The inetd (also known as superserver) is a daemon that provides (commonly on Linux and Unix systems) internet services. The configuration file inetd.conf contains the list of the offered services by the daemon. The clients connect to certain port and inetd launches the corresponding program to process the connection.
This example shows how to setup a service that executes remote commands and shows the output.
Script
We will use a simple and easy to develop bash script, but inetd can also be configured to use a binary or any other program.
This could be our script (remote-commands.sh for example):
#!/bin/bash
read MESSAGE
while [ "$MESSAGE" != "Q" ]
do
$MESSAGE
echo
read $MESSAGE
done
echo "Byeeee"
Give executions perms:
# chmod +x /root/SCRIPTS/remote-commands.sh
And test it (the script waits for commands until a 'Q' char is sent):
# /root/SCRIPTS/remote-commands.sh
pwd
/root
cd /var/log
pwd
/var/log
ls syslog*
syslog syslog.1 syslog.2.gz syslog.3.gz syslog.4.gz syslog.5.gz syslog.6.gz syslog.7.gz
Q
Byeeee
#
Configure /etc/inetd.conf
These are the contents of my inet.conf after configuring this new custom service:
# cat /etc/inetd.conf
# /etc/inetd.conf: see inetd(8) for further informations.
#
# Internet superserver configuration database
#
#
# Lines starting with "#:LABEL:" or "##" should not
# be changed unless you know what you are doing!
#
# If you want to disable an entry so it isn't touched during
# package updates just comment it out with a single '#' character.
#
# Packages should modify this file by using update-inetd(8)
#
#
#
#:INTERNAL: Internal services
#discard stream tcp nowait root internal
#discard dgram udp wait root internal
#daytime stream tcp nowait root internal
#time stream tcp nowait root internal
#:STANDARD: These are standard services.
#:BSD: Shell, login, exec and talk are BSD protocols.
#:MAIL: Mail, news and uucp services.
#:INFO: Info services
#:BOOT: TFTP service is provided primarily for booting. Most sites
# run this only on machines acting as "boot servers."
#:RPC: RPC based services
#:HAM-RADIO: amateur-radio services
#:OTHER: Other services
remote-commands stream tcp nowait root /root/SCRIPTS/remote-commands.sh
This last line configures our new service: [table id=2 /]
Configure /etc/services
Our new custom service name must have an entry on the /etc/services file.
After choosing a high tcp port (for example 3334) this is the needed entry:
# tail /etc/services
csync2 30865/tcp # cluster synchronization tool
dircproxy 57000/tcp # Detachable IRC Proxy
tfido 60177/tcp # fidonet EMSI over telnet
fido 60179/tcp # fidonet EMSI over TCP
# Local services
# Custom services
remote-commands 3334/tcp # Remote commands
Restart inetd daemon
For my debian distribution:
# /etc/init.d/openbsd-inetd restart
Restarting internet superserver: inetd.
#
Test it!
The basic telnet client is not very friendly with character treatment, terminal emulation… so to test our service I suggest using the netcat tool. It has a lot of features but we need it as a telnet client. There are versions for a wide variety of platforms:
# nc server port
This service example is not very useful but, like I will show on future posts, we can use a custom inetd service to allow passive nagios checks.