pG̾ daemon ҰʻP޲z觋ӰϤA򥻤WAiHN daemon iW߱Ұʪ stand alone A PzL@ super daemon ӲΤ@޲zAȳojAo daemon pUG

• stand_aloneG daemon iHۦWҰʪA

NrWNӻAstand alone NOyWߪҰʡzNCo daemon iHۦҰʦӤzLL޲zF daemon ҰʨøJON@ΰOPtθ귽C̤juINOG]O@sbO馎򪺴ѪAȡA ]oͥΤݪnDɡAstand alone daemon ^t׸C` stand alone daemon WWW daemon (httpd)BFTP daemon (vsftpd) C

• super daemonG @S daemon ӲΤ@޲z

o@تAȪҰʤ觋hOǥѤ@ӲΤ@ daemon ӭtd_AȡIoӯS daemon NQ٬ super daemon C super daemon O inetd o@ӡAӫhQ xinetd ҨNFCoؾ쪺abA SΤݪnDɡAUAȳOҰʪpA즳ӦۥΤݪnDɡA super daemon ~۹ACΤݪnDAQoӪAȤ]|tθ귽C

oؾnBOG (1)ѩ super daemon tdUAȡA] super daemon iH㦳wުANO𪺥\աI (2)ѩAȦbΤݪsuNA]|@Ψtθ귽COIOOH ]Τݪsu~|ӪAȡAӸӪAȸJO骺ɶݭnҼ{ihA]AȪɶ|C@ǰաI ` super daemon Һ޲zAȨҦp telnet oӪNNOաI

1.1.1BSuper daemon B@ܷN

pWҥܡASuper daemon O`nbO餤A Program 1, 2, 3 hOҰʬYǪAȪ{ (QҰʪA)CΤݪnDɡA Super daemon ~|hIJo{J daemon ӦsbO餤AɡAΤݪnD~|Q Super daemon ɦV Daemon 1 hFsuIΤݪnDɡADaemon 1 N|QAϤusuN|_oI

• fѻ

oرҰʪ觋@ӤnOHաIӥB٭nݸӥDu@tPڪγ~I ҦpADOΨӧ@ WWW AA httpd ۵MNH stand alone Ұʤ觋ΡIƹWAڭ̱``} stand alone P super daemon pAiHȦ檺fӧ@dҳI

• ӧOftd@AȪ stand aloneG
  
  bȦ̭A]@س@AȪfAҦpsfAҥHAݭnsɭԡAeӵfANyMHzAAȰաI oNO stand alone pC
  
  
• Τ@ftdUط~Ȫ super daemonG
  
  bȦ̭]٦t~@ؽƦXAΤ@fAPɴbBիסBڵ~ȡAAݭn𫟺@~ȪɭԡA NݭneӵfCObfo~AAݨD椧A᭱@yޡIbSIӧAu@Fz 򨺭ӤSN}lu@hIMӸY٦ի׻Pڵtd~ȪSOHL̦bFHKKIݬݳBܳܯoI
  
  o̴N|ޥXt~@ӰDաI]Ȧ椵ѪHSOAҥHoӵf᭱FA~٦ܦhHI Q@QAoӵfOny@ӧAӤU@ӡz٬OyA̪ڮӡAڥBzzOHI OOӤ@ˡH򥻤WAwo super daemon BzҦءAOOoˡG
  
  
  • multi-threaded (h)G
    NOڭ̴쪺AȤᤧnDLӡA@LUhAҥH@ӪAȦPɷ|tdnXӵ{ǡC
    
    
  • single-threaded (@)G
    oӴNOثeڭ̡yHȦẕ`觋աAצpAϥ@Ӥ@ӨӡAĤ@ӨSBzeA᭱бƶIKKI ҥHpG client nDMjWܡAoDZߨ쪺 client ioW@I
  
  
  1.1.2BPh檺 super daemon B@觋
  
  pWҥܡAh檺觋A daemon |@QIJoh{ǨӴѤP client AȡAҥHקAOĴXӵnJ̡A iHɥ daemon AȡCܩkhO@檺觋Aȷ|@ daemon QAĤ@ӥΤFsuA QnsuΤNonݡA]o̪su|\C

t~Aݭn`NOAJMȦYoصfPɦsbAҥHoAb Linux tθ̭Ao daemon Ұʤ觋]OiHPɦsbաI]NOAYǪAȥiHϥ stand alone ӱҰʡAӦǨLAȫhiHϥ xinetd o super daemon Ӻ޲zAjPpNOo˰աIAGI

• daemon u@κA

pGH daemon ѪAȪu@AӰϤASiHN daemon jAOOG

• signal-control
  o daemon OzLTӺ޲zAunΤݪݨDiӡALN|ߧYҰʥhBzIҦpLA (cupsd)C
  
  
• interval-control
  o daemon hDnOyCj@qɶNDʪhYu@zAҥHAAn@Ob]wɫwAȭni檺ɶPu@A ӪAȦbwɶ~|hu@Cڭ̦bĤQ쪺 atd P crond Nݩo daemon (C@]w)

t~ApGA}o{ܦ쪺ܡAiHۦd\@Uy man 3 daemon zݬݨtι daemon ԲӻaI ^_^C

• daemon RWWh

C@ӪAȪ}o̡Ab}oL̪AȮɡASOGưաILALצpAoǪAȪWٳQإߤAQW Linux ϥήɡAq`bAȪW٤|[W@ d AҦpҦʩROإߪ at, P cron oӪAȡA L{ɦW|Q atd P crondAo d NNO daemon NCҥHAbĤQCAڭ̨ϥΤF ps P top [{ǮɡA|o{ܦh {xxx}d {ǡAIq`NO@ daemon {oI

qĤQCPe@p`AȪAAӭnDOA tΩҦ\ೣOYǵ{ǩҴѪAӵ{ǫhOzLIJo{ӲͪCP˪AtδѪAȷM]Oo˪I uOѩoA TCP/IP AҥH㪺@ǴNOFC

