The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Things look quiet here. But I've been doing a lot of blogging at dan.langille.org because I prefer WordPress now. Not all my posts there are FreeBSD related. I am in the midst of migrating The FreeBSD Diary over to WordPress (and you can read about that here). Once the migration is completed, I'll move the FreeBSD posts into the new FreeBSD Diary website.

finger and how to supply something different 24 February 2000
Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles
finger is a program used to talk to the fingerd daemon.   finger can be used to obtain information about accounts.  Here is an example:
# finger mike
Login: mike                              Name: mike
Directory: /home/mike                    Shell: /usr/local/bin/bash
On since Wed Feb 23 13:31 (NZDT) on ttyp0, idle 1 day 1:15, 
          (messages off)from russell
On since Thu Feb 24 13:30 (NZDT) on ttyp1 (messages off) from dbast
No Mail.
No Plan.

This information can be abused by crackers to aid in an attack on your system.  It tells them what accounts are in use, how often they are used, and whether or not they are currently in use.

This article shows you a way to supply something different.

modify /etc/inetd.conf
The incoming finger requests arrive on port 79.  Look at /etc/services and you'll see it there.  These requests are handled by inetd.  The actions taken by inetd are  specified in /etc/inetd.conf.   In this file, you'll find something similar to the following line which is what I was using before I made this change:
finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s -l
|                                    |                    |
|                                    |                    |
service name                   server program      server arguments

I don't wish to go into a great deal of detail about this line.  For more information, please see man inetd.  But I will say that the first field   represents the service and the last two fields are the server program and the server arguments.  We are dealing with the finger service, so we won't be changing the first field.  But we will change the last two fields.

Here is what I'm using now for finger:

finger stream tcp nowait/3/10 nobody /bin/cat   cat /home/finger_info

In this example, I'm just just changing the server program and the server arguments.   In the above example, I'm going to supply the contents of the file /home/finger_info.   You can put anything you want in this file.  And place it anywhere you want.   You don't have to use my location.  By the way: resist the temptation to put something rude or taunting into the message.  It will only attract unwanted attention from those with malicious intents.

NOTE: whereas finger allows you to query any user, the above solution provides the same reply to any finger request.

After you make the changes to /etc/inetd.conf and create the finger information file, remember to HUP inetd:

# killall -hup inetd

Then you should see something like this if you try finger dan@unixathome.org.

[unixathome.org]
Welcome to unixathome.org

PGP key for Dan Langille

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

mQGiBDiz0UMRBADxr9uyFL4BGRIdVtru82QOlPWpD9lncRAF2Kc/QyIlKfjf0Hpf
TLU/NnA8D5vNZSLOLZbGPaAVSiCc288VrB0YpEu/NbEcpZHQAWk8N/HdOufhwMWL
GuP8Ba8iQooHcY3ERKiNY4BpG7Y0Ost/vJgZzAyt8x5mAjopAVakFn2pJQCg/4iv
AfqzWY4i18zidwbCSvUPA7UD/Ahl4fOW917gMZfON1MQvyNkH2D3Oz/t009bo+to
e+uAxftDDpfKDcAxbW0E4UvOleNRIOxT33LYdiSrqJBQc9GH+05ebnFd/cTIhLiZ
0btLqnUqoeN7jWQtpVayW27hKBWqdd8CcwMDXR1YXP9yEvLg1rczxl+Vr7EQ10o8
6cGRA/48JdQVxCGqkD3+Xm3BkZFLaC7bIuOy45zZnlnQJ768+OR4EHXQWLEb9QDG
LoqcaHwftDm7vAbNQaBsNV7jJp/SeX43LggL7meAZ6MbFk4hsHU8W4weC11doAnv
BLHHwHs8geQrKQK+UB3o4L6PolhKaBht4b+1WCNrtyotKTmcyrQhRGFuIExhbmdp
bGxlIDxkYW5AdW5peGF0aG9tZS5vcmc+iQBOBBARAgAOBQI4s9FDBAsDAgECGQEA
CgkQdP4sbUDNBLNDNgCg7uNQmEKi/K9GXeqLpY8bKl0HS0QAoPcW4XIIn7gKqmWP
gWFHOSVT2+teuQINBDiz0UMQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4
INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3b
zpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9G
AFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67
VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM
2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICCADdcNHrWemq
GvvyFCTw/GENr16M2mbchWx3hR/yExg2d4pHtXCOQcRc0b0wI9Ao4gCRQPfTiznY
RBsZPpkFY5F+99rEMs3vP5cKLv8bZvkvbfQn99dJ0xl1K20kiGt7jcz6AMizXgvk
5afKcWNUasjRfCrQ9fCpXSejC+w/FEbXFQOhWdUYhJhgPfGUjQa8glOFDtb2bgHw
VmRkkogdnxfTITVfHWuGhZfBmbruUIamKg3tc0Mnn1Mj9y+vWo8ukMm0vXUUrnPV
H8lMX3xKMbySr0/eebJ2iJIawyEgw33ksut7SFpy/dWzq1vmBSsaNvJiv3SN55uQ
Zxd6jsmM8zNhiQBGBBgRAgAGBQI4s9FDAAoJEHT+LG1AzQSz8eAAn1zq4UTeGoXJ
ENX5zDCjDe1X/HlvAJ4zjIYPj0v+cerI4LEGT9R08B33kA==
=xTax
-----END PGP PUBLIC KEY BLOCK-----    

The above is the contents of /home/finger_info on my box.

Remember!
Don't test this from your own box.  If you do, you'll get the old finger results.  That's because local requests don't go through inetd.  Test this from outside your site.  And if you see this:
[dan@rock:~] $ finger dan@unixathome.org
[unixathome.org]

finger: read: Operation timed out    

then you'll need to open your firewall to allow finger requests.  Here's the rule I added for IP Filter:

# allow finger
pass in log quick proto tcp from any to any port = finger group 100

If you aren't using rule groups, it would be something like this:

# allow finger
pass in log quick on ed0 proto tcp from any to any port = finger

If you get a response like this:

$ finger dan@unixathome.org
[unixathome.org]
You are not welcome to use cat from a.host.yourdomain.org.

Then you need to add the following line to and /etc/hosts.allow:

# allow our finger command to work (see /etc/inetd.conf)
cat : ALL : allow 

That should do it.

Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles