the appropriate service when a client connection arrives for that port. The most widely used superserver program is called {{mono|inetd}}, for Internet daemon. Another superserver that is gaining in popularity is {{mono|xinetd}}, for extended Internet daemon [...]. }} </ref>

It offers a more secure alternative to the older inetd ("the Internet daemon"), which most modern Linux distributions have deprecated.<ref> {{cite book | title = Linux Study Guide | last = Smith | first = Roderick W. | publisher = Sybex Press | year = 2001 | chapter = Networking | page = [https://archive.org/details/linuxstudyguide00rode/page/365 365] | isbn = 0-7821-2939-0 | chapter-url = https://archive.org/details/linuxstudyguide00rode/page/365 }} </ref>

== Description ==

xinetd listens for incoming requests over a network and launches the appropriate service for that request.<ref>{{ cite book | title = Red hat Linux 8 Bible | last = Negus | first = C. | publisher = Wiley Publishing Inc. | year = 2002 | chapter = Running Network Services | page = 1007 | isbn = 0-7645-4968-5 }}</ref> Requests are made using port numbers as identifiers and xinetd usually launches another daemon to handle the request.<ref name = "Ubuntu, 2019" > {{ Cite web | url = https://manpages.ubuntu.com/manpages/xenial/man8/xinetd.8.html | title = Ubuntu Manpage: xinetd - the extended Internet services daemon | access-date = 2020-04-21 | date = 2001-06-14 | website = Ubuntu | quote = Because of the way it operates, xinetd (as well as inetd) is also referred to as a super-server. (...) So far, the only reason for the existence of a super-server was to conserve system resources by avoiding to fork a lot of processes which might be dormant for most of their lifetime. | archive-url = https://web.archive.org/web/20190923030305/https://manpages.ubuntu.com/manpages/xenial/man8/xinetd.8.html | archive-date = 2019-09-23 | df = dmy-all }} </ref> It can be used to start services with both privileged and non-privileged port numbers.

xinetd features access control mechanisms such as TCP Wrapper ACLs, extensive logging capabilities, and the ability to make services available based on time. It can place limits on the number of servers that the system can start, and has deployable defense mechanisms to protect against port scanners, among other things.

On some implementations of Mac OS X, this daemon starts and maintains various Internet-related services, including FTP and telnet. As an extended form of inetd, it offers enhanced security. It replaced inetd in Mac OS X v10.3, and subsequently launchd replaced it in Mac OS X v10.4. However, Apple has retained inetd for compatibility purposes.

== Configuration ==

Configuration of xinetd resides in the default configuration file /etc/xinetd.conf, and configuration of the services it supports resides in configuration files stored in the /etc/xinetd.d directory. The configuration for each service usually includes a switch to control whether xinetd should enable or disable the service.

An example configuration file for the RFC 868 time server:

<syntaxhighlight lang="unixconfig"> # default: off # description: An RFC 868 time server. This protocol provides a # site-independent, machine readable date and time. The Time service sends back # to the originating source the time in seconds since midnight on January first # 1900. # This is the tcp version. service time { disable = yes type = INTERNAL id = time-stream socket_type = stream protocol = tcp user = root wait = no }

# This is the udp version. service time { disable = yes type = INTERNAL id = time-dgram socket_type = dgram protocol = udp user = root wait = yes } </syntaxhighlight>

The lines with the "#" character at the beginning are comments without any effect on the service. There are two service versions: the first one is based on the Transmission Control Protocol (TCP), the second one is based on the User Datagram Protocol (UDP). The type and planned usage of a service determines the necessary core protocol. In a simple way, the UDP cannot handle huge data transmissions, because it lacks the abilities to rearrange packages in a specified order or guarantee their integrity, but it is faster than TCP. TCP has these functions, but it is slower. There are two columns in each version inside the braces. The first is the type of option, the second is the applied variable.

The ''disable'' option is a switch to run a service or not. In most cases, the default state is ''yes''. To activate the service, change it to ''no''.

There are three ''types'' of services. The type is ''INTERNAL'' if the service is provided by xinetd, ''RPC'' when it based on Remote procedure call (commonly listed in the /etc/rpc file), or it can be ''UNLISTED'' when the service is neither in the /etc/services nor in the /etc/rpc files.

The ''id'' is the unique identifier of the service.

The ''socket_type'' determines the way of data transmission through the service. There are three types: ''stream'', ''dgram'' and ''raw''. This last one is useful when we want to establish a service based on a non-standard protocol.

With the ''user'' option, it is possible to choose a user to be the owner of the running service. It is highly recommended to choose a non-root user for security reasons.

When the ''wait'' is on ''yes'', the xinetd will not receive a request for the service if it has a connection. So, the number of connections is limited to one. It provides protection when only one connection needs to be establish per time.

There are many more options available for xinetd. In most Linux distributions, the full list of possible options and their description is accessible with a "man xinetd.conf" command.

To apply the new configuration, a SIGHUP signal must be sent to the xinetd process to make it re-read the configuration files. This can be achieved with the following command: <code>kill -SIGHUP "PID"</code>. PID is the actual process identifier number of the xinetd, which can be obtained with the command <code>pgrep xinetd</code>.<ref>Linux man page: xinetd.conf(5) http://linux.die.net/man/5/xinetd.conf</ref><ref>{{ cite book | title = GNU/Linux rendszerek üzemeltetése II. | last = Pere | first = László | publisher = Kiskapu Kft. (Hungary) | year = 2005 | chapter = Hálozati szolgáltatások | pages = 107–136 | isbn = 963-9301-98-1 }}</ref>

== References ==

{{reflist}}

== External links ==

* [https://github.com/openSUSE/xinetd openSUSE fork], to contain all the patches from several distributions: openSUSE, Debian, Fedora, Gentoo, ...

Category:Unix Category:MacOS Category:Linux security software