Lں (Internet) BӪD IP oNAja IP NONADbںWyPXzC OAD`OiHѫD`hAȦӤ@\ӤwAڭ̶Ȧ@ IP OIΤݳsuLӧڭ̪DɡA ڭ̥DOp뤣PAȭnDOHNOzL (port number) աI²檺QALNOAaPWĴXhӡI o IP P port NOںsṷn@oCڭ̮U}ӻG

• http://ftp.isu.edu.tw/
• ftp://ftp.isu.edu.tw/

So{AӺ}OV ftp.isu.edu.tw oӸqujǪ FTP AOsWܪGoO@˪H OڡIoO]ڭ̫VPAȹI@ӬO http o WWW AȡA@ӫhO ftp oɮ׶ǿAȡAMܪGNPFC

1.2.1B port P daemon AΤݳsuwPAAȾɦV𸹥礣P

ƹWAFΤ@Ӻں𸹹AȪ\AnҦDϥάۦPӴѪAȻPnDAȡA ҥHNFyqTwzoNC]NOAǬwUAȳmbP@Ӱ𸹤WաI|ҨӻA }CW http |sV WWW A 80 𸹶isunDI WWW A]|N httpd oӳnҰʦb port 80A o˨̤~FsuI

IQ@QAtΤWS]wiHAȻP𸹹b@_OHNO /etc/services աI

[root@www ~]# cat /etc/services
....(eٲ)....
ftp             21/tcp
ftp             21/udp          fsp fspd
ssh             22/tcp                          # SSH Remote Login Protocol
ssh             22/udp                          # SSH Remote Login Protocol
....(ٲ)....
http            80/tcp          www www-http    # WorldWideWeb HTTP
http            80/udp          www www-http    # HyperText Transfer Protocol
....(Uٲ)....
# oɮתeOHU觋ӽsƪG
# <daemon name>   <port/ʥ]w>   <ӪAȪ>

WOAĤ@欰 daemon W١BĤG欰 daemon ҨϥΪ𸹻Pƫʥ]wA ʥ]wDniasu TCP ʥ]HθֳtDsuɦV UDP ʥ]C |ӨҤlAӻݳsuϥΪO ssh oӪAȡAӳoӪAȪϥΪ𸹬 22 INOo˰ڡI

ѬYӪAȪ daemon MuO@{ӤwAOo daemon Ұ٬OݭnɡB]wɡBҵA |ҨӻAAiHd\@U httpd oӵ{ (man httpd) A̭iͨ줣֪ﶵPѼƩOI~AF޲zWKA ҥHq` distribution |OC@ daemon ҰʫҨo{Ǫ PID b /var/run/ oӥؿUOI ٦٦AbҰʳoǪAȤeAAi]nۦBz@U daemon Q檺ҬO_TCo̭nOA nҰʤ@ daemon Ҽ{ƱܦhAëD°@{NFC

FѨMWͨ쪺DA]q` distribution |ڭ̤@²檺 shell script ӶiҰʪ\C script iHiҪB]wɪRBPID ɮתmAHάn洫ɮת (lock) ʧ@A Aun script AWzʧ@N@fs򪺶iA̲״NQB²檺Ұʳo daemon oI o]Oڭ̷|ƱAiHԲӪs@UĤQT]ڡC

OKIo daemon Ұʸ} (shell script) b̰ڡH٦A CentOS 5.x q`N daemon ɮשb̡H HάYǭn]wɤSOm̡H򥻤WOboǦaG

• /etc/init.d/* GҰʸ}mB
  tΤWXGҦAȱҰʸ}mbo̡IƹWoO{ؿAڭ̪ CentOS ڤWmb /etc/rc.d/init.d/ աI L٬O]wsɨ /etc/init.d/ IJMoO{ؿA]ijzOгoӥؿYiI
  
  
• /etc/sysconfig/* GUAȪlҳ]w
  XGҦAȳ|Nlƪ@ǿﶵ]wgJoӥؿUA|ҨӻAnɪ syslog o daemon lƳ]wNgJb /etc/sysconfig/syslog o̩OIӺ]whgb /etc/sysconfig/network oɮפC ҥHAoӥؿɮפ]OnF
  
  
• /etc/xinetd.conf, /etc/xinetd.d/* Gsuper daemon ]w
  super daemon Dn]w (Ow]) /etc/xinetd.conf ALڭ̤WNͨFA super daemon uO@ӲΤ@޲zALҺ޲zL daemon ]whgb /etc/xinetd.d/* YI
  
  
• /etc/* GUAȦU۪]w
  ĤNLFAja]wɳOmb /etc/ UI
  
  
• /var/lib/* GUAȲͪƮw
  @Ƿ|͸ƪAȳ|NLƼgJ /var/lib/ ؿC|ҨӻAƮw޲zt MySQL Ʈww]NOgJ /var/lib/mysql/ oӥؿUաI
  
  
• /var/run/* GUAȪ{Ǥ PID OB
  ڭ̦bĤQCͨiHϥΰT (signal) Ӻ޲z{ǡA JM daemon O{ǡAҥHM]iHQ kill killall Ӻ޲zաILFߺ޲zɼvTL{ǡA ] daemon q`|Nۤv PID O@ /var/run/ IҦpnɪ PID NOb /var/run/syslogd.pid oɮפCp@ӡA /etc/init.d/syslog N²檺޲zۤv{oC

