finger and how to supply something differentfinger is a program used to talk to the fingerd daemon. finger can be used to obtain information about accounts. Here is an example:
# finger mike Login: mike Name: mike Directory: /home/mike Shell: /usr/local/bin/bash On since Wed Feb 23 13:31 (NZDT) on ttyp0, idle 1 day 1:15, (messages off)from russell On since Thu Feb 24 13:30 (NZDT) on ttyp1 (messages off) from dbast No Mail. No Plan.
This information can be abused by crackers to aid in an attack on your system. It tells them what accounts are in use, how often they are used, and whether or not they are currently in use.
This article shows you a way to supply something different.
modify /etc/inetd.confThe incoming finger requests arrive on port 79. Look at /etc/services and you’ll see it there. These requests are handled by inetd. The actions taken by inetd are specified in /etc/inetd.conf. In this file, you’ll find something similar to the following line which is what I was using before I made this change:
finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s -l | | | | | | service name server program server arguments
I don’t wish to go into a great deal of detail about this line. For more information, please see man inetd. But I will say that the first field represents the service and the last two fields are the server program and the server arguments. We are dealing with the finger service, so we won’t be changing the first field. But we will change the last two fields.
Here is what I’m using now for finger:
finger stream tcp nowait/3/10 nobody /bin/cat cat /home/finger_info
In this example, I’m just just changing the server program and the server arguments. In the above example, I’m going to supply the contents of the file /home/finger_info. You can put anything you want in this file. And place it anywhere you want. You don’t have to use my location. By the way: resist the temptation to put something rude or taunting into the message. It will only attract unwanted attention from those with malicious intents.
NOTE: whereas finger allows you to query any user, the above solution provides the same reply to any finger request.
After you make the changes to /etc/inetd.conf and create the finger information file, remember to HUP inetd:
# killall -hup inetd
Then you should see something like this if you try finger email@example.com.
[unixathome.org] Welcome to unixathome.org PGP key for Dan Langille -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> mQGiBDiz0UMRBADxr9uyFL4BGRIdVtru82QOlPWpD9lncRAF2Kc/QyIlKfjf0Hpf TLU/NnA8D5vNZSLOLZbGPaAVSiCc288VrB0YpEu/NbEcpZHQAWk8N/HdOufhwMWL GuP8Ba8iQooHcY3ERKiNY4BpG7Y0Ost/vJgZzAyt8x5mAjopAVakFn2pJQCg/4iv AfqzWY4i18zidwbCSvUPA7UD/Ahl4fOW917gMZfON1MQvyNkH2D3Oz/t009bo+to e+uAxftDDpfKDcAxbW0E4UvOleNRIOxT33LYdiSrqJBQc9GH+05ebnFd/cTIhLiZ 0btLqnUqoeN7jWQtpVayW27hKBWqdd8CcwMDXR1YXP9yEvLg1rczxl+Vr7EQ10o8 6cGRA/48JdQVxCGqkD3+Xm3BkZFLaC7bIuOy45zZnlnQJ768+OR4EHXQWLEb9QDG LoqcaHwftDm7vAbNQaBsNV7jJp/SeX43LggL7meAZ6MbFk4hsHU8W4weC11doAnv BLHHwHs8geQrKQK+UB3o4L6PolhKaBht4b+1WCNrtyotKTmcyrQhRGFuIExhbmdp bGxlIDxkYW5AdW5peGF0aG9tZS5vcmc+iQBOBBARAgAOBQI4s9FDBAsDAgECGQEA CgkQdP4sbUDNBLNDNgCg7uNQmEKi/K9GXeqLpY8bKl0HS0QAoPcW4XIIn7gKqmWP gWFHOSVT2+teuQINBDiz0UMQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4 INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3b zpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9G AFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67 VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM 2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICCADdcNHrWemq GvvyFCTw/GENr16M2mbchWx3hR/yExg2d4pHtXCOQcRc0b0wI9Ao4gCRQPfTiznY RBsZPpkFY5F+99rEMs3vP5cKLv8bZvkvbfQn99dJ0xl1K20kiGt7jcz6AMizXgvk 5afKcWNUasjRfCrQ9fCpXSejC+w/FEbXFQOhWdUYhJhgPfGUjQa8glOFDtb2bgHw VmRkkogdnxfTITVfHWuGhZfBmbruUIamKg3tc0Mnn1Mj9y+vWo8ukMm0vXUUrnPV H8lMX3xKMbySr0/eebJ2iJIawyEgw33ksut7SFpy/dWzq1vmBSsaNvJiv3SN55uQ Zxd6jsmM8zNhiQBGBBgRAgAGBQI4s9FDAAoJEHT+LG1AzQSz8eAAn1zq4UTeGoXJ ENX5zDCjDe1X/HlvAJ4zjIYPj0v+cerI4LEGT9R08B33kA== =xTax -----END PGP PUBLIC KEY BLOCK-----
The above is the contents of /home/finger_info on my box.
Remember!Don’t test this from your own box. If you do, you’ll get the old finger results. That’s because local requests don’t go through inetd. Test this from outside your site. And if you see this:
[dan@rock:~] $ finger firstname.lastname@example.org [unixathome.org] finger: read: Operation timed out
then you’ll need to open your firewall to allow finger requests. Here’s the rule I added for IP Filter:
# allow finger pass in log quick proto tcp from any to any port = finger group 100
If you aren’t using rule groups, it would be something like this:
# allow finger pass in log quick on ed0 proto tcp from any to any port = finger
If you get a response like this:
$ finger email@example.com [unixathome.org] You are not welcome to use cat from a.host.yourdomain.org.
Then you need to add the following line to and /etc/hosts.allow:
# allow our finger command to work (see /etc/inetd.conf) cat : ALL : allow
That should do it.