xinetd.conf

Autres langues

Langue: ja

Autres versions - même langue

Version: 14 June 2001 (openSuse - 09/10/07)

Section: 5 (Format de fichier)

Sommaire

̾Á°

xinetd.conf - ³ÈÄ¥¤µ¤ì¤¿¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥µ¡¼¥Ó¥¹¥Ç¡¼¥â¥ó¤ÎÀßÄê¥Õ¥¡¥¤¥ë

ÀâÌÀ

xinetd.conf ¤Ï xinetd ¤Ë¤è¤Ã¤ÆÄ󶡤µ¤ì¤ë¥µ¡¼¥Ó¥¹¤ò·èÄꤹ¤ëÀßÄê¥Õ¥¡¥¤¥ë¤Ç¤¢¤ë¡£ ¹Ô¤ÎºÇ½é¤Î¶õÇò¤Ç¤Ï¤Ê¤¤Ê¸»ú¤¬ '#' ¤Ê¤é¤Ð¥³¥á¥ó¥È¹Ô¤È¤ß¤Ê¤µ¤ì¤ë¡£ ¶õ¹Ô¤Ï̵»ë¤µ¤ì¤ë¡£

¥Õ¥¡¥¤¥ë¤Ï°Ê²¼¤Î·Á¼°¤Î¥¨¥ó¥È¥ê¤«¤é¤Ê¤ë:




service <service_name>

{
<°À­> <assign_op> <ÃÍ> <ÃÍ> ... ...


}

ÂåÆþ±é»»»Ò assign_op ¤Ï '=', '+=', '-=' ¤Î¤¤¤º¤ì¤«¤Ç¤¢¤ë¡£ Ëؤó¤É¤Î°À­¤Ïñ½ã¤ÊÂåÆþ±é»»»Ò¤Ç¤¢¤ë '=' ¤Î¤ß¤ò¥µ¥Ý¡¼¥È¤¹¤ë¡£ Ãͤ¬ÃͤÎÁȹ礻¤Ç¤¢¤ë¤è¤¦¤Ê°À­¤Ï¡¢¤¹¤Ù¤Æ¤ÎÂåÆþ±é»»»Ò¤ò¥µ¥Ý¡¼¥È¤¹¤ë¡£ ¤½¤Î¤è¤¦¤Ê°À­¤Ë¤Ä¤¤¤Æ¤Ï¡¢ '+=' ¤ÏÁȹ礻¤ËÃͤòÄɲ乤뤳¤È¤ò¡¢ '-=' ¤ÏÁȹ礻¤«¤éÃͤòºï½ü¤¹¤ë¤³¤È¤ò°ÕÌ£¤¹¤ë¡£ ¤É¤Î°À­¤¬¤É¤Î±é»»»Ò¤ò¥µ¥Ý¡¼¥È¤¹¤ë¤«¤Ï¡¢ ¤¹¤Ù¤Æ¤Î°À­¤Ë¤Ä¤¤¤Æ½Ò¤Ù¤¿¸å¤Ëµ­½Ò¤¹¤ë¡£