Wͨ쪺O]wɡA stand alone P super daemon Һ޲zAȱҰʤ觋@OHLOo˰G

• Stand alone /etc/init.d/* Ұ

ͨFXGtΤWҦAȪҰʸ}b /etc/init.d/ UAo̭}|hҡBjM]wɡB J distribution Ѫƥ\BP_ҬO_iHB@ daemon A@BTwiHB@A AH shell script case....esac ykӱҰʡBB [ daemon Iڭ̥iH²檺H /etc/init.d/syslog oӵnɱҰʸ}Ӷi满G

[root@www ~]# /etc/init.d/syslog
Ϊk: /etc/init.d/syslog {start|stop|status|restart|condrestart}
# ѼƳ[ɭԡAtη|iDAiHΪѼƦǡApWҥܡC

dҤ@G[ syslog o daemon ثeA
[root@www ~]# /etc/init.d/syslog status
syslogd (pid 4264) b...
klogd (pid 4267) b...
# N syslog ޲z daemon Ao daemon bB@աI

dҤGGs syslog Ū@]w
[root@www ~]# /etc/init.d/syslog restart
b֤߰O:          [  Tw  ]
btΰO:          [  Tw  ]
bҰʨtΰO:          [  Tw  ]
bҰʮ֤߰O:          [  Tw  ]
[root@www ~]# /etc/init.d/syslog status
syslogd (pid 4793) b...
klogd (pid 4796) b...
# ]sҰʹLAҥH PID PĤ@[ȴN@ˤFIoAѥGH

ѩtΪҳwgAs@AҥHQ /etc/init.d/* ӱҰʡBP[AND`²IpA CentOS ٬Oѥt~@iHҰ stand alone AȪ}ANO service oӵ{C service ȬO@ script աALiHRAUF service ᭱ѼơAMھڧAѼƦA /etc/init.d/ hoTAȨ start stop ILykOo˪աG

[root@www ~]# service [service name] (start|stop|restart|...)
[root@www ~]# service --status-all
ﶵPѼơG
service nameGYOݭnҰʪAȦW١AݻP /etc/init.d/ F
start|...   GYOӪAȭni檺u@C
--status-allGNtΩҦ stand alone AȪAqqCX

dҤTGsҰ crond o daemon G
[root@www ~]# service crond restart
[root@www ~]# /etc/init.d/crond restart
# oؤkHKAέ@بӳBziHILwϥ /etc/init.d/*

dҥ|GܥXثetΤWҦAȪB@A
[root@www ~]# service --status-all
acpid (pid 4536) b...
anacron w
atd (pid 4694) b...
....(Uٲ)....

o˴NN@AȪB@ACXAA]iHھڳoӿXGӬdߧAYǪAȬO_TB@FڡI^_^I AbWdҷAҰʤ觋H service oӵ{AΪ̪h /etc/init.d/ UҰʡA@˰աIۦhѪR /sbin/service NDԣFI ^_^

• Super daemon Ұʤ觋

Super daemon ]O@ stand alone AȡA 1.1.1 NDաI] super daemon n޲z򪺨LAȹALMۤvn`nbO餤աIҥH Super daemon ۤvҰʪ觋P stand alone OۦPI OLҺ޲zL daemon NOo˰oInb]wɤ]wҰʸ daemon ~C]wɴNO /etc/xinetd.d/* ҦɮסCpo super daemon Һ޲zAȬO_ҰʩOHAiHo˰G

[root@www ~]# grep -i 'disable' /etc/xinetd.d/*
....(eٲ)....
/etc/xinetd.d/rsync:          disable = yes
/etc/xinetd.d/tcpmux-server:  disable = yes
/etc/xinetd.d/time-dgram:     disable = yes
/etc/xinetd.d/time-stream:    disable = yes

] disable OyzNA]pGy disable = yes zhNAȪҰʡApGOy disable = no z ~OҰʸӪAȰաI]ڷQnҰʦpW rsync oӪAȡAAiHo˰G

# 1. ק]wɦҰʪҼˡG
[root@www ~]# vim /etc/xinetd.d/rsync
# бN disable @令pUҼ (쥻O yes 令 no NF)
service rsync
{
        disable = no
....(᭱ٲ)....

# 2. sҰ xinetd oӪA
[root@www ~]# /etc/init.d/xinetd restart
b xinetd:             [  Tw  ]
bҰ xinetd:             [  Tw  ]

# 3. [Ұʪf
[root@www ~]# grep 'rsync' /etc/services  <==ݬݰfO@
rsync           873/tcp               # rsync
rsync           873/udp               # rsync
[root@www ~]# netstat -tnlp | grep 873
tcp    0 0 0.0.0.0:873      0.0.0.0:*     LISTEN      4925/xinetd
# `NݡIҰʪAȨëD rsync IӬO xinetd A]Ln rsync I
# YðݡA@wnhݬݹ 1.1.1 ~I

]NOAAק /etc/xinetd.d/ U]wɡAMAsҰ xinetd NFI xinetd O@ stand alone ҰʪAȡIoonSOdNOI

Ӭݤ@ݹw] /etc/xinetd.conf oɮתeOaI

[root@www ~]# vim /etc/xinetd.conf
defaults
{
# AȱҰʦ\ΥѡAHάnJ欰O
        log_type        = SYSLOG daemon info  <==nɪOA
        log_on_failure  = HOST   <==oͿ~ɻݭnOTD (HOST)
        log_on_success  = PID HOST DURATION EXIT <==\ҰʩεnJɪOT
# \έsuw]
        cps         = 50 10 <==P@̤jsuƬ 50 ӡAYWLhȰ 10 
        instances   = 50    <==P@AȪ̤jPɳsu
        per_source  = 10    <==P@ӷΤݪ̤jsu
#  (network) w]
        v6only          = no <==O_Ȥ\ IPv6 HiHȮɤҰ IPv6 䴩I
# ҰѼƪ]w
        groups          = yes
        umask           = 002
}

includedir /etc/xinetd.d <==h]wȦb /etc/xinetd.d ӥؿ

/etc/xinetd.conf iH٬w]Ȫ]wɩOH]pGAҰʬY super daemon ޲zAȡA OӪAȪ]wȨèSwWzǶءAӪAȪ]wȴNHWzw]ȬDI ܩWzw]ȷ|N super daemon ޲zAȳ]wGy@ӪAȳ̦hiH 50 ӦPɳsuA Co_usvsu̦hȯ঳ 50 AYWL 50 hӪAȷ|Ȱ 10 CP@ӨӷΤ̦hȯF 10 suC ӵnJ\PѩҰOTäۦPCzo˻AiHMFaH ^_^ ܩhѼƻAڭ̷|bUAjժI

