Xinetd not running
-
Hi @ all,
I want to monitor my pfsense-box with check_mk, since snmp does not give all data I want. After reading some identical posts about it, I installed the check_mk-agent. It works locally, but cannot be contacted from the LAN. Since I found no xinetd-config, I looked if xinetd ist running.
According to
ps ax | grep xinetd
no xinetd-daemon is runningIn the /etc and etc/rc.d directories no start-script for xinetd can be found (by service-name). So I tried a new
installation with
pkg install xinetd
This only tells me „The most recent version of packages are already installed“Now I tried to manually start xinetd with
service xinetd start
I got "Cannot 'start' xinetd. Set xinetd_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'."/etc/rc.conf is nearly empty and contains no xinetd-lines, so I tried
service xinetd onestart
but it says „Starting xinetd.“, but it is still not running (tested with ps and xin…onestop)Finally I found the config-script for xinetd in /usr/local/etc/rc.d/
it contains:Add the following line to /etc/rc.conf to enable xinetd:
xinetd_enable="YES"
but etc/rc.conf says:
THIS FILE DOES NOTHING, DO NOT MAKE CONFIG CHANGES HERE
So, what can I do to get xinetd running and where will I find the config-file to open the port for check_mk???
Thanks in advance and best wishes from frozen Austria,
Karl -
Hi,
What is your pfSense version ?
Btw :
[2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep xinetd 16284 - Is 0:00.08 /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xi 78340 0 S+ 0:00.00 grep xinetd [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep xinetd 16284 - Is 0:00.08 /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid 78733 0 S+ 0:00.00 grep xinetd [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: cat /var/etc/xinetd.conf service 6969-udp { type = unlisted bind = 127.0.0.1 port = 6969 socket_type = dgram protocol = udp wait = yes user = root server = /usr/libexec/tftp-proxy server_args = -v }
This xinetd service is only listening to localhost, not LAN.
Note : as far as I know, I never installed a package that includes "xinetd" - actually, I don't know what it is - what it does.
I know it is there by default. -
Inetd is a very old "super server daemon" on UNIX and UNIX-style operating systems. Ideally nobody would be using it anymore but it's still required by some services.
https://en.wikipedia.org/wiki/Inetd
The reason why it should be abandoned is that inetd is a single point of failure and its access control features (provided by /etc/hosts.allow and such) are completely superceded by packet filters such as PF.
-
@ kpa
I do not want to run inetd, but xiinetd and I need it for check_mk.Hi,
What is your pfSense version ?
My version is:
2.4.2-RELEASE-p1 (amd64)
built on Tue Dec 12 13:45:26 CST 2017
FreeBSD 11.1-RELEASE-p6Btw :
[2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep xinetd 16284 - Is 0:00.08 /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xi 78340 0 S+ 0:00.00 grep xinetd [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep xinetd 16284 - Is 0:00.08 /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid 78733 0 S+ 0:00.00 grep xinetd [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: cat /var/etc/xinetd.conf service 6969-udp { type = unlisted bind = 127.0.0.1 port = 6969 socket_type = dgram protocol = udp wait = yes user = root server = /usr/libexec/tftp-proxy server_args = -v }
This xinetd service is only listening to localhost, not LAN.
Note : as far as I know, I never installed a package that includes "xinetd" - actually, I don't know what it is - what it does.
I know it is there by default.From the output of your ps-command I can see, that your config is in /var/etc. I too have a file there, but it is empty and has size 0.
I agree with you, that xinetd seems to be installed by default, but on my box it is not running. :-((
Can you please tell me how xinetd can be started, which config files are needed and where these need to be?
TIA, Karl