[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux] Xinetd and Suse7.0
On Thu, 5 Jul 2001, Cedric Gavage wrote:
> Alain Barthélemy wrote:
>
> > Quels sont ses avantages (et inconvénients!).
> >
>
> Un des avantages les plus intéressants, c'est que tu peux limiter le
> nombre d'instances et de connexions par service.
>
> Sinon: :)
>
> Features:
>
> * Access control:
> * Has builtin access control for stopping connections from
> evil bad guys, or for only allowing connections from good guys.
> * Can be compiled with builtin libwrap support. Use
> hosts.{allow|deny}! More efficient than using tcpd!
> * Tcp wrappers are good, but can only see one connection at a
> time. xinetd can limit the rate of incoming connections, number of
> incoming connections from specific hosts, or total number of connections
> for a service.
> * Limit access to services based on access time of day.
> * You can have specific services bind to specific IP's. This
> lets you provide different services to internal clients than external
> clients.
> * Prevent denial of service attacks!
> * With the access control capabilities of limiting the rate
> of incoming connections, xinetd can respond to "port bombs" in a
> reasonable fashion.
> * If one host seems to be hogging your services, you can
> limit the number of simultaneous connections from a host.
> * You can place limits on the size of the log files it
> creates, so people can't fill your disk.
> * Extensive logging abilities!
> * You can configure the syslog logging level for each service
> independently.
> * If you don't want to use syslog logging, you can have each
> service log to a file, independent of any other service.
> * It can log the start and stop times for the connection, so
> you can determine how long a client used your services.
> * It can log extensive information about failed connection
> attempts.
> * Offload services to a remote host
> * The redir feature allows you to redirect a TCP stream to
> another host. This other host does not need to be an externally
> reachable machine. If you want to provide services on a NAT'd machine,
> run xinetd with the redir feature to redirect the service to a different
> host.
> * IPv6 support
> * As of the xinetd 2.1.8.8pre* series, xinetd supports IPv6.
> * User interaction
> * You can print different banners to the client when they
> have a successful connection, when their connection attempt failed, and
> always regardless of connection status. This can help keep your users
> informed of changes, and why they may be having trouble accessing services.
>
> --
> Cédric Gavage <cedric.gavage@linuxbe.org>
Wouaw , là dessus, je suis soufflé. Bon, question : je suis sous Suse7.0,
2.2.16 (que je vais certainement passer au 2.2.19).
Existe-t'il un package xinetd pour Suse ?
A+
Cybersalutations
Benjamin Gonay
[ Soyez précis dans vos sujets svp afin de déterminer directement ]
[ le type de demande... ]
[ Pour vous (dés)inscrire, aller sur http://linuxbe.org/ml.php ]
[ http://LinuxBe.org Contact: listmaster@linuxbe.org ]