JMouOӹw]ѼɡA۵MhAȰѼɮoSөҦAȰѼɳb /etc/xinetd.d ̭AoO]W̫@ڡIoAFaI ^_^CCӰѼɮתeO˩OH@ӻALOo˪G

service  <service_name>
{
       <attribute>   <assign_op>   <value>   <value> ...
       .............
}

Ĥ@@w service Aܩ󨺭 <service_name> ̭eAhP /etc/services A]LiHӵ /etc/services AȦWٻP𸹨ӨMwҭnҥΪ port OӰڡI MѼƴNbӤjCattribute O@ xinetd ޲zѼơA assign_op hOѼƪ]wkC assign_op Dn]wΦG

 = G ܫ᭱]wѼƴNOo˰աI
+= G ܫ᭱]wybӪ]wY[JsѼơz
-= G ܫ᭱]wybӪѼƱ˱o̿JѼơIz

γ~ӬۦPAqЯdNInFIUAӻ@ attribute P value I

OKIڭ̴NQΤWoǰѼƨӬ[cXڭ̩һݭn@ǪAȪ]waIѦҬݬݩU]wkoI ^_^

ڭ̪DzL super daemon ުAȥiHh@h޲zӹF𪺾A ӦpJӪ]wo]wѼƩOHUڭ̨ϥ rsync oӥiHi卤g (mirror) AȨӻC rsync iHⳡDWYӥؿ@Ҥ@ˡAbݲaƴtΤWOnΪ@ӾC ӥBw]@˦n CentOS NwgsboNFIN@@w] rsync ]wɧaI

[root@www ~]# vim /etc/xinetd.d/rsync
service rsync  <==AȦW٬ rsync
{
        disable = no                     <==w]OIQڭ̥}F
        socket_type     = stream         <==ϥ TCP suG
        wait            = no             <==iHPɶijqsu\
        user            = root           <==ҰʪAȬ root oӨ
        server          = /usr/bin/rsync <==NOo{Ұ rsync Ao
        server_args     = --daemon       <==oOnﶵڡI
        log_on_failure  += USERID        <==nJ~ɡAB~OϥΪ ID
}

णק user LOHѩb /etc/services Ww rsync ϥΪfX 873 AoӰfp 1024 AҥHzפWҰʳoӰf@wnO root ~Io user NбzOçoI ѩ󳾭եDbwˮɤwgdAثeӤA@ӬO 192.168.1.100 A@ӫhO 127.0.0.1A ]ڱN 192.168.1.100 ]p~A 127.0.0.1 AB~쪺Ov]wG

• 鷺 127.0.0.1 }hvG
  
  • o̪]wȻݸjb 127.0.0.1 oӤWF
  • 127.0.0.0/8 }nJvF
  • isuA]A`suƶqPɶF
  • O 127.0.0.100 127.0.0.200 \nJ rsync AȡC
  
  
• ~ 192.168.1.100 h]wG
  
  • ~]wj 192.168.1.100 oӤF
  • oӤȶ} 140.116.0.0/16 o B Ū .edu.tw iHnJF
  • }񪺮ɶW 1-9 IHαߤW 20-24 IӮɬqF
  • ̦h\ 10 PɳsuC

bo˪WpUAڭ̥iHNWY /etc/xinetd.d/rsync oɮ׭ק令G

[root@www ~]# vim /etc/xinetd.d/rsync
# w鷺Pӳ]wG
service rsync
{
        disable = no                        <==nҰʤ~ڡI
        bind            = 127.0.0.1         <==AȸjboӤWI
        only_from       = 127.0.0.0/8       <==u}oӺ쪺ӷnJ
        no_access       = 127.0.0.{100,200} <==oӤinJ
        instances       = UNLIMITED         <==N /etc/xinetd.conf ]w
        socket_type     = stream            <==U]whOd
        wait            = no
        user            = root
        server          = /usr/bin/rsync
        server_args     = --daemon
        log_on_failure  += USERID
}

# Aw~suӶi歭OI
service rsync
{
        disable = no
        bind            = 192.168.1.100
        only_from       = 140.116.0.0/16
        only_from      += .edu.tw           <==]֥[AҥHQ += ]w
        access_times    = 01:00-9:00 20:00-23:59 <==ɶɬqAŮj}
        instances       = 10                <==u 10 su
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/bin/rsync
        server_args     = --daemon
        log_on_failure  += USERID
}

bWoӳ]wɤA@gFq service rsync ]wA@qw鷺@qw~A pG]pANLsҰʫAN|X{pUAI

# 0. ݬݭ쥻 873 AI
[root@www ~]# netstat -tnlp | grep 873
tcp    0 0 0.0.0.0:873      0.0.0.0:*     LISTEN      4925/xinetd
# JӬݡAȰw 0.0.0.0 oӥťӤwI

# 1. sҰ xinetd aIOҰ rsync IOdC
[root@www ~]# /etc/init.d/xinetd restart
[root@www ~]# netstat -tnlp | grep 873
tcp    0 0 192.168.1.100:873     0.0.0.0:*       LISTEN    7227/xinetd
tcp    0 0 127.0.0.1:873         0.0.0.0:*       LISTEN    7227/xinetd
# SݨӤڡӥBA PID |OP@өOI

pPW]wAڭ̴NiHNYӨtΪAȰw藍PΤݨӷwPϥvIoˤltΪAȥiHwhFI pGӧAYǪAȷQnϥγoөNNӳ]w]O OK Ih]wƴNݱzۤvzѤFC

