3.12. Restricting Access by Time of Day
Problem
You want a service to be available only at certain times of day.
Solution
For
xinetd
, use its
access_times
attribute. For example, to make
telnetd accessible from 8:00 a.m. until 5:00 p.m.
(17:00) each day:
/etc/xinetd.conf or /etc/xinetd.d/telnet:
service telnet
{
...
access_times = 8:00-17:00
}
For inetd, we’ll implement this manually using the m4 macro processor and cron . First, invent some strings to represent times of day, such as “working” to mean 8:00 a.m. and “playing” to mean 5:00 p.m. Then create a script (say, inetd-services) that uses m4 to select lines in a template file, creates the inetd configuration file, and signals inetd to reread it:
/usr/local/sbin/inetd-services:
#!/bin/sh
m4 "$@" /etc/inetd.conf.m4 > /etc/inetd.conf.$$
mv /etc/inetd.conf.$$ /etc/inetd.conf
kill -HUP `pidof inetd`
Copy the original /etc/inetd.conf file to the template file, /etc/inetd.conf.m4. Edit the template to enable services conditionally according to the value of a parameter, say, TIMEOFDAY. For example, the Telnet service line that originally looks like this:
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
might now look like:
ifelse(TIMEOFDAY,working,telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd)
which means “if TIMEOFDAY
is
working
, include the Telnet line, otherwise
don’t.” Finally, set up
crontab entries to enable or disable services at
specific times of day, by setting the TIMEOFDAY
parameter:
0 8 * * * /usr/local/sbin/inetd-services ...
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.