NAME
cfingerd - Configurable finger daemon.
SYNOPSIS
cfingerd [ -c | -e | -o | -v ]
-c : Check configuration
-e : Emulate local finger w/o inetd
-o : Turn off all finger queries
-v : Request version information
-c checks your installed configuration. This makes sure there are no
existing errors in the current cfingerd.conf file.
-e allows you to emulate a local finger on a user that exists on your
system. This lets you test cfingerd on your system before installing
it. Using the "-e" directive is the same as installing the software,
typing "finger username@" and getting the output. Using "-e username"
does the same.
-o turns off all finger queries. This makes it so that no one can
finger your system - no matter what they try to do. Unlike the other
options, this option is used in inetd.conf, not on the command line.
-v requests cfingerd version information.
DESCRIPTION
CFINGERD is a totally new, and totally configurable finger daemon - one
of the first. It listenes on the finger port (port 79) to provide
useful information about each user that is on your system according to
the finger protocol as described in RFC 1288. Only thing is, cfingerd
provides a unique twist.
CFINGERD was designed for the sole purpose of making output on finger
queries configurable. If you want to change any text that is displayed
during finger queries, you can configure the finger daemon to display
just about anything you want.
CFINGERD also takes into account any security breaches, and attempts to
close them. With the added bonus of creating ".nofinger" files, this
is displayed instead of finger information, making it possible for
users to keep themselves relatively anonymous from outside users. For
a maximum of users privacy you should place an exact copy of
/etc/cfingerd/nouser_banner.txt in your .nofinger file.
WHY WAS IT DONE?
The answer is simple. Security. Many sites turn off finger for the
reason that they don’t want outside users to see who’s on their system,
or get information about a specific user on their system. This seemed
unfair to the rest of the users out there, so this program was created.
Besides, those sites were waiting for this type of program. Many sites
that originally had their finger turned off turned them back on because
of cfingerd.
Many sites have complained that they wanted the ability to create a
"fake-user", or a user that doesn’t exist but calls a pre-written shell
script. CFINGERD has taken this into account, and provides the best
method possible for creating such scripts. (See cfingerd.conf(5) for
more information on the configuration file.)
FEATURES CFINGERD PROVIDES, AND DESCRIPTIONS OF EACH
CFINGERD was totally rewritten. Why is this? Well, the older version
of cfingerd had quite a few bugs, and it didn’t quite do all of the
things that cfingerd now does. This new version was totally revamped,
and most of the bugs that were in the older version of cfingerd were
removed in this one. Besides, the code in here was more compact.
Header and footer displays were a very big part of the original release
of cfingerd, and shall continue to remain in all versions. Headers and
footers are only displays at the beginning and ending of all finger
displays, and are used as unique little "advertisements" or such.
Last time displayed is always a critical issue. It’s covered in
cfingerd. Cfingerd simply shows how many times this user is connected,
what their idle time is on each TTY they’re connected to, and whether
or not they are accepting messages. If they’re not accepting messages,
a "[MESG-N]" display will be shown if this is the case. This display
also shows the last time mail was read, and whether or not this user
has mail. If this is still too much for your taste, each of these
items can be disabled system wide.
Stand-alone and INETD support is compiled into the program, but only
INETD support is given for the time being. The reason being is that I
have not yet added the code for stand-alone daemon mode.
.nofinger files are used when a user wishes to remain anonymous. These
files should be placed in their home directories, and can display
anything they want. There’s just a few restrictions. These .nofinger
display files cannot be character devices, directories, fifos, soft or
hard links, or anything else of that caliber. They must only be normal
files.
Fakeusers were supported for the simple fact that many sites want to
create users that don’t exist, and make them execute a shell. If you
want this done, then install a fake user. Read up in cfingerd.conf(5)
for more information on these useful options.
Service listings were used to show what fakeusers you have installed on
your system. These can be formatted however you wish, and are
explained (once again) in cfingerd.conf(5).
Searching for usernames is a very powerful feature that cfingerd takes
full advantage of. If you are looking for a specific username on the
system, or don’t know what their name is, simply use the
search.pattern directive with cfingerd will search for all users
containing pattern in their real name or username on that system.
Searching for usernames is NOT case sensitive. You may search for a
specific username or real name, for part of the username or real ame,
or for a pattern matching the entire username or the entire real ame.
If you search for part of a user’s name, chances are, it’ll be
displayed.
Warning searching will currently return the names of daemon users and
users
and you will be able to search for a user on your system.
