当前位置:Linux教程 - Linux资讯 - RedHat-Wrapper和xinetd的实现(三)

RedHat-Wrapper和xinetd的实现(三)

  编者:Wrapper和xinetd是实现Linux的存取限制一种方式。我们在第一篇文章中介绍了其基本原理和安装编译的方法,在第二篇文章中跟大家仔细说了一下它的配置。没有看到的朋友可以去看一下页面底部的相关文章。今天讲到一些实例,便于大家的理解和掌握。最后还提到了日志管理。    配置实例  1. defaults配置    【范例1】/etc/xinetd.conf     # Simple configuration file for xinetd    # Some defaults, and include /etc/xinetd.d/         defaults    {    instances = 60    log_type = SYSLOG authpriv    log_on_sUCcess = HOST PID    log_on_failure = HOST    cps = 25 30    }    includedir /etc/xinetd.d            解读:RedHat 7.x建议的配置方法不是将所有服务项都写在一个文件里面,/etc/xinetd.conf是作为默认配置文件用的,/etc/xinetd.d目录下面的每个文件对应一个服务。前面说过,默认项的设置是作用于所有服务的,由此可以看出上面的对所有服务都是设置了60个实例、设置的日志方式为SYSLOG authpriv,登陆成功时记录HOST和PID,失败时仅记录HOST,    每秒最多处理25个连接,如果超过这个数目的连接则等待30秒后继续处理。Includedir指令指定了配置文件的目录是/etc/xinetd.d         2.telnet的配置   【范例1】/etc/xinetd.d/telnet     # default: on    # description: The telnet server serves telnet sessions; it uses   # unencrypted username/passWord pairs for authentication.    service telnet    {     disable = no     flags = REUSE     socket_type = stream      wait = no     user = root     instances = 10     server = /usr/sbin/in.telnetd     log_on_failure += USERID     rlimit_as = 8M     rlimit_cpu=20    }       解读:    1、 instances的设置覆盖了defaults项的设置;    2、 log_on_failure属性在defaults项的基础上加上了USERID。    3、 对TELNET服务设置了资源限制,最多可用内存为8M,CPU每秒处理20个进程。  3 .echo的配置     【范例3.1】/etc/xinetd.d/echo     # default: off    # description: An echo server. This is the tcp   # version.    service echo    {     disable = yes     type = INTERNAL     id = echo-stream     socket_type = stream     protocol = tcp     user = root     wait = no    }            【范例3.2】/etc/xinetd.d/echo-udp     # default: off    # description: An echo server. This is the udp   # version.    service echo    {     disable = yes     type = INTERNAL UNLISTED     id = echo-dgram     socket_type = dgram     protocol = udp     user = root     wait = yes     port = 7    }         解读:由于它们的服务名相同,只是socket类型不同,所以,使用id属性来区分。     4. RPC类服务例子     【范例4】/etc/xinetd.d/rstatd     service rstatd    {     type = RPC     socket_type = dgram     protocol = udp     server = /usr/etc/rpc.rstatd     wait = yes     user = root     rpc_version = 2-4     env =LD_LIBRARY_PATH=/etc/securelib    }                 5. 自定义的服务配置范例   【范例4】/etc/xinetd.d/sample     service sample    {     type = UNLISTED     socket_type = stream     protocol = tcp     server = /usr/bin/sample     port =20020    }     xinetd进程    1 启动与中止:  如果你使用的是7.x 的默认安装:    /etc/rc.d/init.d/xinetd start    /etc/rc.d/init.d/xinetd stop    /etc/rc.d/init.d/xinetd restart    /etc/rc.d/init.d/xinetd reload    或者    /sbin/service xinetd start    /sbin/service xinetd stop    /sbin/service xinetd restart    /sbin/service xinetd reload         如果你使用的是6.x上的自行编译安装:         你需要自行建立xinetd启动脚本:    touch /var/run/xinetd.pid    touch /var/lock/subsys/xinetd    chmod 755 /etc/rc.d/init.d/xinetd         你可以用下面的命令来控制进程:    /etc/rc.d/init.d/xinetd start    /etc/rc.d/init.d/xinetd stop    /etc/rc.d/init.d/xinetd restart    /etc/rc.d/init.d/xinetd reload         vi /etc/rc.d/init.d/xinetd    ##文件内容如下:     /etc/rc.d/init.d/xinetd文件内容     #!/bin/bash         #         # xinetd This starts and stops xinetd.         #         # chkconfig: 345 56 50         # description: xinetd is a powerful replacement for inetd.        # xinetd has Access control machanisms, extensive        # logging capabilities, the ability to make services        # available based on time, and can place        # limits on the number of servers that can be started,        # among other things.         #         # processname: /usr/sbin/xinetd         # config: /etc/sysconfig/network         # config: /etc/xinetd.conf         # pidfile: /var/run/xinetd.pid         prog="xinetd"         PATH=/sbin:/bin:/usr/bin:/usr/sbin         # Source function library.         . /etc/rc.d/init.d/functions         # Get config.         test -f /etc/sysconfig/network && . /etc/sysconfig/network         # Check that networking is up.         [ ${NETWORKING} = "yes" ] exit 0         [ -f /usr/sbin/xinetd ] exit 1         [ -f /etc/xinetd.conf ] exit 1         RETVAL=0         start(){          echo -n $"Starting $prog: "          # Need to get rid of localization for external services -           # it doesn't make much sense to have i18n on the server side here          LANG=en_US          LC_TIME=en_US          LC_ALL=en_US          LC_MESSAGES=en_US          LC_NUMERIC=en_US          LC_MONETARY=en_US          LC_COLLATE=en_US
[1] [2] 下一页 

(出处:http://www.sheup.com)


上一页 [1] [2] 

站点导航
赞助商链接