Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unix System Administration Chapter 31 Daemons. Out of the Goo, the Primordial Process l Init l Always the first process to run after system boot l Always.

Published byMyron Wilkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Unix System Administration Chapter 31 Daemons. Out of the Goo, the Primordial Process l Init l Always the first process to run after system boot l Always."— Presentation transcript:

1 Unix System Administration Chapter 31 Daemons

2 Out of the Goo, the Primordial Process l Init l Always the first process to run after system boot l Always PID 1 l Ancestor of all user processes and all but a few system processes l Configured using /etc/inittab l Exorcises undead zombie process l If init dies, the system will hang or reboot

3 It’s a Bird, It’s a Plane, No It’s the Super Daemon l Inetd l Daemon that manages other daemons l The daemons it manages must be programmed to be started and managed by inetd l Uses /etc/inetd.conf and /etc/services as configuration files l Simple daemons (echo, discard, etc) are built- into inetd l You need to send SIGHUP to inetd after editing /etc/inetd.conf to tell it to reread the file

4 /etc/inetd.conf (abridged) # Syntax for socket-based Internet services: # ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd echo stream tcp nowait root internal echo dgram udp wait root internal talk dgram udp wait root /usr/sbin/in.talkd in.talkd

5 /etc/services (abridged) echo 7/tcp echo 7/udp ftp-data 20/tcp ftp 21/tcp telnet 23/tcp talk 517/udp

6 Mapping Those Pesky Ports l Portmap (aka Rpcbind) l Runs on port 111 l Maps between RPC service numbers and TCP/IP port numbers l RPC services register their service number, version and port number with portmap/rpcbind when the start up l Clients contact portmap/rpcbind to find the port that a particular service is running on. l Use rpcinfo -p to display registered services

7 Let’s Wrap It Up! l TCP_Wrappers l Used to provide IP address-level security to daemons run from inetd l Can also be used with non-inetd daemons if they can link with the libwrap library l Logs successful and failed attempts via syslog facility l Requires modification to /etc/inetd.conf l Written by Wietse Venema of the Netherlands l ftp://ftp.porcupine.org/pub/security/index.html

8 TCP_Wrapperized /etc/inetd.conf # Syntax for socket-based Internet services: # ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd echo stream tcp nowait root internal echo dgram udp wait root internal talk dgram udp wait root /usr/sbin/tcpd in.talkd

9 /etc/hosts.allow & /etc/hosts.deny /etc/hosts.allow ALL: localhost,krusty in.telnetd: beast,bugs in.rlogind: beast,bugs in.rexecd: beast,bugs,159.91. in.rshd: beast,bugs in.fingerd: ALL in.talkd: ALL /etc/hosts.deny ALL: ALL

10 Daemons Daemons Everywhere... l nfsd, rpc.lockd & rpc.statd - file sharing l ypbind, ypserv, ypxfrd - NIS daemons l comsat - e-mail notification l talkd - chat server l routed, gated - routing l innd, nntpd - Network News l syslogd - logging server l httpd - web server

11 … Even in Your Underwear l Ftpd - file transfer l telnetd - remote terminal l rshd, rexec - remote shell l rlogin - remote login l xntp - time sync l dhcpd, bootpd, rarpd - IP address servers l popper, ipopd, imapd - e-mail servers l sendmail - e-mail routing server

12 Exorcise These Daemons! l Besides a Unix service, what is a “daemon?” l What happens if inetd dies? l What is the name of the TCP_wrapper daemon?

Download ppt "Unix System Administration Chapter 31 Daemons. Out of the Goo, the Primordial Process l Init l Always the first process to run after system boot l Always."

Similar presentations

Chapter 2 Booting and Shutting Down Kim Grempler (Sections 2.0 to 2.3) Leon Dague (Sections 2.4 to 2.7)

Chapter 2 Booting and Shutting Down Kim Grempler (Sections 2.0 to 2.3) Leon Dague (Sections 2.4 to 2.7)
153 Configuring and Securing ARPA/Berkeley Services Version A.01 H3065S Module 13 Slides.

153 Configuring and Securing ARPA/Berkeley Services Version A.01 H3065S Module 13 Slides.
Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Linux Security An overview notes from Linux Network Security HowTO.

Linux Security An overview notes from Linux Network Security HowTO.
Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.

Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.
Netprog: daemons and inetd1 Daemons & inetd Refs: Chapter 13.

Netprog: daemons and inetd1 Daemons & inetd Refs: Chapter 13.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.

© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.
The Internet Ed Lazowska Bill & Melinda Gates Chair in Computer Science & Engineering University of Washington August 2010.

The Internet Ed Lazowska Bill & Melinda Gates Chair in Computer Science & Engineering University of Washington August 2010.
Unix Network Programming Chapter 13: Daemon processes and the inetd superserver 22.4.2005 Jani Peusaari.

Unix Network Programming Chapter 13: Daemon processes and the inetd superserver Jani Peusaari.
Daemon Processes and inetd Superserver

Daemon Processes and inetd Superserver
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Chapter 3 Unix Overview. Figure 3.1 Unix file system.

Chapter 3 Unix Overview. Figure 3.1 Unix file system.
CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.

1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
Linux System Administration LINUX SYSTEM ADMINISTRATION.

Linux System Administration LINUX SYSTEM ADMINISTRATION.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)

1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
1 Linux Networking and Security Chapter 4. 2 Configuring Client Services Configure “superservers” to handle multiple network services Set up administrative.

1 Linux Networking and Security Chapter 4. 2 Configuring Client Services Configure “superservers” to handle multiple network services Set up administrative.

Similar presentations

Ads by Google