diff options
| author | Satoshi Asami <asami@FreeBSD.org> | 1996-07-10 22:18:38 +0000 |
|---|---|---|
| committer | Satoshi Asami <asami@FreeBSD.org> | 1996-07-10 22:18:38 +0000 |
| commit | 80b11da6c8f9eb927597666ef401fd2900fb856a (patch) | |
| tree | 57cfae80baeeac47fbee5dc52741b5c927b6be02 /security/xinetd/pkg-descr | |
| parent | fba013d1cd0556487bf408ca4466badacd5e51a6 (diff) | |
| download | ports-80b11da6c8f9eb927597666ef401fd2900fb856a.tar.gz ports-80b11da6c8f9eb927597666ef401fd2900fb856a.zip | |
Notes
Diffstat (limited to 'security/xinetd/pkg-descr')
| -rw-r--r-- | security/xinetd/pkg-descr | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/security/xinetd/pkg-descr b/security/xinetd/pkg-descr new file mode 100644 index 000000000000..7cc29eccd957 --- /dev/null +++ b/security/xinetd/pkg-descr @@ -0,0 +1,44 @@ +Xinetd is a replacement for inetd, the internet services daemon. + +Xinetd is not just an inetd replacement. Anybody can use it to +start servers that don't require privileged ports because xinetd +does not require that the services in its configuration file be +listed in /etc/services. + +Its configuration file has a different format than inetd's one +and it understands different signals. However the signal-to-action +assignment can be changed. + +It is a lot better than inetd. Here are the reasons: + +1) It can do access control on all services based on: + a. address of remote host + b. time of access + +2) Access control works on all services, whether multi-threaded or + single-threaded and for both the TCP and UDP protocols. All UDP + packets can be checked as well as all TCP connections. + +3) It provides hard reconfiguration: + a. kills servers for services that are no longer in the configuration file + b. kills servers that no longer meet the access control criteria + +4) It can prevent denial-of-access attacks by + a. placing limits on the number of servers for each service (avoids + process table overflows) + b. placing an upper bound on the number of processes it will fork + c. placing limits on the size of log files it creates + +5) Extensive logging abilities: + a. for every server started it can log: + i) the time when the server was started + ii) the remote host address + iii) who was the remote user (if the other end runs a RFC-931/RFC-1413 + server) + iv) how long the server was running + (i, ii and iii can be logged for failed attempts too). + b. for some services, if the access control fails, it can + log information about the attempted access (for example, + it can log the user name and command for the rsh service) + +6) No limit on number of server arguments |