³Æ¥¨¥ó¥È¥ê¤Ï service_name ¤Ç¼±Ê̤µ¤ì¤ë¥µ¡¼¥Ó¥¹¤Ë¤Ä¤¤¤ÆÄêµÁ¤¹¤ë¡£

id ¤³¤Î°À­¤Ï¥µ¡¼¥Ó¥¹¤ò¼±Ê̤¹¤ë¤Î¤ËÍѤ¤¤é¤ì¤ë¡£ ¥µ¡¼¥Ó¥¹¤ÎÃæ¤Ë¤Ï°ã¤¦¥×¥í¥È¥³¥ë¤ò»È¤¨¤ë¤â¤Î¤¬¤¢¤ê¡¢ ¤½¤Î¾ì¹ç¤ÏÀßÄê¥Õ¥¡¥¤¥ë¤ÎÊ̤Υ¨¥ó¥È¥ê¤Ëµ­½Ò¤µ¤ì¤ë¤Î¤Ç¡¢ ¤½¤¦¤·¤¿¤È¤­¤ËÍ­ÍѤǤ¢¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¥µ¡¼¥Ó¥¹ id ¤Ï service_name ¤ÈƱ¤¸¤Ç¤¢¤ë¡£
type
°Ê²¼¤ÎÃͤÎǤ°Õ¤ÎÁȹ礻¤Ç¤¢¤ë:
RPC
RPC ¤ò»È¤Ã¤¿¥µ¡¼¥Ó¥¹¤Ç¤¢¤ë
INTERNAL
xinetd ¤Ë¤è¤Ã¤ÆÄ󶡤µ¤ì¤ë¥µ¡¼¥Ó¥¹
TCPMUX/TCPMUXPLUS
well-known(Îɤ¯ÃΤé¤ì¤¿)TCPMUX ¥Ý¡¼¥È¤ò»È¤¦¡¢RFC 1078 ¥×¥í¥È¥³¥ë¤Ë¤è¤Ã¤Æ³«»Ï¤µ¤ì¤ë¥µ¡¼¥Ó¥¹¡£ ¸å½Ò¤¹¤ë TCPMUX ¥µ¡¼¥Ó¥¹¤Ë¤Ä¤¤¤Æ½ñ¤«¤ì¤¿Àá¤ò»²¾È¤Î¤³¤È¡£
UNLISTED
ɸ½àŪ¤Ê¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë (RPC ¥µ¡¼¥Ó¥¹¤Ê¤é /etc/rpc, RPC ¤Ç¤Ê¤¤¥µ¡¼¥Ó¥¹¤Ê¤é /etc/services) ¤Ë¤Ï¤Ê¤¤¥µ¡¼¥Ó¥¹
flags
°Ê²¼¤Î¥Õ¥é¥°¤ÎǤ°Õ¤ÎÁȹ礻¤Ç¤¢¤ë:
INTERCEPT
¥Ñ¥±¥Ã¥È¤Þ¤¿¤Ï¤¹¤Ç¤Ë¼õ¤±¤Ä¤±¤¿Àܳ¤ò¡¢ ¤½¤ì¤¬¼õ¤±ÉÕ¤±¤Æ¤è¤¤¾ì½ê¤«¤éÍè¤Æ¤¤¤ë¤Î¤«¤ò³Î¤«¤á¤ë¤¿¤á¤Ë²£¼è¤ê¤¹¤ë (ÆâÉô¥µ¡¼¥Ó¥¹¤Þ¤¿¤Ï¥Þ¥ë¥Á¥¹¥ì¥Ã¥É¥µ¡¼¥Ó¥¹¤Ï²£¼è¤ê¤Ç¤­¤Ê¤¤)¡£
NORETRY
¥Õ¥©¡¼¥¯¤Ë¼ºÇÔ¤·¤Æ¤âºÆ»î¹Ô¤·¤Ê¤¤¡£
IDONLY
¥ê¥â¡¼¥È¦¤¬¡¢¥ê¥â¡¼¥È¤Î¥æ¡¼¥¶¤ò¼±Ê̤·¤Æ¤¤¤ë¤È¤­¤Î¤ßÀܳ¤ò¼õ¤±ÉÕ¤±¤ë (¤¹¤Ê¤ï¤Á¡¢¥ê¥â¡¼¥È¥Û¥¹¥È¤Ï ident ¥µ¡¼¥Ð¤òÆ°¤«¤µ¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤)¡£ ¥í¥°¥ª¥×¥·¥ç¥ó USERID ¤¬»È¤ï¤ì¤Æ¤Ê¤¤¾ì¹ç¤Ë¤Ï¡¢¤³¤Î¥Õ¥é¥°¤Ï¸ú²Ì¤¬¤Ê¤¤¡£
NAMEINARGS
"server_args" ¤ÎºÇ½é¤Î°ú¤­¿ô¤ò¡¢¥µ¡¼¥Ð¤¬¼Â¹Ô¤µ¤ì¤ëºÝ¤Î argv[0] ¤Ë¤¹¤ë¡£ ¤³¤ì¤Ë¤è¤ê¡¢ÉáÄ̤Πinetd ¤Î¤è¤¦¤Ë "server" ¤ò tcpd ¤Ë¤·¡¢ ¥µ¡¼¥Ð¡¼Ì¾¤ò "server_args" ¤ËÆþ¤ì¤ë¤³¤È¤Ç¡¢tcpd ¤ò»È¤¦¤³¤È¤¬¤Ç¤­¤ë¡£
NODELAY
¥µ¡¼¥Ó¥¹¤¬ TCP ¤Î¥µ¡¼¥Ó¥¹¤Ç NODELAY ¥Õ¥é¥°¤¬Î©¤Æ¤é¤ì¤Æ¤¤¤ë¾ì¹ç¡¢ ¥½¥±¥Ã¥È¤Ë TCP_NODELAY ¥Õ¥é¥°¤òΩ¤Æ¤ë¡£ ¥µ¡¼¥Ó¥¹¤¬ TCP ¤Î¥µ¡¼¥Ó¥¹¤Ç¤Ê¤±¤ì¤Ð¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¸ú²Ì¤¬¤Ê¤¤¡£
KEEPALIVE
¥µ¡¼¥Ó¥¹¤¬ TCP ¤Î¥µ¡¼¥Ó¥¹¤Ç¡¢KEEPALIVE ¥Õ¥é¥°¤¬Î©¤Æ¤é¤ì¤¿¾ì¹ç¤Ï¡¢ ¥½¥±¥Ã¥È¤Ë SO_KEEPALIVE ¥Õ¥é¥°¤¬Î©¤Æ¤é¤ì¤ë¡£ ¥µ¡¼¥Ó¥¹¤¬ TCP ¤Î¥µ¡¼¥Ó¥¹¤Ç¤Ê¤±¤ì¤Ð¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¸ú²Ì¤¬¤Ê¤¤¡£
NOLIBWRAP
¥µ¡¼¥Ó¥¹¤Ø¤Î¥¢¥¯¥»¥¹¤òȽÃǤ¹¤ë¤Î¤Ë¡¢tcpwrap ¤ÎÆâÉô¸Æ¤Ó½Ð¤·¤ò¹Ô¤ï¤Ê¤¤¡£ xinetd ¤Î¤è¤¦¤ËŤ¤»þ´ÖÆ°¤¯¥×¥í¥»¥¹¤Ë¤Ï libwrap µ¡Ç½¤¬»È¤¨¤Ê¤¤¤Î¤Ç¡¢ ¤³¤ì¤ÏɬÍפˤʤë; ¤½¤ÎÍͤʾì¹ç¤Ë¤Ï tcpd ¥×¥í¥°¥é¥à¤òÌÀ¼¨Åª¤Ëµ¯Æ°¤¹¤ë¤³¤È¤¬¤Ç¤­¤ë(NAMEINARGS ¥Õ¥é¥°¤Î¹à¤ò¸«¤è)¡£
SENSOR
¥µ¡¼¥Ó¥¹¤ÎÂå¤ï¤ê¤Ë¡¢»ØÄꤵ¤ì¤¿¥Ý¡¼¥È¤Ø¤Î¥¢¥¯¥»¥¹¤ò¸¡ÃΤ¹¤ë¥»¥ó¥µ¡¼¤ò»È¤¦¡£ Ãí°Õ: ¤³¤ì¤Ï¥¹¥Æ¥ë¥¹¥¹¥­¥ã¥ó¤ò¸¡ÃΤ·¤Ê¤¤¡£ ɬÍפʤ¤¤È¤¤¤¦¤³¤È¤¬Ê¬¤«¤Ã¤Æ¤¤¤ë¥µ¡¼¥Ó¥¹¤Ë¤Î¤ß¡¢¤³¤Î¥Õ¥é¥°¤òÍѤ¤¤ë¤Ù¤­¤Ç¤¢¤ë¡£ ¤³¤Î¥µ¡¼¥Ó¥¹¤Î¥Ý¡¼¥È¤Ø¥¢¥¯¥»¥¹¤¬¤¢¤ë¤È¡¢IP ¥¢¥É¥ì¥¹¤¬ no_access ¥ê¥¹¥È¤ØÄɲ䵤ì¤ë¡£ °Ê¹ß¤ÎƱ¤¸ IP ¥¢¥É¥ì¥¹¤«¤é¤Î¥¢¥¯¥»¥¹¤Ï¡¢deny_time ¤ÇÀßÄꤷ¤¿´ü¸Â¤¬ÀÚ¤ì¤ë¤Þ¤Ç µñÈݤµ¤ì¤ë¡£ ¤³¤Î¥ê¥¹¥È¤ØÈñ¤ä¤¹»þ´Ö¤ÎŤµ¤Ï¡¢deny_time °À­¤ÇÀßÄ꤬²Äǽ¤Ç¤¢¤ë¡£ ¤Þ¤¿¡¢SENSOR ¥Õ¥é¥°¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¡¢Æ±¤¸¹Ô¤Ë²¿¤¬½ñ¤«¤ì¤Æ¤¤¤è¤¦¤È¡¢ ¥µ¡¼¥Ð¤Ë INTERNAL °À­¤¬»ØÄꤵ¤ì¤¿¤È xinetd ¤Ï¤ß¤Ê¤¹¡£ ¤¢¤È°ì¤Ä³Ð¤¨¤Æ¤ª¤¯¤Ù¤­½ÅÍפʤ³¤È¤Ï¡¢socket_type ¤ò stream ¤ËÀßÄꤷ¤¿¾ì¹ç¤Ï¡¢ wait °À­¤Ï no ¤ËÀßÄꤵ¤ì¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤È¤¤¤¦¤³¤È¤Ç¤¢¤ë¡£
IPv4
¥µ¡¼¥Ó¥¹¤ò IPv4 ¥µ¡¼¥Ó¥¹(AF_INET)¤Ë¤¹¤ë¡£
IPv6
IPv6 ¤¬¥·¥¹¥Æ¥à¤ÇÍ­¸ú¤Ç¤¢¤ì¤Ð¡¢¥µ¡¼¥Ó¥¹¤ò IPv6 ¥µ¡¼¥Ó¥¹(AF_INET6)¤Ë¤¹¤ë¡£
disable
"yes" ¤Þ¤¿¤Ï "no" ¤Î¿¿µ¶Ãͤò¤È¤ë¡£ ¤³¤ì¤Ë¤è¤ê¥µ¡¼¥Ó¥¹¤¬»ÈÍÑÉÔǽ¤Ë¤Ê¤ê¡¢µ¯Æ°¤µ¤ì¤Ê¤¯¤Ê¤ë¡£ DISABLE ¥Õ¥é¥°¤Ë´Ø¤¹¤ëµ­½Ò¤ò¸«¤è¡£
socket_type
¤³¤Î°À­¤Ë»ØÄê²Äǽ¤ÊÃͤϰʲ¼:
stream
¥¹¥È¥ê¡¼¥à·¿¥µ¡¼¥Ó¥¹
dgram
¥Ç¡¼¥¿¥°¥é¥à·¿¥µ¡¼¥Ó¥¹
raw
IP ¤Ø¤ÎľÀÜÀ©¸æ¤¬É¬Íפʥµ¡¼¥Ó¥¹
seqpacket
¿®Íê¤Ç¤­¤ëϢ³Ū¤Ê¥Ç¡¼¥¿¥°¥é¥à¸ò´¹¤¬É¬Íפʥµ¡¼¥Ó¥¹
protocol
¥µ¡¼¥Ó¥¹¤Ë»È¤ï¤ì¤ë¥×¥í¥È¥³¥ë¤ò»ØÄꤹ¤ë¡£ ¥×¥í¥È¥³¥ë¤Ï /etc/protocols ¤Ë¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¤³¤Î°À­¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¥µ¡¼¥Ó¥¹¤Î¥Ç¥Õ¥©¥ë¥È¤Î¥×¥í¥È¥³¥ë¤¬»È¤ï¤ì¤ë¡£
wait
¤³¤Î°À­¤Ï¥µ¡¼¥Ó¥¹¤¬¥·¥ó¥°¥ë¥¹¥ì¥Ã¥É¤«¡¢¥Þ¥ë¥Á¥¹¥ì¥Ã¥É¤«¤ò·èÄꤹ¤ë¡£ Ãͤ¬ yes ¤Ê¤é¥·¥ó¥°¥ë¥¹¥ì¥Ã¥É¤Ç¤¢¤ë; ¤¹¤Ê¤ï¤Á xinetd ¤Ï¡¢¥µ¡¼¥Ð¡¼¤òµ¯Æ°¤·¤¿¤é¤½¤Î¥µ¡¼¥Ð¤¬»à¤Ì¤Þ¤Ç¤Ï¡¢ ¤½¤Î¥µ¡¼¥Ó¥¹¤Ø¤ÎÍ×µá¤ËÂФ¹¤ë½èÍý¤òÄä»ß¤¹¤ë¡£ Ãͤ¬ no ¤Ê¤é¥µ¡¼¥Ó¥¹¤Ï¥Þ¥ë¥Á¥¹¥ì¥Ã¥É¤Ç¤¢¤ê¡¢ xinetd ¤Ï¥µ¡¼¥Ó¥¹¤Ø¤Î¿·¤¿¤ÊÍ×µá¤ò½èÍý¤·Â³¤±¤ë¡£
user
¥µ¡¼¥Ð¥×¥í¥»¥¹¤Î uid ¤ò»ØÄꤹ¤ë¡£ ¥æ¡¼¥¶Ì¾¤Ï /etc/passwd ¤Ë¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ xinetd ¤Î¼Â¸ú¥æ¡¼¥¶ID¤¬¥¹¡¼¥Ñ¡¼¥æ¡¼¥¶¡¼¤Ç¤Ï¤Ê¤¤¾ì¹ç¤Ë¤Ï¡¢ ¤³¤Î°À­¤Ï¸ú²Ì¤¬¤Ê¤¤¡£
group
