My notes on xinetd
1 Rocky and Centos8 sans xinetd
As of CentOS8 xinet.d is not needed nor used. Rather we use systemd and create a new service.
1.1 tftpd
Installing tftp-server creates a new service in /usr/lib/systemd/system,
specifically
/usr/lib/systemd/system/tftp.socket/usr/lib/systemd/system/tftp.service
You need to cp these files to /etc/systemd/system so that systemctl can
systemctl can start and stop this daemon/service.
And rename them to tftp-server for both. i.e.
/etc/systemd/system/tftp-server.service/etc/systemd/system/tftp-server.socket
They should be edited to look like this: tftp-server.service
[Unit] Description=Tftp Server Requires=tftp-server.socket Documentation=man:in.tftpd [Service] ExecStart=/usr/sbin/in.tftpd -p -s /var/lib/tftpboot StandardInput=socket [Install] WantedBy=multi-user.target Also=tftp-server.socket
And tftp-server.socket
Description=Tftp Server Activation Socket [Socket] ListenDatagram=69 BindIPv6Only=both [Install] WantedBy=sockets.target
Start and stop with systemctl start tftp-server etc.
tftp runs on port 69. You will have to ensure that any firewalls allow port
- See iptables file for details.
iptables -L -n Chain INPUT (policy DROP) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:69 MYICMP icmp -- 0.0.0.0/0 0.0.0.0/0 /* direct icmp rules to the MYICMP chain */ MYSSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* direct ssh rules to the MYSSH chain */ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix ">>> I N P U T Dropped " Chain FORWARD (policy DROP)
1.2 tftp root directory
For my setup the tftp daemon will serve files from /var/lib/tftpboot
1.3 Home
2 Extended Internet Daemon
Older Linux hosts typically run xinetd to control internet daemons, listen for
incoming connections and keeping things secure. xinetd is the newer, more
secure version of inetd which has not been obsoleted.
Why Xinetd? Why the need for xinetd? The xinetd daemon is a “super-daemon” or “super service” that listens for connection requests on behalf of other daemons and services. You can launch xinetd once and have it wake up other intended services as needed. Xinetd brings efficiency and security by being a single service that runs as needed– as opposed to having multiple, dormant services running needlessly in the background for most of their run time.
In this post, xinetd will be used to listen for any tftp requests that come in from clients. When the server receives a request, xinetd will launch tftp with the necessary options so that files can be downloaded by the tftp client as requested. Yes . . . you can run tftpd without xinetd; however, the xinetd config file keeps all the important tftpd options nice and tidy for you as we can see here:
# sample /etc/xinet.d/tftp file
service tftp
{ disable = yes
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
per_source = 11
cps = 100 2
flags = IPv4
}
If you still insist on running tftpd without xinetd, consult the man pages for in.tftpd. You’ll need to know how to use the correct options in order to get the tftpd server listening in stand-alone mode (that is to say, listening without xinetd).
2.1 tftpd managed through xinetd service
On some systems in.tftpd is managed through the xinetd service. /etc/xinetd.conf
stores the default configuration of all services managed by xinetd, and also the
default configuration of tftpd.
First off, you have to check if tftpd and xinetd have been installed on your
system.
dnf list | grep -i inet dnf list | grep -i tftpd # if not then install: dnf install xinetd tftpd
in.tftpd is managed through the inetd service. /etc/xinetd.conf stores the
default configuration of all services managed by xinetd, and also the default
configuration of tftpd.