ڭ̦beXDFnި at ϥΥiHzL׭q /etc/at.{allow|deny} Ӻ޲zAܩ crontab hOϥ /etc/cron.{allow|deny} Ӻ޲zC򦳨SkzLӤAN޲zYǵ{ϥΩOH NI޲zYǵ{O_Ϊ̬OڵӦۺںsuNաIINO /etc/hosts.{allow|deny} oC

H xinetd ޲zAȡAiHzL /etc/hosts.allow, /etc/hosts.deny ӳ]wC򤰻OOH²檺ANOwӷ IP κi椹\Ωڵ]wA HMwӳsuO_\Fs@ؤ觋NOFCڭ̭ק /etc/xinetd.d/rsync Y no_access, only_from ]iHio譱]wCLAϥ /etc/hosts.allow, /etc/hosts.deny heޡAb]wPdߤ譱]KI Nڭ̽ͽͳoɮת]wޥaI

/etc/hosts.allow P /etc/hosts.deny ]O /usr/sbin/tcpd ]wɡAӳo /usr/sbin/tcpd hOΨӤRiJtΪ TCP ʥ]@ӳnATCP O@سsuɦVsuʥ]A]A www, email, ftp Oϥ TCP ʥ]ӹFsuC ҥHoAUWqAoӮM󥻨\NObR TCP ƫʥ]աI TCP ʥ]YDnOFӷPإD IP P port A]ǥѤR TCP ʥ]÷ft /etc/hosts.{allow,deny} WhANiHMwӳsuO_iJڭ̪DաC ҥHաAڭ̭nϥ TCP Wrappers ӱުNOG

1. ӷ IP /P Ӻ쪺 IP qF
2. port (NOAȰաAeͨҰʬYӰfO daemon d)

򥻤Wun@ӪAȨ xinetd ޲zAΪ̬OӪAȪ{䴩 TCP Wrappers 祃\ɡAӪAȪ譱]wNH /etc/hosts.{allow,deny} ӳBzoCӤ觋ӻAun䴩 TCP Wrappers 祃\઺n{NLkϥ /etc/hosts.{allow,deny} ]wȰաAo˻ASMڡCLAnpo@ӪAȪ{S䴩 TCP Wrappers OAAiHo²檺BzC

dҤ@Gդ@UF sshd  httpd oӵ{L䴩 TCP Wrappers \
[root@www ~]# ldd $(which sshd httpd)
/usr/sbin/sshd:
        libwrap.so.0 => /usr/lib64/libwrap.so.0 (0x00002abcbfaed000)
        libpam.so.0 => /lib64/libpam.so.0 (0x00002abcbfcf6000)
....(ٲ)....
/usr/sbin/httpd:
        libm.so.6 => /lib64/libm.so.6 (0x00002ad395843000)
        libpcre.so.0 => /lib64/libpcre.so.0 (0x00002ad395ac6000)
....(Uٲ)....
# Ibn驰S䴩 libwrap.so Ө祃wo

ldd (library dependency discovery) oӫOiHd߬Yӵ{ʺA祃w䴩AA]zLo ldd ڭ̥iHPNdߨ sshd, httpd L䴩 tcp wrappers ҴѪ libwrap.so oӨ祃wɮסCqWXڭ̥iHo{A sshd 䴩O httpd hS䴩C]ڭ̪D sshd iHϥ /etc/hosts.{allow,deny} i𪺩׾AO httpd hS\I

• ]wɻyk

oɮת]wykO@˪A򥻤WAݰ_ӹoˡG

<service(program_name)> : <IP, domain, hostname> : <action>
<A   (Y{W)> : <IP λ ΥDW> : < ʧ@ >
# WY < > Osb]wɤI

IOӡAĤ@ӬOXAQn޲zӵ{ɦWAĤGӤ~OgUӧAQnΪ̬Oת IP κOC {ɦWnpgOHNOgUɦWաI|ҨӻWڭ̽ͨL rsync ]wɤO server ѼƶܡH rsync ]wɤ /usr/bin/rsync ѼƭȡAbڭ̳o̴Nong rsync YiI̾ rsync ]wɸơAڭ̱Nת 127.0.0.100, 127.0.0.200, Ω檺 140.116.0.0/16 gbo̡AeIoˡG

[root@www ~]# vim /etc/hosts.deny
rsync : 127.0.0.100 127.0.0.200 : deny

M]iHgAYOG

[root@www ~]# vim /etc/hosts.deny
rsync : 127.0.0.100       : deny
rsync : 127.0.0.200       : deny

oˤ@ӡANLkH rsync iJADաIKaILAJMpAn]w /etc/hosts.allow /etc/hosts.deny ɮשOHun@ɮצsbNFA LAF]wK_Aڭ̦sbɮסA𫟺ݭn`NOG

• gb hosts.allow IP PqAw]yiqzNAY̫@ allow iHμgF
• Ӽgb hosts.deny IP Pqhw] deny AĤT檺 deny iٲF
• oɮתP_̾ڬOG (1) H /etc/hosts.allow uA (2) YR쪺 IP κqèSOb /etc/hosts.allow AhH /etc/hosts.deny ӧP_C

]NOA /etc/hosts.allow ]wu /etc/hosts.deny oI򥻤WAun hosts.allow ]NFA]ڭ̥iHN allow P deny gbP@ɮפAuOoˤ@ӦGoIõLA]Aq`ڭ̳OG