¥µ¡¼¥Ð¥×¥í¥»¥¹¤Î gid ¤ò»ØÄꤹ¤ë¡£ ¥°¥ë¡¼¥×̾¤Ï /etc/group ¤Ë¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ xinetd ¤Î¼Â¸ú¥æ¡¼¥¶ID¤¬¥¹¡¼¥Ñ¡¼¥æ¡¼¥¶¡¼¤Ç¤Ï¤Ê¤¤¾ì¹ç¤Ë¤Ï¡¢ ¤³¤Î°À­¤Ï¸ú²Ì¤¬¤Ê¤¤¡£
instances
¥µ¡¼¥Ð¤¬Æ±»þ¤Ë¤¤¤¯¤Ä¥µ¡¼¥Ó¥¹¤Ç¤­¤ë¤«¤ò»ØÄꤹ¤ë(¥Ç¥Õ¥©¥ë¥È¤Ï̵À©¸Â)¡£ ¤³¤Î°À­¤ÎÃͤϿôÃͤ«¡¢¤â¤·¤¯¤Ï̵À©¸Â¤ò°ÕÌ£¤¹¤ë UNLIMITED ¤Î¤É¤Á¤é¤«¤Ç¤¢¤ë¡£
nice
¥µ¡¼¥Ð¡¼¤ÎÍ¥ÀèÅÙ¤ò»ØÄꤹ¤ë¡£ ÃͤÏ(Éé¤Î)¿ôÃͤǤ¢¤ë; ¾Ü¤·¤¯¤Ï nice(3)(ÌõÃí:Linux ¤Ç¤Ï nice(2))¤ò¸«¤è¡£
server
¤½¤Î¥µ¡¼¥Ó¥¹¤Î¤¿¤á¤Ë¼Â¹Ô¤¹¤ë¥×¥í¥°¥é¥à¤ò»ØÄꤹ¤ë
server_args
¥µ¡¼¥Ð¤ËÅϤµ¤ì¤ë°ú¤­¿ô¤ò»ØÄꤹ¤ë¡£ inetd ¤È¤Ï°ã¤¤¡¢¥µ¡¼¥Ð̾¤Ï server_args ¤Ë¤Ï´Þ¤á¤Ê¤¤¡£
only_from
¤½¤Î¥µ¡¼¥Ó¥¹¤ò²Äǽ¤Ë¤¹¤ë¥ê¥â¡¼¥È¥Û¥¹¥È¤ò»ØÄꤹ¤ë¡£ ÃÍ¤Ï IP ¥¢¥É¥ì¥¹¤Î¥ê¥¹¥È¤Ç¡¢°Ê²¼¤ÎÊýË¡¤ÎǤ°Õ¤ÎÁȹ礻¤Ç¤¢¤ë:
a)
%d.%d.%d.%d·Á¼°¤Î¿ôÃÍ¥¢¥É¥ì¥¹¡£ ±¦Ã¼¤ÎÉôʬ¤¬ 0 ¤Ç¤¢¤ì¤Ð¥ï¥¤¥ë¥É¥«¡¼¥É¤È¤·¤Æ°·¤ï¤ì¤ë (Î㤨¤Ð¡¢128.138.12.0 ¤Ï 128.128.12 ¥µ¥Ö¥Í¥Ã¥È¤Î¤¹¤Ù¤Æ¤Î¥Û¥¹¥È¤Ë¹çÃפ¹¤ë)¡£ 0.0.0.0 ¤Ï¤¹¤Ù¤Æ¤Î¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥¢¥É¥ì¥¹¤Ë¹çÃפ¹¤ë¡£ IPv6 ¥Û¥¹¥È¤Ï abcd:ef01::2345:6789 ¤Î¤è¤¦¤Ê·Á¼°¤Ç»ØÄꤹ¤ë¡£ IPv4 ¤Î¾ì¹ç¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¤Ë´Ø¤¹¤ë¥ë¡¼¥ë¤Ï¡¢IPv6 ¥¢¥É¥ì¥¹¤Ë¤ÏŬÍѤµ¤ì¤Ê¤¤
b)
%d.%d.%d.{%d,%d,...}·Á¼°¤ÎÁȹ礻¥¢¥É¥ì¥¹¡£ 4 ¤Ä¤¹¤Ù¤Æ¤ÎÉôʬ¤¬É¬Íפʤ櫓¤Ç¤Ï¤Ê¤¤ (¤¹¤Ê¤ï¤Á%d.%d.{%d,%d,...%d}·Á¼°¤â²Ä¤Ç¤¢¤ë)¡£ ¤·¤«¤·¡¢Áȹ礻¤ÎÉôʬ¤Ï¥¢¥É¥ì¥¹¤ÎºÇ¸å¤Ç¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¤³¤Î·Á¼°¤Ï IPv6 ¥Û¥¹¥È¤Ç¤Ï»È¤¨¤Ê¤¤¡£
c)
(/etc/networks ¤«¤éÆÀ¤é¤ì¤ë)¥Í¥Ã¥È¥ï¡¼¥¯Ì¾¡£ ¤³¤Î·Á¼°¤Ï IPv6 ¥Û¥¹¥È¤Ç¤Ï»È¤¨¤Ê¤¤¡£
d)
¥Û¥¹¥È̾¡£ xinetd ¤Ø¤ÎÀܳ¤¬¤Ê¤µ¤ì¤ë¤È¡¢µÕ°ú¤­¤¬¹Ô¤ï¤ì¡¢ ÆÀ¤é¤ì¤¿Àµµ¬Ì¾(canonical name)¤È»ØÄꤵ¤ì¤¿¥Û¥¹¥È̾¤¬Èæ³Ó¤µ¤ì¤ë¡£ .domain.com ·Á¼°¤Î¥É¥á¥¤¥ó̾¤ò»ØÄꤹ¤ë¤³¤È¤â¤Ç¤­¤ë¡£ ¥¯¥é¥¤¥¢¥ó¥È IP ¤ÎµÕ°ú¤­·ë²Ì¤¬ .domain.com ÆâÉô¤Ê¤é¡¢ ¤½¤Î¥¯¥é¥¤¥¢¥ó¥È¤Ï¹çÃפ·¤¿¤³¤È¤Ë¤Ê¤ë¡£
e)
1.2.3.4/32 ·Á¼°¤Î IP¥¢¥É¥ì¥¹/¥Í¥Ã¥È¥Þ¥¹¥¯ ÈÏ°Ï»ØÄê¡£
ÃͤλØÄê¤ò¤»¤º¤Ë¤³¤Î°À­¤ò»ØÄꤹ¤ë¤È¡¢ ¤¤¤«¤Ê¤ë¥æ¡¼¥¶¤Ë¤â¥µ¡¼¥Ó¥¹»ÈÍÑÉԲĤȤʤ롣
no_access
¤½¤Î¥µ¡¼¥Ó¥¹¤¬»ÈÍѤǤ­¤Ê¤¤¥ê¥â¡¼¥È¥Û¥¹¥È¤ò»ØÄꤹ¤ë¡£ ÃͤλØÄêÊýË¡¤Ï only_from ¤ÈƱ¤¸¤Ç¤¢¤ë¡£ ¤³¤ì¤éÆó¤Ä¤Î°À­¤Ë¤è¤ê xinetd ¤Ï¾ì½ê¤Ë´ð¤Å¤¤¤¿¥¢¥¯¥»¥¹À©¸æ¤ò¹Ô¤¦¡£ ¥µ¡¼¥Ó¥¹¤ËÂФ·¤³¤ÎÆó¤Ä¤Î¤É¤Á¤é¤â»ØÄꤵ¤ì¤Ê¤¤¾ì¹ç¤Ë¤Ï¡¢ ¤½¤Î¥µ¡¼¥Ó¥¹¤Ïï¤Ç¤â»ÈÍѲĤˤʤ롣 ¥µ¡¼¥Ó¥¹¤ËÂФ·¤³¤ÎÆó¤Ä¤¬¶¦¤Ë»ØÄꤵ¤ì¤¿¾ì¹ç¤Ë¤Ï¡¢ ¥ê¥â¡¼¥È¥Û¥¹¥È¤Î¥¢¥É¥ì¥¹¤¬¤è¤ê¤è¤¯(¤è¤êÀµ³Î¤Ë)¹çÃפ·¤¿Êý¤Ë´ð¤Å¤­¡¢ ¤½¤Î¥µ¡¼¥Ó¥¹¤¬¤½¤Î¥Û¥¹¥È¤Ç»ÈÍѤǤ­¤ë¤«¤É¤¦¤«¤¬·èÄꤵ¤ì¤ë (Î㤨¤Ð¡¢only_from ¥ê¥¹¥È¤Ë 128.138.209.0 ¤¬¤¢¤ê¡¢ no_access ¥ê¥¹¥È¤Ë 128.138.209.10 ¤¬¤¢¤Ã¤¿¾ì¹ç¤Ë¤Ï¡¢ ¥¢¥É¥ì¥¹¤¬ 128.138.209.10 ¤Î¥Û¥¹¥È¤Ï¤½¤Î¥µ¡¼¥Ó¥¹¤Ø¤Ï¥¢¥¯¥»¥¹¤Ç¤­¤Ê¤¤)¡£
access_times
¥µ¡¼¥Ó¥¹¤¬»ÈÍѤǤ­¤ë»þ´Ö´Ö³Ö¤ò»ØÄꤹ¤ë¡£ ´Ö³Ö¤Î·Á¼°¤Ï »þ:ʬ-»þ:ʬ ¤Ç¤¢¤ë (´Ö³Ö¤Î¶­³¦¤Ç¤ÎÀܳ¤Ï¼õ¤±ÉÕ¤±¤é¤ì¤ë¤À¤í¤¦)¡£ »þ´Ö¤Ï 0 ¤«¤é 23 ¤ÎÈϰϤǡ¢Ê¬¤Ï 0 ¤«¤é 59 ¤Ç¤¢¤ë¡£
log_type
¥µ¡¼¥Ó¥¹¤Î¥í¥°½ÐÎϤ¬¤É¤³¤ËÁ÷¤é¤ì¤ë¤«¤ò»ØÄꤹ¤ë¡£ Æó¤Ä¤Î·Á¼°¤¬¤¢¤ë:
SYSLOG syslog_facility [syslog_level]
¥í¥°½ÐÎϤϻØÄꤵ¤ì¤¿µ¡Ç½Ê¬Îà(facility)¤Ç syslog ¤ËÁ÷¤é¤ì¤ë¡£ »ØÄê²Äǽ¤Êµ¡Ç½Ê¬Îà¤Ï daemon, auth, authpriv, user, mail, lpr, news, uucp, ftp, local0-7 ¤Ç¤¢¤ë¡£ »ØÄê²Äǽ¤Ê¥ì¥Ù¥ë̾¤Ï emerg, alert, crit, err, warning, notice, info, debug ¤Ç¤¢¤ë¡£ ¥ì¥Ù¥ë»ØÄ꤬¤Ê¤¤¾ì¹ç¤Ë¤Ï¡¢¥á¥Ã¥»¡¼¥¸¤Ï info ¥ì¥Ù¥ë¤Çµ­Ï¿¤µ¤ì¤ë¡£
FILE file [soft_limit [hard_limit]]
¥í¥°½ÐÎÏ¤Ï file ¤ËÄɲ䵤졢¤½¤Î¥Õ¥¡¥¤¥ë¤¬Ìµ¤±¤ì¤ÐºîÀ®¤µ¤ì¤ë¡£ ¥í¥°¥Õ¥¡¥¤¥ë¤Î¥µ¥¤¥º¤Ë´Ø¤·¤Æ¤Ï¡¢Æó¤Ä¤ÎÀ©¸Â¤ò¥ª¥×¥·¥ç¥ó¤Ç»ØÄê¤Ç¤­¤ë¡£ °ì¤ÄÌܤÎÀ©¸Â¤Ï¼å¤¤À©¸Â(soft_limit)¤Ç¤¢¤ë; xinetd ¤Ï¤³¤ÎÀ©¸Â¤òºÇ½é¤Ë±Û¤¨¤¿¤È¤­¤Ë¥í¥°½ÐÎϤò¹Ô¤¦ (xinetd ¤¬ syslog ¤Ë½ÐÎϤ¹¤ë¾ì¹ç¤Ï¡¢¥á¥Ã¥»¡¼¥¸¤ÏÍ¥ÀèÅÙ¥ì¥Ù¥ë alert ¤ÇÁ÷¤é¤ì¤ë)¡£ Æó¤ÄÌܤÎÀ©¸Â¤Ï¶¯¤¤À©¸Â(hard_limit)¤Ç¤¢¤ë; xinetd ¤Ï±Æ¶Á¤¬¤¢¤ë¥µ¡¼¥Ó¥¹ (¥í¥°¥Õ¥¡¥¤¥ë¤È¤·¤Æ¶¦ÄÌ¤Î¥í¥°¥Õ¥¡¥¤¥ë¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï¡¢ Æó¤Ä°Ê¾å¤Î¥µ¡¼¥Ó¥¹¤¬±Æ¶Á¼õ¤±¤ë) ¤Î¥í¥°½ÐÎϤòÃæ»ß¤·¡¢¤½¤ÎÍͤˤ·¤¿¤È¤¤¤¦¥á¥Ã¥»¡¼¥¸¤ò¥í¥°½ÐÎϤ¹¤ë (xinetd ¤¬ syslog ¤Ë½ÐÎϤ¹¤ë¾ì¹ç¤Ï¡¢¥á¥Ã¥»¡¼¥¸¤ÏÍ¥ÀèÅÙ¥ì¥Ù¥ë alert ¤ÇÁ÷¤é¤ì¤ë)¡£ ¶¯¤¤À©¸Â¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ï¼å¤¤À©¸Â¤ò 1% Áý¤ä¤·¤¿ÃͤǤ¢¤ë¡£ ¤¿¤À¤·¡¢Áý¤ä¤¹¥µ¥¤¥º¤Ï¥Ñ¥é¥á¡¼¥¿ LOG_EXTRA_MIN ¤È LOG_EXTRA_MAX (¥Ç¥Õ¥©¥ë¥È¤Ï 5K ¤È 20K ¤Ç¡¢ ¤³¤ì¤é¤ÎÄê¿ô¤Ï(¥³¥ó¥Ñ¥¤¥ë»þ¤Ë) config.h ¤ÇÄêµÁ¤µ¤ì¤ë) ¤Î´Ö¤Ë¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
log_on_success
¥µ¡¼¥Ðµ¯Æ°»þ¤È½ªÎ»»þ¤Ë¤É¤Î¾ðÊó¤ò¥í¥°½ÐÎϤ¹¤ë¤«¤ò»ØÄꤹ¤ë (¥µ¡¼¥Ó¥¹ id ¤Ï¥í¥°¥¨¥ó¥È¥ê¤Ëɬ¤º´Þ¤Þ¤ì¤ë)¡£ °Ê²¼¤ÎÃͤÎǤ°Õ¤ÎÁȹ礻¤¬»ØÄê²Äǽ¤Ç¤¢¤ë:
PID
