Linux   Linux – Create custom inetd service



The inetd (also known as superserver) is a daemon that provides (commonly on Linux and Unix systems) internet services. The configuration file inetd.conf contains the list of the offered services by the daemon. The clients connect to certain port and inetd launches the corresponding program to process the connection.

This example shows how to setup a service that executes remote commands and shows the output.

Script

We will use a simple and easy to develop bash script, but inetd can also be configured to use a binary or any other program.

This could be our script (remote-commands.sh for example):

#!/bin/bash

read MESSAGE
while [ "$MESSAGE" != "Q" ]
do
        $MESSAGE
        echo
        read $MESSAGE
done
echo "Byeeee"

Give executions perms:

# chmod +x /root/SCRIPTS/remote-commands.sh

And test it (the script waits for commands until a 'Q' char is sent):

# /root/SCRIPTS/remote-commands.sh
pwd
/root

cd /var/log

pwd
/var/log

ls syslog*
syslog  syslog.1  syslog.2.gz  syslog.3.gz  syslog.4.gz  syslog.5.gz  syslog.6.gz  syslog.7.gz

Q
Byeeee
# 

Configure /etc/inetd.conf

These are the contents of my inet.conf after configuring this new custom service:

# cat /etc/inetd.conf

# /etc/inetd.conf:  see inetd(8) for further informations.
#
# Internet superserver configuration database
#
#
# Lines starting with "#:LABEL:" or "##" should not
# be changed unless you know what you are doing!
#
# If you want to disable an entry so it isn't touched during
# package updates just comment it out with a single '#' character.
#
# Packages should modify this file by using update-inetd(8)
#
#       
#
#:INTERNAL: Internal services
#discard                stream  tcp     nowait  root    internal
#discard                dgram   udp     wait    root    internal
#daytime                stream  tcp     nowait  root    internal
#time           stream  tcp     nowait  root    internal

#:STANDARD: These are standard services.

#:BSD: Shell, login, exec and talk are BSD protocols.

#:MAIL: Mail, news and uucp services.

#:INFO: Info services

#:BOOT: TFTP service is provided primarily for booting.  Most sites
#       run this only on machines acting as "boot servers."

#:RPC: RPC based services

#:HAM-RADIO: amateur-radio services

#:OTHER: Other services
remote-commands stream  tcp     nowait  root    /root/SCRIPTS/remote-commands.sh

This last line configures our new service:

remote-commandsService name - Must exist on /etc/services (see next section)
streamSocket - Normally stream for TCP and dgram for UDP
tcpProtocol - tcp/udp
nowaitThreading - nowait for multithread (TCP) or wait for unithread (UDP)
rootUser - User that executes the program
/root/SCRIPTS/remote-commands.shProgram - Program that processes the incoming requests

Configure /etc/services

Our new custom service name must have an entry on the /etc/services file.
After choosing a high tcp port (for example 3334) this is the needed entry:

# tail /etc/services
csync2          30865/tcp                       # cluster synchronization tool
dircproxy       57000/tcp                       # Detachable IRC Proxy
tfido           60177/tcp                       # fidonet EMSI over telnet
fido            60179/tcp                       # fidonet EMSI over TCP

# Local services

# Custom services
remote-commands 3334/tcp                        # Remote commands

Restart inetd daemon

For my debian distribution:

# /etc/init.d/openbsd-inetd restart
Restarting internet superserver: inetd.
#

Test it!

The basic telnet client is not very friendly with character treatment, terminal emulation… so to test our service I suggest using the netcat tool. It has a lot of features but we need it as a telnet client. There are versions for a wide variety of platforms:

# nc server port

netcat telnet

This service example is not very useful but, like I will show on future posts, we can use a custom inetd service to allow passive nagios checks.

Leave a Reply

Your email address will not be published. Required fields are marked *