xinetd的兩個實驗

參考文章：http://blog.sina.com.cn/s/blog_88cdde9f01019fg5.html

xinetd練習一：利用xinetd設置sensor陷阱，隔離惡意訪問


1.檢查是否有這幾個包
[root@linuxclient ~]# rpm -qa|grep rsh-server
rsh-server-0.17-60.el6.i686
[root@linuxclient ~]# rpm -qa|grep rsh
rsh-server-0.17-60.el6.i686
rsh-0.17-60.el6.i686
[root@linuxclient ~]# rpm -qa|grep telnet-server
telnet-server-0.17-46.el6.i686
[root@linuxclient ~]# rpm -qa|grep telnet
telnet-0.17-46.el6.i686
telnet-server-0.17-46.el6.i686

2.讓他們啓動
[root@linuxclient ~]# chkconfig rlogin on
[root@linuxclient ~]# chkconfig rsh on
[root@linuxclient ~]# chkconfig telnet on

3.修改配置文件
service login
{
        disable = no
        socket_type             = stream
        wait                    = no
        user                    = root
        log_on_success          += USERID
        log_on_failure          += USERID
        server                  = /usr/sbin/in.rlogind
        flags                   = SENSOR
        deny_time               = forever
}
之前的telnet不通，可以去關閉防火牆（這個東西很虐人啊，好多次都是因爲它弄的要死要活的，所以這次還是我機智，關了它）
[root@linuxserver Desktop]# telnet 192.168.70.150
Trying 192.168.70.150...
Connected to 192.168.70.150 (192.168.70.150).
Escape character is '^]'.
Red Hat Enterprise Linux Server release 6.0 (Santiago)
Kernel 2.6.32-71.el6.i686 on an i686
login: qys
Password: 
Last login: Sat Dec 19 00:35:55 from 192.168.70.1

4.重新啓動生效

[root@linuxclient ~]# /etc/init.d/xinetd restart
Stopping xinetd:                                           [  OK  ]
Starting xinetd:                                           [  OK  ]


5.客戶端測試
[root@linuxserver Desktop]# rlogin 192.168.70.150
connect to address 192.168.70.150 port 543: Connection refused
trying normal rlogin (/usr/bin/rlogin)
rcmd: 192.168.70.150: Connection reset by peer

6.解釋
原因是：xinetd服務實際上是監聽了rlogin-server的端口，由於帶有flags=SENSOR標記，sensor會記錄客戶ip並將其添加到針對全局的no-access列表中去，所以惡意的訪問都不能訪問xinetd託管的服務了

實驗二：建立自定義xinetd託管服務

前提：關掉防火牆

1.自定義一個服務（別忘了要編譯）：
[root@linuxclient Desktop]# cat /tmp/hello.c 
#include<stdio.h>
int main(){
printf("hello,buddy!\n");
return 0;
}


2.在xinetd.d裏面新添加一個文件，名叫hello_server
[root@linuxclient Desktop]# cat /etc/xinetd.d/hello_server 
#cp telnet hello
#vim hello


service hello_server
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /tmp/hello
log_on_failure +=USERID
port = 9015
}


3.將新建的服務加到/etc/services裏面去
[root@linuxclient Desktop]# cat /etc/services |grep 9015
hello_server 9015/tcp


4.重啓xinetd服務
5.查看9015是否開啓
[root@linuxclient Desktop]# netstat -tnlp|grep 9015
tcp        0      0 :::9015                     :::*                        LISTEN      2254/xinetd   
6.測試：
[root@linuxserver Desktop]# telnet 192.168.70.150 9015
Trying 192.168.70.150...
Connected to 192.168.70.150 (192.168.70.150).
Escape character is '^]'.
hello,buddy!
Connection closed by foreign host.