ffingerd(8)
NAME
ffingerd - secure and lightweight finger daemon
DESCRIPTION
- The ffingerd program is a drop-in replacement for the
- standard fingerd that comes with most systems today. Most finger
- daemons in use today support several features which are not ac
- ceptable for security-conscious system administrators, so many
- chose to disable the finger service completely. This version of
- the finger daemon is invoked by inetd, but it's not meant to be
- run as root. In fact, it should run as nobody. Ffingerd does
- not allow global finger queries (finger @host), indirect finger
- queries (finger foo@host.a@host.b), it does not give away valu
- able information like the shell, login directory and time of last
- login, and users can put a ".nofinger" file in their homes and
- then ffingerd will respond with "That user does not want to be
- fingered".
LOGGING
- Requests that may indicate attacks are logged by ffingerd
- through the syslog(3) facility. The default facility is
- LOG_INFO, you can change that by editing config.h after running
- configure.
- These requests are logged :
- empty finger attempts
- finger @victim.com # find out who's logged in
- indirect finger attempts
- finger root@victim.com@innocuous.edu
# to victim.com this finger query comes from
# innocuous.edu - unwanted finger attempts
- Users can put .nofinger files in their home, and
- then attempts to finger them will yield
- That user does not want to be fingered
FILES
~/.nofinger, ~/.plan, ~/.project, ~/.pubkey
BUGS
- When ffingerd is running as nobody and a user does not
- have world execute permission set for his home, then ffingerd can
- not check whether that user has a .nofinger file there and as
- sumes it's not there.
SEE ALSO
http://www.fefe.de/ffingerd/
AUTHOR
- Felix von Leitner (felix@fefe.de),
- FFIN