1. \iJgb /etc/hosts.allow F
2. \iJhgb /etc/hosts.deny C

~Aڭ٥iHϥΤ@ǯSѼƦbĤ@βĤGIeG

• ALLGN program_name Ϊ̬O IP NAҦp ALL: ALL: deny
• LOCALGNӦۥNAҦpG ALL: LOCAL: allow
• UNKNOWNGND IP Ϊ̬O domain Ϊ̬OAȮɡF
• KNOWNGNiѪR IP, domain TɡF

Ajդ@A service_name OҰʸӪAȪ{A|ҨӻA /etc/init.d/sshd o script ̭A ڤWҰ ssh AȪO sshd oӵ{AҥHAA service_name ۵MNO sshd oI /etc/xinetd.d/telnet (AtΥi|w) server ]wءA Ӷث in.telnetd oӵ{ӱҰʪIn`NܡI(ФOϥ vi io scripts d\) nFAڭ٬OH rsync ҤlӻnFA{b]@Ӥwy{ӳ]wANOG

1. u\ 140.116.0.0/255.255.0.0 P 203.71.39.0/255.255.255.0 oӺA 203.71.38.123 oӥDiHiJڭ̪ rsync AF
2. ~AL IP ױI

[root@www ~]# vim /etc/hosts.allow
rsync:  140.116.0.0/255.255.0.0
rsync:  203.71.39.0/255.255.255.0
rsync:  203.71.38.123
rsync:  LOCAL

[root@www ~]# vim /etc/hosts.deny
rsync: ALL  <==Q ALL ]wҦLӷinJ

򦳨Sw]wHҦpALH˧ڪ rsync port ɡAڴNNL IP OAHӪd߻P{ҤΩOH OIuOANonB~ʧ@Ѽƥ[bĤTFAӥBAݭnwˤF TCP Wrappers n~CnTwSw TCP Wrappers iHϥΡy rpm -q tcp_wrappers zӬd߳Cܩ[ӳDnʧ@hG

• spawn (action)
  iHQΫ򱵪 shell ӶiB~u@AB㦳ܼƥ\ADnܼƤeG %h (hostname), %a (address), %d (daemon)F
  
  
• twist (action)
  ߨH򪺫OiAB槹פӦsunD (DENY)

FFlܨӷؼЪTتAɧڭ̻ݭn safe_finger oӫOU~CӥBڭ٧ƱΤݪoӴcN̯QĵiC Ӭy{iHOo˪G

1. Q safe_finger hlܥXDT (]ADW١BϥΪ̬T)F
2. NӰlܨ쪺GH email 觋Hڭ̥ root F
3. bùWܤinJBĵiLwgQOT

ѩOתA]ڭ̳o spawn P twist ʧ@jhOgb /etc/hosts.deny ɮפCڭ̱NWzʧ@gpUFFG

[root@www ~]# vim /etc/hosts.deny
rsync : ALL: spawn (echo "security notice from host $(/bin/hostname)" ;\
	echo; /usr/sbin/safe_finger @%h ) | \
	/bin/mail -s "%d-%h security" root & \
	: twist ( /bin/echo -e "\n\nWARNING connection not allowed.\n\n" )

WOw@ rsync ҼgTAAiHݨWo|@Tӫ_ӹj}|өNNAo|өNNNqOG

1. rsyncG NO rsync oӪAȪ{oF
   
   
2. ALLG OӷAoӽdMOҦӷoA]O ALL I
   
   
3. spawn (echo "security notice from host $(/bin/hostname)" ; echo ; /usr/sbin/safe_finger @%h ) | /bin/mail -s "%d-%h security" root &G ѩnN@ǰưe root lHcA]ݭnϥθƬy׾㪺A( )AAIb safe_finger ءAL|ΤݥDTAMϥκ޽uRONoǸưe mail BzA mail |NӸTHY security r˱H root աIѩ spawn uOL{AҥHٯ򪺰ʧ@I
   
   
4. twist ( /bin/echo -e "\n\nWARNING connection not allowed.\n\n" )G oӰʧ@|N Warning r˶ǰeΤݥDùWI MNӳsu_C

bWҤlAĤT檺 root ӱbAiHgAӤHbΪ̨L e-mail Ao˴NHA`Ϊ email oA oˤ]n޲zoCp@ӡAg\qյnJADɡA𫍧ùWN|ܤW̫@AåBNL IP H root ( Ϊ̬OAۤvHc )̥hI

[tΤwҰʪAȤ觋ܦhALAڭ̳̱`ϥ netstat [C򥻤WAH ps [ӨtΤWAȬOA]LiHN process XӡCLAڭ̤ߪ٬Ob󦳱ҰʺťAȰڡA ҥH|wϥ netstat Ӭd\աC

dҤ@GXثetζ}ҪyAȡzǡH
[root@www ~]# netstat -tulp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address       Foreign Address State  PID/Program name
tcp        0      0 www.vbird.tsai:2208 *:*             LISTEN 4575/hpiod
tcp        0      0 *:737               *:*             LISTEN 4371/rpc.statd
tcp        0      0 *:sunrpc            *:*             LISTEN 4336/portmap
tcp        0      0 www.vbird.tsai:ipp  *:*             LISTEN 4606/cupsd
tcp        0      0 www.vbird.tsai:smtp *:*             LISTEN 4638/sendmail: acce
tcp        0      0 *:ssh               *:*             LISTEN 4595/sshd
udp        0      0 *:filenet-tms       *:*                    4755/avahi-daemon:
....(Uٲ)....
# ݤ@UWYA Local Address a|X{DWٻPAȦW٪AnOoOA
# iH[W -n  port number AӪAȦWٻP port hb /etc/services

dҤGGXҦťA (]t socket A)G
[root@www ~]# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address  Foreign Address  State   PID/Program name
tcp        0      0 127.0.0.1:2208 0.0.0.0:*        LISTEN  4575/hpiod
....(ٲ)....
Active UNIX domain sockets (only servers)
Proto RefCnt Flags   Type   State     I-Node PID/Program name Path
....(ٲ)....
unix  2      [ ACC ] STREAM LISTENING 10624  4701/xfs         /tmp/.font-unix/fs7100
unix  2      [ ACC ] STREAM LISTENING 12824  5015/Xorg        /tmp/.X11-unix/X0
unix  2      [ ACC ] STREAM LISTENING 12770  4932/gdm-binary  /tmp/.gdm_socket
....(HUٲ)....
# JӪ@@@ڡAF즳ť port ~Aٷ| socket ܦbWA
# ڭ̥iHMDǪAȳQҰʩOI

dҤTG[ҦAȪA
[root@www ~]# service --status-all
# oӫOIe͹LoOAۦdoI

Q netstat iHoܦhAȸTAzLoӫOAڭ̥iHAѨAA åBiHzL PID P kill \ANDƵL篑 MաAnԲӪo PPID ܡA~צD{ǰաI

t~AFwgsbtη daemon ~Apb@}N㪺Ұʧڭ̩һݭnAȩOH Uڭ̴Nӽͤ@ chkconfig ntsysv oӦnΪFI

NpPW쪺Aڭ̨ϥ netstat ȯ[ثewgҰʪ daemon Aϥ service oӫOΪ̬Oy /etc/init.d/* start zkhȯbثeҤUߧYҰʬYӪAȦӤwC 򭫷s}OHӪAȬO_٬O~򪺦۰ʱҰʡHoӮɭԧڭ̴NonFѤ@UA쩳ڪ Linux DO}OH

1. }qqA}lŪ BIOS öiDۧڴաF
2. zL BIOS oĤ@ӥi}˸mAŪDn} (MBR) o}޲z{F
3. zL}޲z{]wAo kernel øJOBtεwF
4. ֤ߥDʩIs init {F
5. init {}ltΪl (/etc/rc.d/rc.sysinit)
6. ̾ init ]wi daemon start (/etc/rc.d/rc[0-6].d/*)
7. J]w (/etc/rc.d/rc.local)

h}y{ԲӻAڭ̷|bĤGQɦAӸjaC ѤWy{AiHݨtΪAȦb}ɴNiHQҰʪaObĤӨBJAӨƹWĤӨBJNOHP浥ũIsPAȰաI 򤰻s浥ũOH

ڭ̦bҰ Linux tήɡAiHiJPҦAoҦڭ̺٬浥 (run level)CP浥ŦP\PAȡA ثeAD`浥ŦӡA@ӬO㦳 X run level 5 At@ӫhO¤r run level 3C ѩw]ڭ̬OHϧΤnJtΪA]iHQo쪺OAڭӬOb run level 5 ҤաI A򪾹D run level 5 ǪAȹw]iHҰʩOHoNonϥίSOӬd߰ڡI

• chkconfigG ޲ztΪAȹw]}ҰʻP_

[root@www ~]# chkconfig --list [AȦW]
[root@www ~]# chkconfig [--level [0123456]] [AȦW] [on|off]
ﶵPѼơG
--list GȱNثeUAȪACX
--levelG]wYӪAȦb level UҰ (on)  (off)

dҤ@GCXثetΤWҦQ chkconfig ޲zA
[root@www ~]# chkconfig --list |more
NetworkManager  0:off   1:off   2:off   3:off   4:off   5:off   6:off
acpid           0:off   1:off   2:off   3:on    4:on    5:on    6:off
....(ٲ)....
yum-updatesd    0:off   1:off   2:on    3:on    4:on    5:on    6:off

xinetd based services:  <==U super daemon Һ޲zA
        chargen-dgram:  off
        chargen-stream: off
....(Uٲ)....
# AiHo{W榳Ӱ϶A@Ө㦳 1, 2, 3 ƦrA@ӫhQ xinetd 
# ޲zCSIqo̧ڭ̴No{AȦ stand alone P super daemon C

dҤGGܥXثeb run level 3 ҰʪA
[root@www ~]# chkconfig --list | grep '3:on'

dҤTG atd oӪAȦb run level  3, 4, 5 ɱҰʡG
[root@www ~]# chkconfig --level 345 atd on

@I chkconfig O_ܮe޲zڭ̩һݭnAȩOHuܤKա AiHPzL chkconfig Ӻ޲z super daemon AȳIt~AAonDOA chkconfig ȬO]w}ɹw]|ҰʪAȦӤwA ҥHӪAȥثeApODCڭ|өUҤlӻnFG

dҥ|G[ httpd AA[w]LҰʡAH chkconfig ]ww]Ұ
[root@www ~]# /etc/init.d/httpd status
httpd w  <==ڥNSҰ

[root@www ~]# chkconfig --list httpd
httpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
# ]Ow]èSҰʰڡI

[root@www ~]# chkconfig httpd on; chkconfig --list httpd
httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
# wg]wy}w]ҰʡzFAA[ݬݨ쩳ӪAȱҰʨSH

[root@www ~]# /etc/init.d/httpd status
httpd w
# IM٬OSҰʳI|o˰ڡH

Wdҥ|èSҰ httpd ]²A]ڭ̨èSϥ /etc/init.d/httpd start Iڭ̶ȬO]w}ɱҰʦӤwڡIڭ̤SSs}AҥHMϥ chkconfig ä|ɭPӪAȥߧYQҰʡI]|ӪAȥߧYQAӬOub}ɤ~|QJΨJӤwCӬJM chkconfig iH]w}O_ҰʡAڭ̯णΨӺ޲z super daemon ҰʻPOHD`nIڭ̴NӸլݬݩUרҡG

dҤGd\ rsync O_ҰʡAYnNӦpBzH
[root@www ~]# /etc/init.d/rsync status
-bash: /etc/init.d/rsync: No such file or directory
# rsync O super daemon ޲zAҥHMiHϥ stand alone Ұʤ觋[