¥µ¡¼¥Ð¤Î¥×¥í¥»¥¹ID¤ò½ÐÎϤ¹¤ë (¥µ¡¼¥Ó¥¹¤¬ xinetd ¤Ë¤è¤Ã¤Æ¼ÂÁõ¤µ¤ì¡¢ ¾¤Î¥×¥í¥»¥¹¤Ø¤È¥Õ¥©¡¼¥¯¤µ¤ì¤Ê¤¤¾ì¹ç¤Ë¤Ï¡¢¥×¥í¥»¥¹ ID ¤È¤·¤Æ 0 ¤¬½ÐÎϤµ¤ì¤ë)
HOST
¥ê¥â¡¼¥È¥Û¥¹¥È¤Î¥¢¥É¥ì¥¹¤ò½ÐÎϤ¹¤ë
USERID
RFC 1413 ¤Ç¼¨¤µ¤ì¤ë ident(identification) ¥×¥í¥È¥³¥ë¤ò»È¤Ã¤Æ¡¢ ¥ê¥â¡¼¥È¥æ¡¼¥¶¤Î¥æ¡¼¥¶ ID ¤ò½ÐÎϤ¹¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¥Þ¥ë¥Á¥¹¥ì¥Ã¥É¤Ê¥¹¥È¥ê¡¼¥à¥µ¡¼¥Ó¥¹¤Ë¤Î¤ß»ÈÍѤǤ­¤ë¡£
EXIT
¥µ¡¼¥Ð¤¬½ªÎ»¤·¤¿¤³¤È¤ò¡¢½ªÎ»¥¹¥Æ¡¼¥¿¥¹¤Þ¤¿¤Ï½ªÎ»¥·¥°¥Ê¥ë¤È¶¦¤Ë½ÐÎϤ¹¤ë (PID ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï¥×¥í¥»¥¹ID¤â½ÐÎϤµ¤ì¤ë)
DURATION
¥µ¡¼¥Ó¥¹¥»¥Ã¥·¥ç¥ó¤Î»þ´Ö¤ò½ÐÎϤ¹¤ë
log_on_failure
¥µ¡¼¥Ð¤¬µ¯Æ°¤Ç¤­¤Ê¤«¤Ã¤¿¾ì¹ç (¥ê¥½¡¼¥¹¤¬Â­¤ê¤Ê¤«¤Ã¤¿¾ì¹ç¤È¡¢¥¢¥¯¥»¥¹À©¸æ¤Ë¤è¤ëÀ©¸Â¤Ë¤è¤ë¾ì¹ç¤Î¤É¤Á¤é¤Ç¤â) ¤Ë¤É¤Î¾ðÊó¤ò¥í¥°½ÐÎϤ¹¤ë¤«¤ò»ØÄꤹ¤ë¡£ ¥µ¡¼¥Ó¥¹¤Îid¤Ï¼ºÇÔ¤·¤¿Íýͳ¤È¶¦¤Ë¾ï¤Ë¥í¥°¥¨¥ó¥È¥ê¤Ë´Þ¤Þ¤ì¤ë¡£ °Ê²¼¤ÎÃͤÎǤ°Õ¤ÎÁȹ礻¤¬»ØÄê²Äǽ¤Ç¤¢¤ë:
HOST
¥ê¥â¡¼¥È¥Û¥¹¥È¤Î¥¢¥É¥ì¥¹¤ò½ÐÎϤ¹¤ë
USERID
RFC 1413 ¤Ç¼¨¤µ¤ì¤ëident ¥×¥í¥È¥³¥ë¤ò»È¤Ã¤Æ¡¢ ¥ê¥â¡¼¥È¥æ¡¼¥¶¤Î¥æ¡¼¥¶ ID ¤ò½ÐÎϤ¹¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¥Þ¥ë¥Á¥¹¥ì¥Ã¥É¤Ê¥¹¥È¥ê¡¼¥à¥µ¡¼¥Ó¥¹¤Ë¤Î¤ß»ÈÍѤǤ­¤ë¡£
ATTEMPT
¼ºÇÔ¤¬¤¢¤Ã¤¿¤³¤È¤ò½ÐÎϤ¹¤ë (¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¾¤Î¤¹¤Ù¤Æ¤Î¥ª¥×¥·¥ç¥ó¤Ë´Þ¤Þ¤ì¤ë)¡£
rpc_version
RPC ¥µ¡¼¥Ó¥¹¤Î RPC ¥Ð¡¼¥¸¥ç¥ó¤ò»ØÄꤹ¤ë¡£ ¥Ð¡¼¥¸¥ç¥ó¤Ë¤Ï°ì¤Ä¤Î¿ô¤«¡¢number-number ·Á¼°¤ÎÈϰϤò»ØÄê¤Ç¤­¤ë¡£
rpc_number
¥ê¥¹¥È¤Ë¤Ê¤¤(UNLISTED) RPC¥µ¡¼¥Ó¥¹¤ÎÈÖ¹æ¤ò»ØÄꤹ¤ë (¥µ¡¼¥Ó¥¹¤¬É¸½àŪ¤Ê¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë¤Ë¥ê¥¹¥È¤µ¤ì¤Æ¤¤¤ë¤Ê¤é¡¢ ¤³¤Î°À­¤Ï̵»ë¤µ¤ì¤ë)¡£
env
¤³¤Î°À­¤ÎÃÍ¤Ï 'name=value' ·Á¼°¤Îʸ»úÎó¤Î¥ê¥¹¥È¤Ç¤¢¤ë¡£ ¤³¤ì¤é¤Îʸ»úÎó¤Ï¥µ¡¼¥Ð¤¬µ¯Æ°¤¹¤ëÁ°¤Ë¡¢´Ä¶­¤Ë²Ã¤¨¤é¤ì¤ë (¤¹¤Ê¤ï¤Á¡¢ ¥µ¡¼¥Ð¤Î´Ä¶­¤Ï xinetd ¤Î´Ä¶­¤Ë»ØÄꤵ¤ì¤¿Ê¸»úÎó¤ò²Ã¤¨¤¿¤â¤Î¤Ç¤¢¤ë)¡£
passenv
¤³¤Î°À­¤ÎÃÍ¤Ï xinetd ¤Î´Ä¶­ÊÑ¿ô¤Î¥ê¥¹¥È¤Ç¡¢ ¤½¤Î´Ä¶­¤¬¥µ¡¼¥Ð¤Ø¤ÈÅϤµ¤ì¤ë¡£ ¶õ¤Î¥ê¥¹¥È¤Ï¡¢ env °À­¤ò»È¤Ã¤ÆÌÀ¼¨Åª¤Ë»ØÄꤵ¤ì¤¿¤â¤Î¤ò½ü¤¤¤Æ¡¢ ¤É¤ÎÊÑ¿ô¤â¥µ¡¼¥Ð¤Ø¤ÈÅϤµ¤ì¤Ê¤¤¤³¤È¤ò°ÕÌ£¤¹¤ë (¤³¤Î°À­¤È env ¤ÎÁȹ礻¤Ë¤è¤Ã¤Æ¡¢ ¥µ¡¼¥Ð¤Ë¤É¤Î´Ä¶­¤¬ÅϤµ¤ì¤ë¤«¤òÀµ³Î¤Ë»ØÄê¤Ç¤­¤ë¤È¤¤¤¦¤³¤È¤Ç¤¢¤ë)
port
¥µ¡¼¥Ó¥¹¤Î¥Ý¡¼¥È¤ò»ØÄꤹ¤ë¡£ /etc/services ¥Õ¥¡¥¤¥ë¤Ë¥ê¥¹¥È¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ó¥¹¤ËÂФ·¤Æ¤³¤Î°À­¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¡¢ ¤½¤ÎÃͤȥե¡¥¤¥ë¤Ë¤¢¤ë¥Ý¡¼¥ÈÈÖ¹æ¤È¤ÏÅù¤·¤¯¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
redirect
TCP ¥µ¡¼¥Ó¥¹¤Î¾¥Û¥¹¥È¤Ø¤ÎžÁ÷¤ò»ØÄꤹ¤ë¡£ ¤³¤Î¥Ý¡¼¥È¤Ø¤ÎÀܳ¤ò xinetd ¤¬¼õ¤±¼è¤Ã¤¿¤é¡¢¥×¥í¥»¥¹¤òµ¯Æ°¤·¡¢ »ØÄꤵ¤ì¤¿¥Û¥¹¥È¤Î¥Ý¡¼¥ÈÈÖ¹æ¤Ø¤ÎÀܳ¤ò³ÎΩ¤·¡¢ Æó¤Ä¤Î¥Û¥¹¥È¤Î´Ö¤Ç¤¹¤Ù¤Æ¤Î¥Ç¡¼¥¿¤òžÁ÷¤¹¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢ÆâÉô¥Þ¥·¥ó¤¬³°³¦¤«¤é¸«¤¨¤Ê¤¤¾ì¹ç¤ËÍ­ÍѤǤ¢¤ë¡£ ½ñ¼°¤Ï redirect = (IP¥¢¥É¥ì¥¹) (¥Ý¡¼¥È) ¤Ç¤¢¤ë¡£ IP ¥¢¥É¥ì¥¹¤ÎÂå¤ï¤ê¤Ë¥Û¥¹¥È̾¤ò»È¤¦¤³¤È¤â¤Ç¤­¤ë¡£ ¥Û¥¹¥È̾¸¡º÷¤Ï xinetd ¤¬µ¯Æ°¤·¤¿»þ¤Î°ì²ó¤Î¤ß¹Ô¤ï¤ì¡¢ ºÇ½é¤ËÊÖ¤µ¤ì¤¿ IP ¥¢¥É¥ì¥¹¤¬ xinetd ¤¬ºÆµ¯Æ°¤µ¤ì¤ë¤Þ¤Ç»È¤ï¤ì¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¤Ë¤Ï "server" °À­¤ÏɬÍפǤϤʤ¤¡£ "server" °À­¤¬»ØÄꤵ¤ì¤Æ¤â¡¢¤³¤Á¤é¤Î°À­¤ÎÊý¤¬Í¥À褵¤ì¤ë¡£
bind
¥Þ¥·¥ó¤ÎÆÃÄê¤Î¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Ë¥µ¡¼¥Ó¥¹¤ò³ä¤êÅö¤Æ¤ë¤³¤È¤ò»ØÄꤹ¤ë¡£ ¤³¤ì¤Ï¡¢°ÂÁ´¤Ê¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Ç¤¢¤ë¥í¡¼¥«¥ë¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ÇÂÔ¤Á(listen)¡¢ ³°Éô¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Ç¤Ï¤½¤¦¤·¤Ê¤¤¤è¤¦¤Ê telnet ¥µ¡¼¥Ð¤¬ ºîÀ®¤Ç¤­¤ë¤³¤È¤ò°ÕÌ£¤¹¤ë¡£ ¤Þ¤¿¡¢¤¢¤ë¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Î¤¢¤ë¥Ý¡¼¥È¤Ç²¿¤«¤·¤Æ¤¤¤ë¾ì¹ç¤Ë¡¢ Ʊ»þ¤Ë°ã¤¦¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ÎƱ¤¸¥Ý¡¼¥È¤ÇÁ´¤¯°ã¤Ã¤¿¤³¤È¤¬¤Ç¤­¤ë¡£ ½ñ¼°¤Ï bind = (¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Î IP ¥¢¥É¥ì¥¹) ¤Ç¤¢¤ë¡£
interface
bind ¤ËƱ¤¸¡£
banner
¥µ¡¼¥Ó¥¹¤Ø¤ÎÀܳ¤¬³ÎΩ¤µ¤ì¤¿»þ¤Ë¡¢ ¥ê¥â¡¼¥È¥Û¥¹¥È¤Çɽ¼¨¤µ¤ì¤ë¥Õ¥¡¥¤¥ë¤Î̾Á°¤ò»ØÄꤹ¤ë¡£ ¤³¤Î¥Ð¥Ê¡¼¤Ï¥¢¥¯¥»¥¹À©¸æ¤Ë´Ø·¸¤Ê¤¯É½¼¨¤µ¤ì¤ë¡£ Àܳ¤¬¤Ê¤µ¤ì¤¿¾ì¹ç¤Ë¤Ï *¤¤¤Ä¤Ç¤â* ¤³¤ì¤¬É½¼¨¤µ¤ì¤ë¤Ï¤º¤Ç¤¢¤ë¡£
banner_success
¥µ¡¼¥Ó¥¹¤Ø¤ÎÀܳ¤¬µö²Ä¤µ¤ì¤¿»þ¤Ë¡¢ ¥ê¥â¡¼¥È¥Û¥¹¥È¤Çɽ¼¨¤µ¤ì¤ë¥Õ¥¡¥¤¥ë¤Î̾Á°¤ò»ØÄꤹ¤ë¡£ ¤³¤Î¥Ð¥Ê¡¼¤Ï¥µ¡¼¥Ó¥¹¤Ø¤Î¥¢¥¯¥»¥¹¤¬µö²Ä¤µ¤ì¤ë¤È¤¹¤°¤Ëɽ¼¨¤µ¤ì¤ë¡£
banner_fail
¥µ¡¼¥Ó¥¹¤Ø¤ÎÀܳ¤¬µñÈݤµ¤ì¤¿»þ¤Ë¡¢ ¥ê¥â¡¼¥È¥Û¥¹¥È¤Çɽ¼¨¤µ¤ì¤ë¥Õ¥¡¥¤¥ë¤Î̾Á°¤ò»ØÄꤹ¤ë¡£ ¤³¤Î¥Ð¥Ê¡¼¤Ï¥¢¥¯¥»¥¹¤¬µñÈݤµ¤ì¤ë¤È¤¹¤°¤Ëɽ¼¨¤µ¤ì¤ë¡£ ¥æ¡¼¥¶¤ËÂФ·¡¢¤½¤Î¥æ¡¼¥¶¤¬²¿¤«°­¤¤¤³¤È¤ò¤·¤¿¤È¤¤¤¦¤³¤È¡¢ ¤½¤·¤Æ¤³¤ì°Ê¾å²¿¤â¤¹¤ë¤Ê¤È¤¤¤¦¤³¤È¤òÄÌÃΤ¹¤ë¤Î¤ËÍ­ÍѤǤ¢¤ë¡£
per_source
ȯ¿®¸µ IP ¥¢¥É¥ì¥¹¤´¤È¤Î¡¢¤½¤Î¥µ¡¼¥Ó¥¹¤ËÂФ¹¤ëºÇÂ祵¡¼¥Ó¥¹¿ô¤ò»ØÄꤹ¤ë¡£ °ú¤­¿ô¤Ë¤Ï°ì¤Ä¤ÎÀ°¿ô¤« "UNLIMITED"(̵À©¸Â) ¤ò¤È¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¥»¥¯¥·¥ç¥ó(¸å½Ò)¤Ç»ØÄꤹ¤ë¤³¤È¤â²Äǽ¤Ç¤¢¤ë¡£
cps
Æþ¤Ã¤Æ¤¯¤ëÀܳ¤Î³ä¹ç¤ÎÀ©¸Â¡£ Æó¤Ä¤Î°ú¤­¿ô¤ò¼è¤ë¡£ ºÇ½é¤Î°ú¤­¿ô¤Ï 1 É䢤¿¤ê¤Ë½èÍý¤¹¤ëÀܳ¿ô¤Ç¤¢¤ë¡£ Æþ¤Ã¤Æ¤¯¤ëÀܳ¤Î³ä¹ç¤¬¤³¤ÎÃͤè¤êÂ礭¤¯¤Ê¤ë¤È¡¢ ¥µ¡¼¥Ó¥¹¤Ï°ì»þŪ¤Ë»ÈÍÑÉԲĤˤʤ롣 Æó¤ÄÌܤΰú¤­¿ô¤Ï¡¢»ÈÍÑÉԲĤˤʤäƤ«¤éºÆ¤Ó»ÈÍѲÄǽ¤Ë¤Ê¤ë¤Þ¤Ç¤ËÂÔ¤ÄÉÿô¤Ç¤¢¤ë¡£ ¤³¤ÎÀßÄê¤Î¥Ç¥Õ¥©¥ë¥È¤Ï¡¢50 ¤ÎÆþ¤Ã¤Æ¤¯¤ëÀܳ¤È¡¢ÂÔ¤Ä¤Î¤Ï 10 ÉäǤ¢¤ë¡£
max_load
¥µ¡¼¥Ó¥¹¤¬Àܳ¤Î¼õ¤±ÉÕ¤±¤òÄä»ß¤¹¤ë¤è¤¦¤Ë¤Ê¤ëÉé²Ù(load)Ãͤò¡¢ ÉâÆ°¾®¿ôÅÀ¿ô¤Ç»ØÄꤹ¤ë¡£ Î㤨¤Ð¡¢2 ¤ä 2.5 ¤Ç¤¢¤ë¡£ Éé²Ù¤¬¤³¤ÎÃͤˤʤë¤È¡¢¥µ¡¼¥Ó¥¹¤ÏÀܳ¤Î¼õ¤±ÉÕ¤±¤òÄä»ß¤¹¤ë¡£ ¤³¤ì¤Ï 1 ʬ´Ö¤ÎÊ¿¶ÑÉé²ÙÃÍ(load average)¤Ç¤¢¤ë¡£ ¤³¤ì¤Ï OS ¤Ë°Í¸¤·¤¿µ¡Ç½¤Ç¡¢Linux ¤È Solaris ¤Ç¤À¤±¥µ¥Ý¡¼¥È¤µ¤ì¤ë¡£
groups
"yes" ¤Þ¤¿¤Ï "no" ¤ò°ú¤­¿ô¤Ë¤È¤ë¡£ groups °À­¤¬ "yes" ¤Î¾ì¹ç¡¢¥µ¡¼¥Ð¤Î¼Â¸ú UID ¤Ç¥¢¥¯¥»¥¹¤Ç¤­¤ë ¥°¥ë¡¼¥×¤Ë¥¢¥¯¥»¥¹¤Ç¤­¤ë¤è¤¦¤Ë¥µ¡¼¥Ð¤¬¼Â¹Ô¤µ¤ì¤ë¡£ groups °À­¤¬ "no" ¤Î¾ì¹ç¡¢¥µ¡¼¥Ð¤Ï¾¤Î¥°¥ë¡¼¥×¤Ê¤·¤Ç¼Â¹Ô¤µ¤ì¤ë¡£ ¿¤¯¤Î BSD ¥·¥¹¥Æ¥à¤Ç¤Ï¡¢¤³¤Î°À­¤Ï "yes" ¤Ë¤µ¤ì¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¥»¥¯¥·¥ç¥ó¤Ç»ØÄꤹ¤ë¤³¤È¤â²Äǽ¤Ç¤¢¤ë¡£
umask
¥µ¡¼¥Ó¥¹¤¬·Ñ¾µ¤¹¤ë umask ¤ò»ØÄꤹ¤ë¡£ 8¿Ê¿ô¤Ç»ØÄꤹ¤ë¡£ Á´¤Æ¤Î¥µ¡¼¥Ó¥¹¤Î umask ¤òÀßÄꤹ¤ë¤¿¤á¤Ë¡¢"defaults" ¥»¥¯¥·¥ç¥ó¤Ç »ØÄꤹ¤ë¤³¤È¤â²Äǽ¤Ç¤¢¤ë¡£ xinetd ¤Ï¼«Ê¬¼«¿È¤Î umask ¤ò¡¢·Ñ¾µ¤·¤¿ umask ¤È 022 ¤È¤Î OR ¤ËÀßÄꤹ¤ë¡£ umask ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Ê¤±¤ì¤Ð¡¢¤³¤Î xinetd ¤Î umask Ãͤ¬Á´¤Æ¤Î »Ò¥×¥í¥»¥¹¤Ë·Ñ¾µ¤µ¤ì¤ë¡£
enabled
Í­¸ú¤Ë¤¹¤ë¥µ¡¼¥Ó¥¹Ì¾¤Î¥ê¥¹¥È¤ò»ØÄꤹ¤ë¡£ ¤³¤Î°À­¤Î°ú¿ô¤È¤·¤Æ¥ê¥¹¥È¤µ¤ì¤¿¥µ¡¼¥Ó¥¹¤À¤±¤¬Í­¸ú¤Ë¤Ê¤ë¡£ ¤¹¤Ê¤ï¤Á¡¢»Ä¤ê¤Î¥µ¡¼¥Ó¥¹¤Ï̵¸ú¤Ë¤Ê¤ë¡£ "disable" °À­¤È "DISABLE" ¥Õ¥é¥°¤Ï¡¢¤³¤Î°À­¤Ç¥ê¥¹¥È¤µ¤ì¤¿¤«¤Ë´Ø·¸¤Ê¤¯ ¥µ¡¼¥Ó¥¹¤¬Í­¸ú¤Ë¤Ê¤ë¤Î¤òËɤ°¤³¤È¤¬¤Ç¤­¤ë¤³¤È¤ËÃíÌܤ»¤è¡£
include
"include /etc/xinetd/service" ¤È¤¤¤¦·Á¼°¤Ç¡¢¥Õ¥¡¥¤¥ë̾¤ò»ØÄꤹ¤ë¡£ ¤½¤Î¥Õ¥¡¥¤¥ë¤Ï¿·¤¿¤ÊÀßÄê¥Õ¥¡¥¤¥ë¤È¤·¤Æ²òÀÏ(parse)¤µ¤ì¤ë¡£ xinetd.conf ¤Î include ¤¬»ØÄꤵ¤ì¤¿¾ì½ê¤Ë¥Õ¥¡¥¤¥ë¤òŽ¤êÉÕ¤±¤ë¤Î¤È¤Ï¡¢ Ʊ¤¸¤Ç¤Ï¤Ê¤¤¡£ ¼è¤ê¹þ¤Þ¤ì¤¿¥Õ¥¡¥¤¥ë¤Ï xinetd.conf ¤ÈƱ¤¸·Á¼°¤Ç¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¥µ¡¼¥Ó¥¹ÄêµÁ¤ÎÆâÉô¤Ç¤³¤Î°À­¤ò»ØÄꤷ¤Æ¤Ï¤¤¤±¤Ê¤¤¡£ ¥µ¡¼¥Ó¥¹ÄêµÁ¤Î³°Â¦¤Ç»ØÄꤵ¤ì¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
includedir
"includedir /etc/xinetd.d" ¤È¤¤¤¦·Á¼°¤Ç¥Ç¥£¥ì¥¯¥È¥ê̾¤ò»ØÄꤹ¤ë¡£ ¤½¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Î¤¹¤Ù¤Æ¤Î¥Õ¥¡¥¤¥ë(¤¿¤À¤·Ì¾Á°¤Ë¥É¥Ã¥È('.')¤ò´Þ¤à¥Õ¥¡¥¤¥ë¤È¡¢ ̾Á°¤¬¥Á¥ë¥À('~')¤Ç½ª¤ï¤ë¥Õ¥¡¥¤¥ë°Ê³°) ¤Ï xinetd ÀßÄê¥Õ¥¡¥¤¥ë¤È¤·¤Æ²òÀϤµ¤ì¤ë¡£ ¥Õ¥¡¥¤¥ë¤Ï C ¥í¥±¡¼¥ë¤Ç¤Î¥¢¥ë¥Õ¥¡¥Ù¥Ã¥È½ç¤Ç²òÀϤµ¤ì¤ë¡£ includedir ¤Ï¥µ¡¼¥Ó¥¹ÄêµÁ¤ÎÆâÉô¤Ç»ØÄꤵ¤ì¤Æ¤Ï¤Ê¤é¤Ê¤¤¡£
rlimit_as
¥µ¡¼¥Ó¥¹¤Î¡¢¥¢¥É¥ì¥¹¶õ´Ö»ñ¸»¤ÎÀ©¸Â¤òÀßÄꤹ¤ë¡£ ¥Ñ¥é¥á¡¼¥¿¤¬°ì¤ÄɬÍפǡ¢À©¸Â¤¹¤ë¥Ð¥¤¥È¿ô (¥­¥í¥Ð¥¤¥È¡¦¥á¥¬¥Ð¥¤¥È¤ò»ØÄꤹ¤ë¤Î¤Ë K, M ¤¬»È¤¨¤ë)¤òɽ¤¹Àµ¤ÎÀ°¿ô¤«¡¢ "UNLIMITED" (̵À©¸Â)¤ò»ØÄꤹ¤ë¡£ Linux ¤Î libc ¤Î malloc ¤Î¼ÂÁõÊýË¡¤Î´Ø·¸¤Ç¡¢ rlimit_data, rlimit_rss, rlimit_stack ¤è¤ê¤â¤³¤ÎÀ©¸Â¤òÀßÄꤹ¤ëÊý¤¬Í­ÍѤǤ¢¤ë¡£ ¤³¤Î»ñ¸»À©¸Â¤Ï Linux ¥·¥¹¥Æ¥à¤Ç¤Î¤ß¼ÂÁõ¤µ¤ì¤Æ¤¤¤ë¡£
rlimit_cpu
¥µ¡¼¥Ó¥¹¤¬»È¤¨¤ëºÇÂç CPU »þ´Ö(ÉÃñ°Ì)¤òÀßÄꤹ¤ë¡£ ¥Ñ¥é¥á¡¼¥¿¤¬°ì¤ÄɬÍפǡ¢CPU »þ´Ö¤òÀ©¸Â¤¹¤ëÀµ¤ÎÀ°¿ô¤«¡¢ "UNLIMITED" (̵À©¸Â)¤ò»ØÄꤹ¤ë¡£
rlimit_data
¥µ¡¼¥Ó¥¹¤ÎºÇÂç¥Ç¡¼¥¿¥µ¥¤¥º¤ÎÀ©¸Â¤òÀßÄꤹ¤ë¡£ ¥Ñ¥é¥á¡¼¥¿¤¬°ì¤ÄɬÍפǡ¢¥Ð¥¤¥È¿ô¤òɽ¤¹Àµ¤ÎÀ°¿ô¤«¡¢ "UNLIMITED" (̵À©¸Â)¤ò»ØÄꤹ¤ë¡£
rlimit_rss
¥µ¡¼¥Ó¥¹¤ÎºÇÂç¾ïÃó¥µ¥¤¥º¤ÎÀ©¸Â¤òÀßÄꤹ¤ë¡£ ¤³¤ÎÃͤò¾®¤µ¤¯¤¹¤ì¤Ð¡¢¥á¥â¥ê¤¬¾¯¤Ê¤¤»þ¤Ë ¥×¥í¥»¥¹¤¬¥Ç¥£¥¹¥¯¤Ø¤È¥¹¥ï¥Ã¥×¥¢¥¦¥È¤µ¤ì¤ë¸õÊä¤Ë¤Ê¤ê¤ä¤¹¤¯¤Ê¤ë¡£ ¥Ñ¥é¥á¡¼¥¿¤¬°ì¤ÄɬÍפǡ¢¥Ð¥¤¥È¿ô¤òɽ¤¹Àµ¤ÎÀ°¿ô¤«¡¢ "UNLIMITED" (̵À©¸Â)¤ò»ØÄꤹ¤ë¡£
rlimit_stack
¥µ¡¼¥Ó¥¹¤ÎºÇÂ祹¥¿¥Ã¥¯¥µ¥¤¥º¤òÀßÄꤹ¤ë¡£ ¥Ñ¥é¥á¡¼¥¿¤¬°ì¤ÄɬÍפǡ¢¥Ð¥¤¥È¿ô¤òɽ¤¹Àµ¤ÎÀ°¿ô¤«¡¢ "UNLIMITED" (̵À©¸Â)¤ò»ØÄꤹ¤ë¡£
deny_time
SENSOR ¤òºîÆ°¤µ¤»¤¿²¿¼Ô¤«¤Î IP ¥¢¥É¥ì¥¹¤«¤é¤Î¡¢Á´¤Æ¤Î¥µ¡¼¥Ó¥¹¤Ø¤Î¥¢¥¯¥»¥¹¤ò µñÈݤ¹¤ë´ü´Ö¡£Ã±°Ì¤Ïʬ¡£ »ØÄê²Äǽ¤Ê¥ª¥×¥·¥ç¥ó¤Ï FOREVER, NEVER ¤½¤·¤Æ¿ôÃͤǤ¢¤ë¡£ FOREVER ¤Ç¤Ï¡¢xinetd ¤¬ºÆµ¯Æ°¤µ¤ì¤ë¤Þ¤Ç¤½¤Î IP ¥¢¥É¥ì¥¹¤Ï¾Ãµî¤µ¤ì¤Ê¤¤¡£ NEVER ¤ÏÌÂÏÇ¤Ê IP ¥¢¥É¥ì¥¹¤ò¥í¥°¤Ë¼è¤ë¸ú²Ì¤À¤±¤Ç¤¢¤ë¡£ ŵ·¿Åª¤ÊÃÍ¤Ï 60 ʬ¤Ç¤¢¤ë¡£ ¤³¤ì¤Ê¤é¡¢ÀµÅö¤ÊÌÜŪ¤Ç¤½¤Î IP ¥¢¥É¥ì¥¹¤¬ºÆÍøÍѤµ¤ì¤ë¤Î¤òµö²Ä¤¹¤ë°ìÊý¤Ç¡¢ Ëؤó¤É¤Î DoS ¹¶·â¤òËɤ°¤³¤È¤¬¤Ç¤­¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï SENSOR ¥Õ¥é¥°¤È¤ÎÁȹç¤ï¤»¤ÇÍѤ¤¤ë¤³¤È¡£

