Sample Header Ad - 728x90

Is xinetd necessary? How to detect actual use on a running server?

0 votes
0 answers
450 views
centos services hardening xinetd
I have "inherited" a CentOS 7 server on which xinetd is automatically started at boot. My task is to harden that server. Therefore I am wondering whether I can disable the xinetd service. However, this is a production machine which limits my freedom to try out things. I might break something while trying but I should not. So: How can I detect whether the xinetd is necessary? Which other daemons/services are configured to be started by it (I suppose that's easy, look at /etc/xinetd.d files)? Which of these have ever been started and are actively used / needed? The files in /etc/xinetd.d might just be historical or from OS packages so these may not reflect needed services. Nevertheless, here is a listing of that directory: root@server.example.org:/root -> ll /etc/xinetd.d/ total 52 -rw-------. 1 root root 1157 Apr 1 2020 chargen-dgram -rw-------. 1 root root 1159 Apr 1 2020 chargen-stream -rw-r--r--. 1 root root 2256 Aug 1 2018 check_mk -rw-------. 1 root root 1157 Apr 1 2020 daytime-dgram -rw-------. 1 root root 1159 Apr 1 2020 daytime-stream -rw-------. 1 root root 1157 Apr 1 2020 discard-dgram -rw-------. 1 root root 1159 Apr 1 2020 discard-stream -rw-------. 1 root root 1148 Apr 1 2020 echo-dgram -rw-------. 1 root root 1150 Apr 1 2020 echo-stream -rw-------. 1 root root 1212 Apr 1 2020 tcpmux-server -rw-r--r--. 1 root root 518 Apr 11 2018 tftp -rw-------. 1 root root 1149 Apr 1 2020 time-dgram -rw-------. 1 root root 1150 Apr 1 2020 time-stream PS: I know, at some point I will have to upgrade the OS itself but first things first. Additional info: The server is serving home directories to a couple of clients by NFS, acts as a router for these and forwards active directory (AD) requests. In fact, the AD functionality is the main reason I am unsure what is needed because I have yet to understand the AD communication protocol (and client/proxy/routing prerequisites). Which services might xinetd be configured for? Perhaps this output helps? root@server.example.org:/root -> netstat -tulpan | grep xinet Exit 1 root@server.example.org:/root -> lsof -c xinetd -ai Exit 1 None? I believe I have had processes not showing up in netstat and still react to incoming requests, perhaps by systemd or (x)inetd. Let's ask /proc: root@server.example.org:/root -> cat /proc/pidof xinetd/net/tcp sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode 0: 0100007F:0019 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 36323 1 ffff9012125b07c0 100 0 0 10 0 1: 00000000:007A 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 36262 1 ffff9012125b0000 100 0 0 10 0 2: 00000000:199C 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 23844 1 ffff90125ca70000 100 0 0 10 0 3: 00000000:A7E1 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 34529 1 ffff901211c58f80 100 0 0 10 0 4: 00000000:0801 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 34515 1 ffff901211c587c0 100 0 0 10 0 5: 00000000:006F 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 28319 1 ffff90125d6b0000 100 0 0 10 0 6: 00000000:4E50 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 18419 1 ffff901212658000 100 0 0 10 0 7: 00000000:EB51 00000000:0000 0A 00000000:00000000 00:00000000 00000000 29 0 34497 1 ffff901211c58000 100 0 0 10 0 8: A13B2BAD:007A 8AB45373:AD92 01 00000000:00000000 02:0009786D 00000000 0 0 70547 3 ffff901211c5ec80 23 4 29 10 -1 root@server.example.org:/root -> cat /proc/pidof xinetd/net/udp sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode ref pointer drops 143: 00000000:0043 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 29194 2 ffff90125f4f9100 0 144: 00000000:0044 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 36283 2 ffff90125a9a8000 0 144: 00000000:0044 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 37049 2 ffff901252cc8000 0 145: 00000000:0045 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 23877 2 ffff90125b659100 0 187: 00000000:006F 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 28317 2 ffff90125b118880 0 199: 00000000:007B 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 28979 2 ffff90125f4f8cc0 0 399: 0100007F:0143 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 28977 2 ffff90125f4f8880 0 779: 0100007F:02BF 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 34483 2 ffff900a63b51100 0 934: 00000000:035A 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 28318 2 ffff90125b118cc0 0 2125: 00000000:0801 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 34525 2 ffff900a63b50440 0 3740: 00000000:4E50 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 18417 2 ffff9012510e8440 0 8222: 00000000:DFD2 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 34528 2 ffff900a63b50880 0 8548: 00000000:2118 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 36299 2 ffff90125a9a8440 0 9933: 00000000:E681 00000000:0000 07 00000000:00000000 00:00000000 00000000 29 0 34494 2 ffff900a63b50000 0 So, there are actually many ports it listens to? Now chkconfig output: root@server.example.org:/root -> chkconfig --list |& awk '/xinetd based services/,/""/' xinetd based services: chargen-dgram: off chargen-stream: off check_mk: on daytime-dgram: off daytime-stream: off discard-dgram: off discard-stream: off echo-dgram: off echo-stream: off tcpmux-server: off tftp: off time-dgram: off time-stream: off
Asked by Ned64 (9256 rep)
May 8, 2024, 11:50 AM
Last activity: May 8, 2024, 05:02 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "centos"
More questions tagged "services"
More questions tagged "hardening"
Footer Ad - 728x90