[root@www ~]# netstat -tlup | grep rsync
tcp  0 0 192.168.201.110:rsync  *:*     LISTEN     4618/xinetd
tcp  0 0 www.vbird.tsai:rsync   *:*     LISTEN     4618/xinetd

[root@www ~]# chkconfig --list rsync
rsync           on   <==w]ҰʩOINBzw]Ұʧa

[root@www ~]# chkconfig rsync off; chkconfig --list rsync
rsync           off  <==ݧaIFI{bӳBz@U super daemon FFI

[root@www ~]# /etc/init.d/xinetd restart; netstat -tlup | grep rsync

̫@ӫOA|o{쥻 rsync FIoˬO_ܻNҰʻPA super daemon ޲zAȩOI

• ntsysvG ϧΤ޲zҦ

򥻤WA chkconfig uwgܦnΤFALAڭ̪ CentOS ٦Ѥ@ӧ󤣿ΪA NO ntsysv FI`NA chkconfig ܦh distributions sbAO ntsysv hO Red Hat tίSI

[root@www ~]# ntsysv [--level <levels>]
ﶵPѼơG
--level G᭱iHP run level AҦp ntsysv --level 35

@ڭ̳OJ ntsysv YiiJ޲zeFAӵepUϩҥܡG

4.2.1B ntsysv ܷN

WϤOCӪAȹw]}O_|Ұʪ]wȡAYAX{P (*) Nw]}|ҰʡA_hNO|b}ɱҰʰաC AiHϥΤWUӲʤAШAQnܧ󪺨ӪAȤWYAMUťNΨoCpG@ܧA AiHϥ [tab] ӲʴШ [OK] [Cancel] sWAMաAU [Ok] NOT{A|ͮoC `@UWzs\G

• WUG iHbطAbUӪAȤʡF
• ťG iHΨӿܧAһݭnAȡAe [*] | * X{F
• tab G iHbءBOKBCancel ʡF
• [F1]G iHܸӪAȪ

4.2.2B ntsysv ܷN

WϬONдʨ atd oӪAȤWYAAU [F1] ҥX{GAҥHoAAiHzL ntsysv h[w]}ҰʪAȡA ٯd\ӪAȪ򥻥\ରAo˴NyLM@UӪAȬO_ݭnsboIo˲zѤFaI

• chkconfigG ]wۤvtΪA

[root@www ~]# chkconfig [--add|--del] [AȦW]
ﶵPѼơG
--add GW[@ӪAȦWٵ chkconfig Ӻ޲zAӪAȦW٥b /etc/init.d/ 
--del GR@ӵ chkconfig ޲zA

{bAD chkconfig P ntsysv OunΪFApGڦۤvgF@ӵ{åBQnӵ{tΪAȦn chkconfig Ӻ޲zɡA iHiOHunNӪAȥ[J init iH޲z script AYO /etc/init.d/ YiC |ӨҤlAڭ̦b /etc/init.d/ ̭إߤ@ myvbird ɮסAɮ׶ȬO@²檺AȽdҡA򥻤WASγ~.... ɮתʬOo˪G

• myvbird Nb run level 3 5 ҰʡF
• myvbird b /etc/rc.d/rc[35].d ҰʮɡAH 80 ҰʡAH 70 쵲C

ҿתDAڭ̷|bGQСAo̧AݬݧYiC AӦpiOHiHo˰G

[root@www ~]# vim /etc/init.d/myvbird
#!/bin/bash
# chkconfig: 35 80 70
# description: SԣIuOΨӧ@mߤΪ@ӽd
echo "Nothing"

oɮ׫ܦnIAiHѦҧAۤvtΤWɮסF򥻤WAnOĤGALykOG y chkconfig: [runlevels] [Ұʶ] [] z𫟺A runlevels P run level AAҰʶ (start number) P (stop number) hOb /etc/rc.d/rc[35].d إߥH S80myvbird K70myvbird ɦW]w觋I

[root@www ~]# chkconfig --list myvbird
service myvbird supports chkconfig, but is not referenced in any 
runlevel (run 'chkconfig --add myvbird')
# |[J chkconfig ޲zIҥHݭnAI}

[root@www ~]# chkconfig --add myvbird; chkconfig --list myvbird
myvbird         0:off   1:off   2:off   3:on    4:off   5:on    6:off
# ݧaI[JF chkconfig ޲zFI
# ܦaIpGnNoǸƳRܡANUFo˪pG

[root@www ~]# chkconfig --del myvbird
[root@www ~]# rm /etc/init.d/myvbird

chkconfig uOӤΪuaIרOAQnۤvإߦۤvAȮɡI ^_^

H Linux Wn䴩ʶVӶVhA[Wۥѳn𫜮koiAڭ̥iHb Linux WΪ daemons uVӶVhFCҥHAQngҦ daemons дXGOi઺A]Ao̶ȤдXӫܱ` daemons ӤwA hTOANon·ЧAۤvϥ ntsysv Ϊ̬O vi /etc/init.d/* ̭ɮץh@@@o ^_^I UijDnOw Linux AӻAOWҳI

WAȬO CentOS 5.x w]ҰʪAoǹw]ҰʪAȫܦhOwWqҳ]pAҥHoApGA Linux Dγ~ObAWܡA򦳫ܦhAȬOiHաIpGA٦YǤժAȷQnA аȥndMӪAȪ\ରI|ҨӻA syslog NApGALܡAtδN|OnɡA AtΩҲͪĵiTNLkO_ӡAANLki debug C

U~򻡩@ǥibAtηAȡAuOw]èSҰʳoӪAȴNOFCuO@UA UAȪγ~٬Oݭnzۦd߬峹oC