¤½¤ì¤¾¤ì¤Î¥µ¡¼¥Ó¥¹¤Ç°Ê¾å¤Î°À­¤ò¤¹¤Ù¤Æ»ØÄꤹ¤ëɬÍפϤʤ¤¡£ ɬÍפÊ°À­¤Ï°Ê²¼¤ÎÄ̤ê:

socket_type
user
(ÈóÆâÉô¥µ¡¼¥Ó¥¹¤Î¤ß)
server
(ÈóÆâÉô¥µ¡¼¥Ó¥¹¤Î¤ß)
wait
protocol
(RPC ¤È ¥ê¥¹¥È¤Ë¤Ê¤¤(UNLISTED)¥µ¡¼¥Ó¥¹¤Î¤ß)
rpc_version
(RPC ¥µ¡¼¥Ó¥¹¤Î¤ß)
rpc_number
(¥ê¥¹¥È¤Ë¤Ê¤¤ RPC ¥µ¡¼¥Ó¥¹¤Î¤ß)
port
(¥ê¥¹¥È¤Ë¤Ê¤¤Èó RPC ¥µ¡¼¥Ó¥¹¤Î¤ß)

°Ê²¼¤Î°À­¤Ï¤¹¤Ù¤Æ¤ÎÂåÆþ±é»»»Ò¤ò¥µ¥Ý¡¼¥È¤¹¤ë:

only_from
no_access
log_on_success
log_on_failure
passenv
env
('-=' ±é»»»Ò¤Ï¥µ¥Ý¡¼¥È¤·¤Ê¤¤)

¤³¤ì¤é¤Î°À­¤Ï°ì¤Ä¤Î¥µ¡¼¥Ó¥¹¥¨¥ó¥È¥ê¤ÇÊ£¿ô²ó¤¢¤é¤ï¤ì¤Æ¤â¤è¤¤¡£ »Ä¤ê¤Î°À­¤Ï '=' ±é»»»Ò¤Î¤ß¤ò¥µ¥Ý¡¼¥È¤·¡¢°ì¤Ä¤Î¥µ¡¼¥Ó¥¹¥¨¥ó¥È¥ê¤Ç°ì²ó°Ê²¼¤·¤«¸½¤ì¤Ê¤¤¡£

¤Þ¤¿¡¢ÀßÄê¥Õ¥¡¥¤¥ë¤Ï°Ê²¼¤Î·Á¼°¤Î¥Ç¥Õ¥©¥ë¥È¥¨¥ó¥È¥ê¤ò°ì¤Ä»ý¤Ä¡£


defaults

{
<°À­> = <ÃÍ> <ÃÍ> ... ...


}

¤³¤Î¥¨¥ó¥È¥ê¤Ï¡¢¤½¤Î¥µ¡¼¥Ó¥¹¤Ç°À­Ãͤ¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¤Î¡¢ ¥Ç¥Õ¥©¥ë¥È¤Î°À­Ãͤò·èÄꤹ¤ë¡£»ØÄê²Äǽ¤Ê¥Ç¥Õ¥©¥ë¥È¤Î°À­¤Ï:

log_type
bind
per_source
umask
log_on_success
(ÀÑ»»¸ú²Ì)
log_on_failure
(ÀÑ»»¸ú²Ì)
only_from
(ÀÑ»»¸ú²Ì)
no_access
(ÀÑ»»¸ú²Ì)
passenv
(ÀÑ»»¸ú²Ì)
instances
disabled
(ÀÑ»»¸ú²Ì)
enabled
(ÀÑ»»¸ú²Ì)

ÀÑ»»¸ú²Ì¤ò»ý¤Ä°À­¤Ï¡¢Ê£¿ô²ó»ØÄꤹ¤ë¤³¤È¤¬¤Ç¤­¡¢¤½¤ÎÅÙ¤ËÀѤ߾夲¤é¤ì¤ë (¤¹¤Ê¤ï¤Á '=' ¤Ï '+=' ¤ÈƱ¤¸¤³¤È¤ò¤¹¤ë)¡£ disabled ¤ÎÎã³°¤ò½ü¤¤¤Æ¡¢¥µ¡¼¥Ó¥¹¥¨¥ó¥È¥ê¤Ç»ØÄꤵ¤ì¤¿¾ì¹ç¤ÈƱ¤¸°ÕÌ£¤ò»ý¤Ä¡£ disabled ¤Ï¡¢ÀßÄê¥Õ¥¡¥¤¥ë¤Ë¥¨¥ó¥È¥ê¤¬¤¢¤ë¤â¤Î¤Ç¤µ¤¨¤â»ÈÍÑÉԲĤˤ¹¤ë¡£ ¤³¤ì¤Ë¤è¤ê¡¢¥³¥á¥ó¥È¥¢¥¦¥È¤¹¤ëÂå¤ï¤ê¤Ë¡¢ disabled °À­¤ò»È¤Ã¤Æ»ÈÍÑÉԲĤˤ¹¤ë¥µ¡¼¥Ó¥¹¤ò¡¢ÁÇÁ᤯ºÆÀßÄê¤Ç¤­¤ë¡£ ¤³¤Î°À­¤ÎÃͤϡ¢¥¹¥Ú¡¼¥¹¤Ç¶èÀÚ¤é¤ì¤¿¡¢¥µ¡¼¥Ó¥¹ id ¤Î¥ê¥¹¥È¤Ç¤¢¤ë¡£ enabled ¤Ï disabled ¤ÈƱ¤¸ÆÃÀ­¤ò»ý¤Ä¡£°ã¤¤¤Ï enabled ¤Ï»ÈÍѲÄǽ¤Ë¤¹¤ë¥µ¡¼¥Ó¥¹¤Î¥ê¥¹¥È¤Ç¤¢¤ë¤È¤¤¤¦¤³¤È¤À¡£¤â¤· enabled ¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¡¢»ØÄꤵ¤ì¤¿¥µ¡¼¥Ó¥¹¤À¤±¤¬»ÈÍѲÄǽ¤Ë¤Ê¤ë¡£ enabled ¤¬»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¤¹¤Ù¤Æ¤Î¥µ¡¼¥Ó¥¹¤¬»ÈÍѲÄǽ¤È²¾Äꤵ¤ì¡¢ disabled ¤Ë¥ê¥¹¥È¤µ¤ì¤¿¤â¤Î¤¬½ü³°¤µ¤ì¤ë¡£

ÆâÉô¥µ¡¼¥Ó¥¹

xinetd ¤Ï°Ê²¼¤Î¥µ¡¼¥Ó¥¹¤òÆâÉôŪ¤ËÄ󶡤¹¤ë (¥¹¥È¥ê¡¼¥à·¿¡¢¥Ç¡¼¥¿¥°¥é¥à·¿¤ÎξÊý¤È¤â): echo, time, daytime, chargen, discard ¤Ç¤¢¤ë¡£ xinetd ¤¬Â¾¤Î¥×¥í¥»¥¹¤Ø¤È fork ¤¹¤ëɬÍפ¬¤Ê¤¤¤È¤¤¤¦¤³¤È¤ò½ü¤±¤Ð¡¢ ¤³¤ì¤é¤Î¥µ¡¼¥Ó¥¹¤Ï¡¢Â¾¤Î¥µ¡¼¥Ó¥¹¤ÈƱÍͤ˥¢¥¯¥»¥¹À©¸Â¤Î²¼¤Ë¤¢¤ë¡£ ¤³¤ì¤é (time, daytime ¤È¡¢¥Ç¡¼¥¿¥°¥é¥à·¿¤Î echo, chargen, discard) ¤Ï instances ¤Î¿ô¤ËÀ©¸Â¤¬¤Ê¤¤¡£

xinetd ¤Ï¤Þ¤¿¡¢Æó¤Ä¤Î UNLISTED ¤Ê¥¹¥È¥ê¡¼¥à·¿ÆâÉô¥µ¡¼¥Ó¥¹¤òÄ󶡤¹¤ë: servers ¤È services ¤Ç¤¢¤ë¡£ Á°¼Ô¤Ï¼Â¹Ô¤·¤Æ¤¤¤ë¥µ¡¼¥Ð¤Î¾ðÊó¤òɽ¼¨¤·¡¢ °ìÊý¸å¼Ô¤Ï¸½ºßÍ­¸ú¤Ê¥µ¡¼¥Ó¥¹¤Î¥ê¥¹¥È¤òÄ󶡤¹¤ë¡£ °ì¹Ô¤Ë°ì¤Ä¤Î¥µ¡¼¥Ó¥¹¤Ç¡¢ ³Æ¹Ô¤Ï¥µ¡¼¥Ó¥¹Ì¾¡¦¥×¥í¥È¥³¥ë(Î㤨¤Ð "tcp")¡¦¥Ý¡¼¥ÈÈֹ椫¤é¤Ê¤ë¡£

