[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux] Xinetd and Suse7.0



On Thu, 5 Jul 2001, Cedric Gavage wrote:

> Alain Barthélemy wrote:
> 
> > Quels sont ses avantages (et inconvénients!).
> > 
> 
> Un des avantages les plus intéressants, c'est que tu peux limiter le 
> nombre d'instances et de connexions par service.
> 
> Sinon: :)
> 
> Features:
> 
>      * Access control:
>            * Has builtin access control for stopping connections from 
> evil bad guys, or for only allowing connections from good guys.
>            * Can be compiled with builtin libwrap support. Use 
> hosts.{allow|deny}! More efficient than using tcpd!
>            * Tcp wrappers are good, but can only see one connection at a 
> time. xinetd can limit the rate of incoming connections, number of 
> incoming connections from specific hosts, or total number of connections 
> for a service.
>            * Limit access to services based on access time of day.
>            * You can have specific services bind to specific IP's. This 
> lets you provide different services to internal clients than external 
> clients.
>      * Prevent denial of service attacks!
>            * With the access control capabilities of limiting the rate 
> of incoming connections, xinetd can respond to "port bombs" in a 
> reasonable fashion.
>            * If one host seems to be hogging your services, you can 
> limit the number of simultaneous connections from a host.
>            * You can place limits on the size of the log files it 
> creates, so people can't fill your disk.
>      * Extensive logging abilities!
>            * You can configure the syslog logging level for each service 
> independently.
>            * If you don't want to use syslog logging, you can have each 
> service log to a file, independent of any other service.
>            * It can log the start and stop times for the connection, so 
> you can determine how long a client used your services.
>            * It can log extensive information about failed connection 
> attempts.
>      * Offload services to a remote host
>            * The redir feature allows you to redirect a TCP stream to 
> another host. This other host does not need to be an externally 
> reachable machine. If you want to provide services on a NAT'd machine, 
> run xinetd with the redir feature to redirect the service to a different 
> host.
>      * IPv6 support
>            * As of the xinetd 2.1.8.8pre* series, xinetd supports IPv6.
>      * User interaction
>            * You can print different banners to the client when they 
> have a successful connection, when their connection attempt failed, and 
> always regardless of connection status. This can help keep your users 
> informed of changes, and why they may be having trouble accessing services.
> 
> -- 
>   Cédric Gavage <cedric.gavage@linuxbe.org>

Wouaw , là dessus, je suis soufflé. Bon, question : je suis sous Suse7.0,
2.2.16 (que je vais certainement passer au 2.2.19).
Existe-t'il un package xinetd pour Suse ?

A+

Cybersalutations
Benjamin Gonay



[ Soyez précis dans vos sujets svp afin de déterminer directement  ]
[ le type de demande...                                            ]
[ Pour vous (dés)inscrire, aller sur http://linuxbe.org/ml.php     ]
[ http://LinuxBe.org              Contact: listmaster@linuxbe.org  ]