Security is a given. If you don’t want to show someone something, then
it won’t display what you don’t want. Simply edit the cfingerd.conf
file and make changes. It’s that simple.
Searching for usernames is NOT case sensitive. If you are searching
for a specific username, or part of the user’s name. If you search for
part of a user’s name or username, chances are, it’ll be displayed.
Not just PLAN, or PROJECT but there’s also an option to display your
public PGP key, if you have one. This is very useful if you want to
keep your mail or other information secret to yourself, and don’t want
"big brother" watching over your shoulder as you talk amongst
yourselves. (Thanks to Andy Smith for this patch). (For your info,
the standard plan file is .plan, project is .project, PGP info is
.pgpkey, and XFace icon information is .xface)
Remember, any or all of these options stated above, can be turned on or
off at will. If you want a specific option turned off, turn it off.
:)
FULL LIST OF BUILTIN USER NAMES
cfingerd provides a set of builtin fake users. Two of them are also
used internally by cfingerd.
@ List logged on users without .nofinger file. If the
system_list_sites option is used in the main configuration file
cfingerd will try to gather information from all listed hosts.
userlist@
Same as @, except that it only lists people who are idle no
longer than one day. This is intended to give a better overview
of who’s really online at the moment of fingering.
userlist-only@
List logged on users without .nofinger file - without headers
and footers. This fake user is used internally to gather system
information from remote hosts for @.
userlist-online@
List logged on users without .nofinger file - without headers
and footers. Only users will be listed who are idle no longer
than a day. This fake user is used internally to gather system
information from remote hosts for userlist@.
version@
Display version information for cfingerd.
services@
List all fake users.
search.pattern@
Search for users using the GCOS field in /etc/passwd. Only
users will be displayed who don’t have a .nofinger-file.
help@ Help text listing all of these.
These can be disabled in cfingerd.conf(5) as follows
@ and userlist@
Set SYSTEM_LIST to FALSE.
userlist-only@ and userlist-online@
Disable ALLOW_USERLIST_ONLY (i.e. prefix it with a minus sign)
or disable SYSTEM_LIST.
version@
Disable ALLOW_CONFESSION (i.e. prefix it with a minus sign).
services@
Disable ALLOW_FAKEUSER_FINGER (i.e. prefix it with a minus
sign).
search.pattern@
Disable ALLOW_SEARCHABLE_FINGER (i.e. prefix it with a minus
sign).
help@ Disable ALLOW_CONFESSION (i.e. prefix it with a minus sign).
ERROR MESSAGES
Any error messages that result are fairly easy to debug if you know
what to look for.
Segmentation Violations don’t always occur, but if they ever do, you
can pretty easily figure out what’s going on. Unfortunately, cfingerd
doesn’t have any compatibility with older cfingerd.conf files, so if
you get a Segmentation Violation, this (usually) means that your
cfingerd.conf file needs to be replaced.
Timeouts usually mean that a script has timed out, or a connection to
another site timed out.
SYSLOGGING MESSAGES
Well, there’s no real way to describe SYSLOG messages since they can be
changed as the system administrator chooses. Although, examples can be
given based on the standard configuration that was distributed.
If any IP addresses cannot be matched to a name it will display a "IP:
Hostname not matched".
If the renice fails (to make the program run at the highest priority)
then it will display "Fatal - Nice died: (reason)".
If there is no buffer information waiting in the STDIN buffer, it will
display "STDIN contains no data".
If a trusted host fingers your site, a "<- Trusted" will appear.
If a rejected host fingers your site, a "<- Rejected" will appear.
If root is fingered on your site, it will display "Root".
If a service listing was fingered on your site, it will display
"Service listing".
If a user listing was requested, it will display "User listing".
If a fake user was requested, it will display "Fake user".
If "whois" data was requested, it will display "Whois request". (Note,
whois was not implemented in this release, since it wasn’t ’RFC’
compliant.)
Any extra information pertaining to the incoming finger is displayed in
the syslogging area. (It’s also recommended that you reconfigure
syslog.conf(5) to display to an unused VT. :)
PLANS
Any other options or improvements will probably come from user
suggestions. :)
Later plans will make it so that you can define your own display
formats for the finger display. This means that you can re-define how
you want your finger display to look.
CONTACTING
If you like the software, and you want to learn more about the
software, or want to see a feature added to it that isn’t already here,
then please write to cfingerd@infodrom.north.de. The project’s webpage
is at http://www.infodrom.north.de/cfingerd/ .
SEE ALSO
cfingerd.conf(5), cfingerd.text(5), finger(1), userlist(1),
syslog.conf(5).