º£¤ä´ÉÍý¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤¬¤¢¤ê¡¢¤½¤ì¤ÏÆâÉô¥µ¡¼¥Ó¥¹¤Ç¤¢¤ë¡£ ¥µ¡¼¥Ó¥¹Ì¾ "xadmin" ¤ÏͽÌ󤵤ì¤Æ¤ª¤ê¡¢¤½¤ì¤Ï¾ï¤ËÆâÉô¥µ¡¼¥Ó¥¹¤Ç¤¢¤ë¡£ ¤³¤Î¥µ¡¼¥Ó¥¹¤Ë¤Ï¥Ý¡¼¥ÈÈÖ¹æ¤ò»ØÄꤷ¤Ê¤±¤ì¤Ð¤Ê¤é¤º¡¢ ¿ʬ IP ¥Ù¡¼¥¹¤Î¥¢¥¯¥»¥¹À©¸æ¤â¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤À¤í¤¦¡£ ¤Ê¤¼¤Ê¤é¤Ð¡¢¤³¤ì¤ò¼¹É®¤·¤Æ¤¤¤ë»þÅÀ¤Ç¤Ï¡¢ ¥Ñ¥¹¥ï¡¼¥ÉÊݸî¤ò²¿¤â»ý¤¿¤Ê¤¤¤«¤é¤Ç¤¢¤ë¡£ ¤³¤Î¥Ý¡¼¥È¤Ë telnet ¤·¡¢xinetd ¤Ë¤¤¤¯¤é¤«¤ÎÌ䤤¹ç¤ï¤»¤ò¤¹¤ë¤³¤È¤¬¤Ç¤­¤ë¡£

TCPMUX ¥µ¡¼¥Ó¥¹

xinetd ¤Ï RFC 1078 ¤Ë½àµò¤·¤¿ TCPMUX ¥µ¡¼¥Ó¥¹¤ò¥µ¥Ý¡¼¥È¤¹¤ë¡£ ¥µ¡¼¥Ó¥¹¤¬¤½¤ì¤ËÂбþ¤¹¤ë well-known ¥Ý¡¼¥È¤ò»ý¤¿¤Ê¤¯¤Æ¤â¡¢ well-known ¥Ý¡¼¥È¤Ç¤¢¤ë TCPMUX ¤òÄ̤¸¤Æ¥¢¥¯¥»¥¹¤¬¤Ç¤­¤ë¡£

TCPMUX ¤òÄ̤¸¤Æ¥¢¥¯¥»¥¹¤µ¤ì¤ë¥µ¡¼¥Ó¥¹¤Ï¡¢¤½¤ì¤¾¤ì /etc/xinetd.conf ¤Ë¥µ¡¼¥Ó¥¹¥¨¥ó¥È¥ê¡¼¤ò»ý¤Ä¤«¡¢¤â¤·¤¯¤Ï includedir ¥Ç¥£¥ì¥¯¥È¥ê¤ÎÀßÄê¥Õ¥¡¥¤¥ë¤Ë¥µ¡¼¥Ó¥¹¥¨¥ó¥È¥ê¤¬¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£

service_name ¥Õ¥£¡¼¥ë¥É(³Æ xinetd ¤ÎÀßÄê¥Õ¥¡¥¤¥ë¤Ç¡¢¥µ¡¼¥Ó¥¹¤ÎºÇ½é¤ÇÄêµÁ¤µ¤ì¤ë)¤Ï xinetd ¤Ë(RFC 1078 ¥×¥í¥È¥³¥ë¤Ë¤è¤Ã¤Æ)ÅϤµ¤ì¤ëʸ»úÎó¤ËÅù¤·¤¯¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¤½¤ì¤Ï¥ê¥â¡¼¥È¤Î¥µ¡¼¥Ó¥¹Í×µá¼Ô¤¬ºÇ½é¤Ë well-known ¥Ý¡¼¥È¤Ç¤¢¤ë TCPMUX ¤Ë ¥¢¥¯¥»¥¹¤·¤¿¤È¤­¤ËÅϤµ¤ì¤ë¡£ ¥×¥é¥¤¥Ù¡¼¥È¤Ê¥×¥í¥È¥³¥ë¤Ï¹â¤¤³ÎΨ¤Ç°ì°Õ¤Ë¤Ê¤ë¥µ¡¼¥Ó¥¹Ì¾¤ò»È¤¦¤Ù¤­¤À¡£ ¤Ò¤È¤Ä¤ÎÊýË¡¤Ï¡¢¥É¥á¥¤¥ó̾¤ÎÁ°¤Ë¥µ¡¼¥Ó¥¹Ì¾¤òÉղ乤뤳¤È¤Ç¤¢¤ë¡¢

type ¥Õ¥£¡¼¥ë¥É¤Ï TCPMUX ¤Þ¤¿¤Ï TCPMUXPLUS ¤Î¤É¤Á¤é¤«¤Ç¤¢¤ë¡£ TCPMUXPLUS ¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¡¢ xinetd ¤Ï¥µ¡¼¥Ó¥¹¤ò½é´ü²½¤¹¤ëÁ°¤Ë¥×¥í¥»¥¹¸Æ¤Ó½Ð¤·¤Æ¡¢ (RFC 1078 ¤ÇÄêµÁ¤µ¤ì¤ë)¥×¥í¥È¥³¥ë¤ÎºÇ½é¤Î¥Ï¥ó¥É¥·¥§¥¤¥¯¤ò½èÍý¤¹¤ë¡£ type ¤¬ TCPMUX ¤Î¾ì¹ç¤Ï¡¢¥Ï¥ó¥É¥·¥§¡¼¥¯¤ò¿ë¹Ô¤¹¤ë¤¿¤á¤Ë³«»Ï¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ð¤¬Âн褹¤ë¡£

¥µ¡¼¥Ó¥¹¤¬É¸½àŪ¤Ê¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë (RPC ¥µ¡¼¥Ó¥¹¤Ê¤é¡¢ /etc/rpc, RPC¥µ¡¼¥Ó¥¹¤Ç¤Ê¤¤¤Ê¤é /etc/services ¤Ê¤É) ¤Ë̵¤¤¾ì¹ç¤Ï¡¢ type ¤Ë¤Ï UNLISTED ¤â»ØÄꤹ¤ë¡£

¤³¤ì¤é¤Î¥µ¡¼¥Ó¥¹¤ËÂФ¹¤ë socket_type ¤Ï stream ¤Ç¤Ê¤±¤ì¤Ð¤Ê¤é¤º¡¢¤Þ¤¿ protocal ¤Ï tcp ¤Ç¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£

°Ê²¼¤Ï TCPMUX ¥µ¡¼¥Ó¥¹ÀßÄê¤Î¥µ¥ó¥×¥ë¤Ç¤¢¤ë¡£




service myorg_server

{
disable
= no
type
= TCPMUX
socket_type
= stream
protocol
= tcp
wait
= no
user
= root
server
= /usr/etc/my_server_exec


}

well-known ¥Ý¡¼¥È¤Î TCPMUX ¤òÄ̤¸¤Æ¥¢¥¯¥»¥¹¤µ¤ì¤ë³Æ¥µ¡¼¥Ó¥¹¤Î ¥µ¡¼¥Ó¥¹¥¨¥ó¥È¥ê¤Î¾¤Ë¡¢TCPMUX ¼«¿È¤Î¥µ¡¼¥Ó¥¹¥¨¥ó¥È¥ê¤â xinetd ¤ÎÀßÄê¤ÎÃæ¤Ë´Þ¤Þ¤ì¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ °Ê²¼¤Î¥µ¥ó¥×¥ë¤ò¸«¤è:




service tcpmux

{
type
= INTERNAL
id
= tcpmux
socket_type
= stream
protocol
= tcp
user
= root
wait
= no


