15.2. The Internet Services and Protocols Module
This module deals with the configuration of inetd, and can be found under the Networking category in Webmin. If the icon is not visible, Webmin has detected that it is not installed. This could be because your distribution is using xinetd instead, in which case you should skip down to Section 15.8 “The Extended Internet Services Module”. If neither module is visible, check your distribution CD or website for an inetd or xinetd package.
The module's main page (shown in Figure 15.1) displays two tables, one for Internet Services that respond to TCP or UDP connections, and one for RCP Programs. In the Internet Services section, the names and protocols of all services are shown—in some cases, the same service may be recognized for more than one protocol. Each service can be in one of three states, indicated by the font its name is shown in:
Enabled (bold) A server program has been assigned to this service, and it is currently active.
Disabled (bold-italic) A server program has been assigned, but it is not active. This corresponds to a commented-out entry in the inetd.conf file.
Unassigned (normal) No server program has been assigned to this service, meaning there is no inetd.conf entry for it.
Figure 15.1. The Internet Services and Protocols module main page.
If the module configuration option Show services with no program has been set to No, services in the unassigned state will not be displayed. This is the default on some operating systems, due to the large number of services that the system knows about.
Most Linux distributions ship with almost all services in the disabled state by default. This limits the number of unnecessary services that your system allows connections to, and thus reduces the chance of a security hole in one of the server programs being exploited by an attacker.
Because each service is shown with only a short name like telnet or chargen, it is not obvious to an inexperienced administrator what each of them do. Some of the more commonly used services and their purposes are seen in Table 15.1.
The daytime, echo, and chargen services for both TCP and UDP protocols are handled internally by inetd when enabled, not by a separate server program.
| Service name | Protocol | Purpose |
|---|---|---|
| telnet | TCP | Remote login using the telnet command. Because a telnet connection is unencrypted, any username or password sent over it can theoretically be captured by an attacker. On modern systems, the secure SSH protocol is usually used instead. |
| pop3 | TCP | Mail retrieval using almost any mail client program, such as Outlook, Eudora or Netscape. If you want users to be able to pick up mail from your system, this protocol should be enabled. |
| imap | TCP | A superior mail retrieval protocol that supports folders and server-side mail storage. However, fewer mail clients support it. |
| finger | TCP | Remote user lookup using the finger command. |
| ntalk | TCP | Person-to-person chat using the UNIX talk program. |
| ftp | TCP | File upload or download using an FTP client. There are several different FTP server programs available, the most common being wu-ftpd and proftpd. Because they have many options that are configured separately, each has its own Webmin module as covered in Chapters 40 and 41. |
| shell | TCP | Unauthenticated remote login using the rsh command. Because the shell protocol validates users by client IP address only, it is not considered secure—ssh is a far better alternative. However, you may have to enable it for remote backups from the Filesystem Backup module. |
| login | TCP | Remote login using the rlogin command. Because this can be configured to validate users by client address only, it is considered insecure and rarely used. |
| exec | TCP | Remote command execution using the rexec program. Rarely used on modern systems, due to the superiority of ssh. |
| daytime | TCP | Upon connection, displays the server time in a human-readable format. |
| daytime | UDP | Like the TCP daytime service, but sends the human-readable time back in a UDP packet. |
| time | TCP | Up connection, displays the system time as a 4-byte binary number. |
| time | UDP | Like the TCP time service, but sends the binary time back in a UDP packet. |
| echo | TCP | Sends back any data that is sent to it. |
| echo | UDP | Sends back any packets that it receives. |
| chargen | TCP | Produces an endless stream of data containing printable ASCII characters for as long as a client is connected. |
| chargen | UDP | Like the TCP chargen service, but sends back a single UDP packet of ASCII characters in response to each one received from a client. |