1 / 12

Unix System Administration

Unix System Administration. Chapter 31 Daemons. Out of the Goo, the Primordial Process. Init Always the first process to run after system boot Always PID 1 Ancestor of all user processes and all but a few system processes Configured using /etc/inittab Exorcises undead zombie process

hani
Télécharger la présentation

Unix System Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unix System Administration Chapter 31 Daemons

  2. Out of the Goo, the Primordial Process • Init • Always the first process to run after system boot • Always PID 1 • Ancestor of all user processes and all but a few system processes • Configured using /etc/inittab • Exorcises undead zombie process • If init dies, the system will hang or reboot

  3. It’s a Bird, It’s a Plane,No It’s the Super Daemon • Inetd • Daemon that manages other daemons • The daemons it manages must be programmed to be started and managed by inetd • Uses /etc/inetd.conf and /etc/services as configuration files • Simple daemons (echo, discard, etc) are built-into inetd • You need to send SIGHUP to inetd after editing /etc/inetd.conf to tell it to reread the file

  4. /etc/inetd.conf (abridged) # Syntax for socket-based Internet services: # <service_name> <socket_type> <proto> <flags> <user> # <server_pathname> <args> # ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd echo stream tcp nowait root internal echo dgram udp wait root internal talk dgram udp wait root /usr/sbin/in.talkd in.talkd

  5. /etc/services (abridged) echo 7/tcp echo 7/udp ftp-data 20/tcp ftp 21/tcp telnet 23/tcp talk 517/udp

  6. Mapping Those Pesky Ports • Portmap (aka Rpcbind) • Runs on port 111 • Maps between RPC service numbers and TCP/IP port numbers • RPC services register their service number, version and port number with portmap/rpcbind when the start up • Clients contact portmap/rpcbind to find the port that a particular service is running on. • Use rpcinfo -p to display registered services

  7. Let’s Wrap It Up! • TCP_Wrappers • Used to provide IP address-level security to daemons run from inetd • Can also be used with non-inetd daemons if they can link with the libwrap library • Logs successful and failed attempts via syslog facility • Requires modification to /etc/inetd.conf • Written by Wietse Venema of the Netherlands • ftp://ftp.porcupine.org/pub/security/index.html

  8. TCP_Wrapperized /etc/inetd.conf # Syntax for socket-based Internet services: # <service_name> <socket_type> <proto> <flags> <user> # <server_pathname> <args> # ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd echo stream tcp nowait root internal echo dgram udp wait root internal talk dgram udp wait root /usr/sbin/tcpd in.talkd

  9. /etc/hosts.allow & /etc/hosts.deny /etc/hosts.allow ALL: localhost,krusty in.telnetd: beast,bugs in.rlogind: beast,bugs in.rexecd: beast,bugs,159.91. in.rshd: beast,bugs in.fingerd: ALL in.talkd: ALL /etc/hosts.deny ALL: ALL

  10. Daemons Daemons Everywhere ... • nfsd, rpc.lockd & rpc.statd - file sharing • ypbind, ypserv, ypxfrd - NIS daemons • comsat - e-mail notification • talkd - chat server • routed, gated - routing • innd, nntpd - Network News • syslogd - logging server • httpd - web server

  11. … Even in Your Underwear • Ftpd - file transfer • telnetd - remote terminal • rshd, rexec - remote shell • rlogin - remote login • xntp - time sync • dhcpd, bootpd, rarpd - IP address servers • popper, ipopd, imapd - e-mail servers • sendmail - e-mail routing server

  12. Exorcise These Daemons! • Besides a Unix service, what is a “daemon?” • What happens if inetd dies? • What is the name of the TCP_wrapper daemon?

More Related