}

Ãí°Õ

1.
°Ê²¼¤Î¥µ¡¼¥Ó¥¹Â°À­¤Ï¡¢ºÆÀßÄê¤ÇÊѹ¹¤¹¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¤: socket_type, wait, protocol, type ¤Ç¤¢¤ë¡£
2.
°À­ only_from ¤È no_access ¤¬(ľÀÜ¡¢defaults¤Î¤É¤Á¤é¤Ç¤â)»ØÄꤵ¤ì¤Ê¤«¤Ã¤¿¥µ¡¼¥Ó¥¹¤Ï¡¢ ¥¢¥É¥ì¥¹¤Î¾È¹ç¤ÏÀ®¸ù¤·¤¿¤â¤Î¤È¤·¤Æ°·¤ï¤ì¤ë (¤¹¤Ê¤ï¤Á¡¢¥¢¥¯¥»¥¹¤ÏµñÈݤµ¤ì¤Ê¤¤)¡£
3.
¥¢¥É¥ì¥¹¾È¹ç¤Ï¥ê¥â¡¼¥È¥Û¥¹¥È¤Î IP ¥¢¥É¥ì¥¹¤È¤ò´ð¤Ë¤·¤Æ¤ª¤ê¡¢ ¥É¥á¥¤¥ó¥¢¥É¥ì¥¹¤Ë¤Ï°Í¤é¤Ê¤¤¡£ Ť¤»þ´Ö¤¬¤«¤«¤ë¥ê¥â¡¼¥È¥Û¥¹¥È¤Î̾Á°¸¡º÷¤òÈò¤±¤é¤ì¤ë¤Î¤Ç¡¢¤½¤¦¤Ê¤Ã¤Æ¤¤¤ë (¤Ê¤¼¤Ê¤é¤Ð¡¢ xinetd ¤Ïñ°ì¥¹¥ì¥Ã¥É¤Ç¤¢¤ê¡¢ ̾Á°¸¡º÷¤Ï¥Ç¡¼¥â¥ó¤¬¤½¤Î¸¡º÷¤ò½ª¤¨¤ë¤Þ¤Ç¡¢ ¾¤ÎÁ´¤Æ¤ÎÍ×µá¤ò¼õ¤±ÉÕ¤±¤ë¤Î¤ò˸¤²¤ë¤«¤é¤Ç¤¢¤ë)¡£ ¤³¤ÎÏÈÁȤΰ­¤¤Ì̤ϡ¢¥ê¥â¡¼¥È¥Û¥¹¥È¤Î IP ¥¢¥É¥ì¥¹¤¬ÊѤï¤Ã¤Æ¤·¤Þ¤¦¤È xinetd ¤òºÆÀßÄꤹ¤ë¤Þ¤Ç¤Ï¡¢¥¢¥¯¥»¥¹¤¬µñÈݤµ¤ì¤Æ¤·¤Þ¤¦¤³¤È¤Ç¤¢¤ë¡£ ¥¢¥¯¥»¥¹¤¬¼ÂºÝ¤Ë¶¡¤µ¤ì¤ë¤«¤É¤¦¤«¤Ï¡¢ ¿·¤¿¤Ê IP ¥¢¥É¥ì¥¹¤¬µö²Ä¤µ¤ì¤¿¥¢¥¯¥»¥¹¤Ë¤¢¤ë¤«¤É¤¦¤«¤Ë¤è¤ë¡£ Î㤨¤Ð¡¢¥Û¥¹¥È¤Î IP ¥¢¥É¥ì¥¹¤¬ 1.2.3.4 ¤«¤é 1.2.3.5 ¤ËÊѹ¹¤µ¤ì¡¢ only_from ¤¬ 1.2.3.0 ¤È»ØÄꤵ¤ì¤Æ¤¤¤ì¤Ð¡¢¥¢¥¯¥»¥¹¤ÏµñÈݤµ¤ì¤Ê¤¤¡£
4.
¥í¥°¥ª¥×¥·¥ç¥ó USERID ¤¬»ØÄꤵ¤ì¡¢¤â¤·¥ê¥â¡¼¥È¥Û¥¹¥È¤¬ ident ¥µ¡¼¥Ð¤òÆ°¤«¤·¤Æ¤Ê¤¤¤«¡¢¤Þ¤¿¤Ï ident ¥µ¡¼¥Ð¤¬²õ¤ì¤¿ÊÖ»ö¤òÁ÷¤êÊÖ¤·¤Æ¤­¤¿¤é¡¢ ¥µ¡¼¥Ó¥¹¥Õ¥é¥° IDONLY ¤¬»È¤ï¤ì¤Ê¤¤¸Â¤ê¡¢¥¢¥¯¥»¥¹¤ÏµñÈݤµ¤ì¤Ê¤¤¡£
5.
¥×¥í¥»¥¹¤ò¥Õ¥©¡¼¥¯¤·¡¢ ¤½¤ì¤¬¥ê¥â¡¼¥È¥Û¥¹¥È¤È¥í¡¼¥«¥ë¥µ¡¼¥Ð¤Î´Ö¤Ç¥Õ¥£¥ë¥¿¤È¤·¤Æ¿¶Éñ¤¦¤³¤È¤Ë¤è¤ê¡¢ ²£¼è¤ê¤¬µ¡Ç½¤¹¤ë¡£ ¤³¤ì¤ÏÌÀ¤é¤«¤ËÀ­Ç½¤Ë±Æ¶Á¤òµÚ¤Ü¤¹¤Î¤Ç¡¢ ³Æ¥µ¡¼¥Ó¥¹¤´¤È¤Î¥»¥­¥å¥ê¥Æ¥£¤ÈÀ­Ç½¤È¤Î´Ö¤ÎÂŶ¨¤Ï¡¢¤¢¤Ê¤¿¤ËǤ¤µ¤ì¤Æ¤¤¤ë¡£ °Ê²¼¤Îɽ¤Ï²£¼è¤ê¤Î¥ª¡¼¥Ð¡¼¥Ø¥Ã¥É¤ò¼¨¤¹¡£ ºÇ½é¤Îɽ¤ÏÍÍ¡¹¤Ê¥Ç¡¼¥¿¥°¥é¥à¥µ¥¤¥º¤Ç¤Î¡¢UDP ¥Ù¡¼¥¹¤Î¥µ¡¼¥Ó¥¹¤Ë¤ª¤±¤ë¥Ç¡¼¥¿¥°¥é¥à¤¢¤¿¤ê¤Î¥ª¡¼¥Ð¡¼¥Ø¥Ã¥É¤Ç¤¢¤ë¡£ TCP ¥Ù¡¼¥¹¤Î¥µ¡¼¥Ó¥¹¤Ë¤Ä¤¤¤Æ¤Ï¡¢²£¼è¤ê¤Ë¤è¤ë¥Ð¥ó¥ÉÉý¤Î¸º¾¯¤ò·×¬¤·¤¿¡£ ·×¬¤Î´Ö¤Ï¡¢¤¢¤ëÎ̤Υǡ¼¥¿¤ò¥¯¥é¥¤¥¢¥ó¥È¤«¤é¥µ¡¼¥Ð¤ØÁ÷¤Ã¤¿ (»þ´Ö¤Î¥ª¡¼¥Ð¡¼¥Ø¥Ã¥É¤Ï UDP ¥Ù¡¼¥¹¤Î¥µ¡¼¥Ó¥¹¤ÈƱ¤¸¤Ï¤º¤À¤¬¡¢ Ϣ³¤¹¤ë¥Ç¡¼¥¿Å¾Á÷¤ÎºÇ½é¤Î¥Ñ¥±¥Ã¥È¤À¤±¤Ë¤«¤«¤ë)¡£ ¥Ç¡¼¥¿Î̤Ïɽ¤Î ¥·¥¹¥Æ¥à¥³¡¼¥ë¿ôx¥·¥¹¥Æ¥à¥³¡¼¥ë¤¢¤¿¤ê¤Î¥Ç¡¼¥¿ÎÌ ¤«¤éÆÀ¤é¤ì¤ë¡£¤¹¤Ê¤ï¤Á¡¢³Æ send(2) ¥·¥¹¥Æ¥à¥³¡¼¥ë¤Ï¤½¤ì¤Û¤É¿¤¯¤Î¥Ç¡¼¥¿¤òžÁ÷¤·¤¿¡£ ¥Ð¥ó¥ÉÉý¤Î¸º¾¯¤Ï¡¢É䢤¿¤ê¤Î¥Ð¥¤¥È¿ô¤È¡¢ ²£¼è¤ê¤¬¹Ô¤ï¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¤«¤é¤Î³ä¹ç¤ÇÍ¿¤¨¤é¤ì¤ë¡£ Á´¤Æ¤Î·×¬¤Ï SunOS 4.1 ¤¬Áö¤ë SparcStation IPC ¤Ç¹Ô¤ï¤ì¤¿¡£
¥Ç¡¼¥¿¥°¥é¥à¥µ¥¤¥º(¥Ð¥¤¥È)
ÃÙ±ä(¥ß¥êÉÃ)
--------------------------
------------
64
1.19
256
1.51
1024
1.51
4096
3.58
Á÷¿®¥Ð¥¤¥È
¥Ð¥ó¥ÉÉý¸º¾¯
----------
------------
10000x64
941 (1.2%)
10000x256
4,231 (1.8%)
10000x1024
319,300 (39.5%)
10000x4096
824,461 (62.1%)

Îã


#

# xinetd ¤Î¥µ¥ó¥×¥ëÀßÄê¥Õ¥¡¥¤¥ë

#



defaults

{
log_type
= FILE /var/log/servicelog
log_on_success
= PID
log_on_failure
= HOST RECORD
only_from
= 128.138.193.0 128.138.204.0
only_from
= 128.138.252.1
instances
= 10
disabled
= rstatd


}



#

# Ãí°Õ 1: protocol °À­¤ÏɬÍפʤ¤

# Ãí°Õ 2: instances °À­¤Ï¥Ç¥Õ¥©¥ë¥ÈÃͤò¾å½ñ¤­

#

service login

{
socket_type
= stream
protocol
= tcp
wait
= no
user
= root
server
= /usr/etc/in.rlogind
instances
= UNLIMITED


}



#

# Ãí°Õ 1: instances °À­¤Ï¥Ç¥Õ¥©¥ë¥ÈÃͤò¾å½ñ¤­

# Ãí°Õ 2: log_on_success ¥Õ¥é¥°¤Ï°ú¤­¿ô

#

service shell

{
socket_type
= stream
wait
= no
user
= root
instances
= UNLIMITED
server
= /usr/etc/in.rshd
log_on_success
+= HOST RECORD


}



service ftp

{
socket_type
= stream
wait
= no
nice
= 10
user
= root
server
= /usr/etc/in.ftpd
server_args
= -l
instances
= 4
log_on_success
+= DURATION HOST USERID
access_times
= 2:00-9:00 12:00-24:00


}



# telnet ¥»¥Ã¥·¥ç¥ó¤ò¡¢8 ¥á¥¬¥Ð¥¤¥È¤Î¥á¥â¥ê¡¼¤È»Ò¥×¥í¥»¥¹¤ò

# ¹ç·× 20 CPU ÉäËÀ©¸Â

service telnet

{
socket_type
= stream
wait
= no
nice
= 10
user
= root
server
= /usr/etc/in.telnetd
rlimit_as
= 8M
rlimit_cpu
= 20


}



#

# ¤³¤Î¥¨¥ó¥È¥ê¤È¤½¤Î¼¡¤Ï¡¢ÆâÉô¥µ¡¼¥Ó¥¹¤ò»ØÄꤹ¤ë¡£

# °ã¤¦¥½¥±¥Ã¥È¥¿¥¤¥×¤ÎƱ¤¸¥µ¡¼¥Ó¥¹¤Ê¤Î¤Ç¡¢

# ³Æ¥¨¥ó¥È¥ê¤òÍ£°ì¤Ë¼±Ê̤¹¤ë¤¿¤á¤Ë id °À­¤òÍѤ¤¤ë

#

service echo

{
id
= echo-stream
type
= INTERNAL
socket_type
= stream
user
= root
wait
= no


}



service echo

{
id
= echo-dgram
type
= INTERNAL
socket_type
= dgram
user
= root
wait
= no


}



service servers

{
type
= INTERNAL UNLISTED
protocol
= tcp
port
= 9099
socket_type
= stream
wait
= no


}



#

# RPC ¥µ¡¼¥Ó¥¹¤Î¥µ¥ó¥×¥ë

#

service rstatd

{
type
= RPC
socket_type
= dgram
protocol
= udp
server
= /usr/etc/rpc.rstatd
wait
= yes
user
= root
rpc_version
= 2-4
env
= LD_LIBRARY_PATH=/etc/securelib


}



#

# ¥ê¥¹¥È¤Ë¤Ê¤¤¥µ¡¼¥Ó¥¹¤Î¥µ¥ó¥×¥ë

#

service unlisted

{
type
= UNLISTED
socket_type
= stream
protocol
= tcp
wait
= no
server
= /home/user/some_server
port
= 20020


}
 

´ØÏ¢¹àÌÜ

xinetd(1L),

xinetd.log(5)

Postel J., Echo Protocol, RFC 862, May 1983

Postel J., Discard Protocol, RFC 863, May 1983

Postel J., Character Generator Protocol, RFC 864, May 1983

Postel J., Daytime Protocol, RFC 867, May 1983

Postel J., Harrenstien K., Time Protocol, RFC 868, May 1983

M. Lottor, TCP Port Service Multiplexer (TCPMUX), RFC 1078, Nov 1988

StJohns M., Identification Protocol, RFC 1413, February 1993

¥Ð¥°

INTERCEPT ¥Õ¥é¥°¤¬»È¤ï¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢ wait ¤¬ yes ¤Ç socket_type ¤¬ stream ¤Î¤È¤­¤Ï¡¢ ¥ê¥â¡¼¥È¥Û¥¹¥È¥¢¥É¥ì¥¹¤Î¥¢¥¯¥»¥¹À©¸æ¤Ï¹Ô¤ï¤ì¤Ê¤¤¡£

INTERCEPT ¥Õ¥é¥°¤¬»È¤ï¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢ wait ¤¬ yes ¤Ç socket_type ¤¬ dgram ¤Î¥µ¡¼¥Ó¥¹¤Î ¥ê¥â¡¼¥È¥Û¥¹¥È¥¢¥É¥ì¥¹¤Ë¤è¤ë¥¢¥¯¥»¥¹À©¸æ¤Ï¡¢ºÇ½é¤Î¥Ñ¥±¥Ã¥È¤Ë¤Î¤ß¹Ô¤ï¤ì¤ë¡£ ¥¢¥¯¥»¥¹À©¸æ¥ê¥¹¥È¤Ë¤Ê¤¤¥Û¥¹¥È¤«¤é¤Î¥Ñ¥±¥Ã¥È¤ò¥µ¡¼¥Ð¤Ï¼õ¤±ÉÕ¤±¤Æ¤·¤Þ¤¦¡£ ¤³¤ì¤Ï RPC ¥µ¡¼¥Ó¥¹¤Î¾ì¹ç¤Ëµ¯¤­¤ë¡£

´Ä¶­ÊÑ¿ô¤Ë ¶õÇò ¤òÆþ¤ì¤ëÊýË¡¤¬¤Ê¤¤¡£

wait ¤¬ yes ¤Ç socket_type ¤¬ stream ¤Î¤È¤­¡¢ Àܳ¤¬¼õ¤±ÉÕ¤±¤é¤ì¤¿¾ì¹ç¤Î¤ß¡¢¥½¥±¥Ã¥È¤¬¥µ¡¼¥Ð¤ØÅϤµ¤ì¤ë¡£

INTERCEPT ¥Õ¥é¥°¤Ï¡¢ÆâÉô¥µ¡¼¥Ó¥¹¤È¥Þ¥ë¥Á¥¹¥ì¥Ã¥É¥µ¡¼¥Ó¥¹¤Ç¤Ï¥µ¥Ý¡¼¥È¤µ¤ì¤Ê¤¤¡£