The inetd (also known as superserver) is a daemon that provides (commonly on Linux and Unix systems) internet services. The configuration file inetd.conf contains the list of the offered services by the daemon. The clients connect to certain port and inetd launches the corresponding program to process the connection.
This example shows how to setup a service that executes remote commands and shows the output.
We will use a simple and easy to develop bash script, but inetd can also be configured to use a binary or any other program.
This could be our script (remote-commands.sh for example):
#!/bin/bash read MESSAGE while [ "$MESSAGE" != "Q" ] do $MESSAGE echo read $MESSAGE done echo "Byeeee"
Give executions perms:
# chmod +x /root/SCRIPTS/remote-commands.sh
And test it (the script waits for commands until a 'Q' char is sent):
# /root/SCRIPTS/remote-commands.sh pwd /root cd /var/log pwd /var/log ls syslog* syslog syslog.1 syslog.2.gz syslog.3.gz syslog.4.gz syslog.5.gz syslog.6.gz syslog.7.gz Q Byeeee #
These are the contents of my inet.conf after configuring this new custom service:
# cat /etc/inetd.conf # /etc/inetd.conf: see inetd(8) for further informations. # # Internet superserver configuration database # # # Lines starting with "#:LABEL:" or "#
#" should not # be changed unless you know what you are doing! # # If you want to disable an entry so it isn't touched during # package updates just comment it out with a single '#' character. # # Packages should modify this file by using update-inetd(8) # # # #:INTERNAL: Internal services #discard stream tcp nowait root internal #discard dgram udp wait root internal #daytime stream tcp nowait root internal #time stream tcp nowait root internal #:STANDARD: These are standard services. #:BSD: Shell, login, exec and talk are BSD protocols. #:MAIL: Mail, news and uucp services. #:INFO: Info services #:BOOT: TFTP service is provided primarily for booting. Most sites # run this only on machines acting as "boot servers." #:RPC: RPC based services #:HAM-RADIO: amateur-radio services #:OTHER: Other services remote-commands stream tcp nowait root /root/SCRIPTS/remote-commands.sh
This last line configures our new service:
|remote-commands||Service name - Must exist on /etc/services (see next section)|
|stream||Socket - Normally stream for TCP and dgram for UDP|
|tcp||Protocol - tcp/udp|
|nowait||Threading - nowait for multithread (TCP) or wait for unithread (UDP)|
|root||User - User that executes the program|
|/root/SCRIPTS/remote-commands.sh||Program - Program that processes the incoming requests|
Our new custom service name must have an entry on the /etc/services file.
After choosing a high tcp port (for example 3334) this is the needed entry:
# tail /etc/services csync2 30865/tcp # cluster synchronization tool dircproxy 57000/tcp # Detachable IRC Proxy tfido 60177/tcp # fidonet EMSI over telnet fido 60179/tcp # fidonet EMSI over TCP # Local services # Custom services remote-commands 3334/tcp # Remote commands
Restart inetd daemon
For my debian distribution:
# /etc/init.d/openbsd-inetd restart Restarting internet superserver: inetd. #
The basic telnet client is not very friendly with character treatment, terminal emulation… so to test our service I suggest using the netcat tool. It has a lot of features but we need it as a telnet client. There are versions for a wide variety of platforms:
# nc server port
This service example is not very useful but, like I will show on future posts, we can use a custom inetd service to allow passive nagios checks.