-->

Previous | Table of Contents | Next

Page 1107

_o turns off all finger queries. This makes it so that no one can finger your system—no matter what they try to do.

_v requests cfingerd version information.

DESCRIPTION

cfingerd is a totally new and totally configurable finger daemon—one of the first. It utilizes the finger port (port 79) to provide useful information on each user on your system. However, cfingerd provides a unique twist.

cfingerd was designed for the sole purpose of making output on finger queries configurable. If you want to change any text that is displayed during finger queries, you can configure the finger daemon to display just about anything you want.

cfingerd also takes into account any security breaches and attempts to close them. With .nofinger files, this is displayed instead of finger information, making it possible for users to keep themselves relatively anonymous from outside users.

WHY WAS IT DONE?

The answer is simple: security. Many sites turn off finger for the reason that they don't want outside users to see who's on their system or get information about a specific user on their system. This seemed unfair to the rest of the users out there, so this program was created. Those sites were waiting for this type of program. Many sites that originally had their finger turned off turned them back on because of cfingerd.

Many sites complained that they wanted the capability to create a fake user or a user that doesn't exist but calls a prewritten shell script. cfingerd takes this into account and provides the best method possible for creating such scripts. (See cfingerd.conf(5) for more information on the configuration file.)

FEATURES CFINGERD PROVIDES AND DESCRIPTIONS OF EACH

cfingerd was totally rewritten. Why is this? The older version of cfingerd had quite a few bugs, and it didn't quite do all the things that cfingerd now does. This new version was totally revamped, and most of the bugs that were in the older version of cfingerd were removed in this one. The code is also more compact.

Header and footer displays were a big part of the original release of cfingerd and shall continue to remain in all versions. Headers and footers are only displays at the beginning and ending of all finger displays and are used as unique little advertisements.

The last time displayed is always a critical issue. It's covered in cfingerd. cfingerd simply shows how many times this user is connected, what their idle time is on each tty they're connected to, and whether they are accepting messages. If they're not accepting messages, a [MESG-N] display will be shown. This display also shows the last time mail was read and whether this user has mail.

Stand-alone and inetd support is compiled into the program, but only inetd support is given for the time being. The reason is that I have not yet added the option for stand-alone daemon mode.

.nofinger files are used when a user wants to remain anonymous. These files should be placed in their home directories and can display anything they want. There's just a few restrictions. These .nofinger display files cannot be character devices, directories, FIFOs, soft or hard links, or anything else of that caliber. They must only be normal files.

Fake users were supported for the simple fact that many sites want to create users who don't exist and make them execute a shell. If you want this done, install a fake user. Read cfingerd.conf(5) for more information on these useful options.

Service displays were used to show what fake users you have installed on your system. These can be formatted however you want and are explained in cfingerd.conf(5).

Searching for usernames is a powerful feature that cfingerd takes full advantage of. If you are looking for a specific username on the system or don't know what their name is, simply use the search.username directive with cfingerd, and you can search for a user on your system.

Searching for usernames is not case sensitive. If you are searching for a specific username or part of the user's name, chances are that it'll be displayed.

Page 1108

There's also an option to display your public PGP key if you have one. This is very useful if you want to keep your mail or other information secret to yourself and don't want "big brother" watching over your shoulder as you talk among yourselves. (Thanks to Andy Smith for this patch.) The standard plan file is .plan, project is .project, and PGP info is .pgpkey.

Remember, any or all of these options stated can be turned on or off at will. If you want a specific option turned off, turn it off.

ERROR MESSAGES

Any error messages that result are fairly easy to debug if you know what to look for.

Segmentation violations don't always occur, but if they ever do, you can pretty easily figure out what's going on. Unfortunately, cfingerd doesn't have any compatibility with older cfingerd.conf files, so if you get a segmentation violation, this means (usually) that your cfingerd.conf file needs to be replaced.

Time-outs usually mean that a script has timed out or a connection to another site timed out.

SYSLOGGING MESSAGES

There's no real way to describe SYSLOG messages because they can be changed as the system administrator chooses. Although, examples can be given based on the standard configuration that was distributed.

If any IP addresses cannot be matched to a hostname, SYSLOG will display IP: Hostname not matched.

If the renice fails (to make the program run at the highest priority), then SYSLOG will display Fatal - Nice died: (reason).

If there is no buffer information is waiting in the STDIN buffer, SYSLOG will display STDIN contains no data.

If a trusted host fingers your site, a <- Trusted will appear.

If a rejected host fingers your site, a <- Rejected will appear.

If root is fingered on your site, it will display Root.

If a service listing was fingered on your site, SYSLOG will display Service listing.

If a user listing was requested, SYSLOG will display User listing.

If a fake user was requested, SYSLOG will display Fake user.

If whois data was requested, SYSLOG will display Whois request. (Note that whois was not implemented in this release because it wasn't RFC compliant.)

Any extra information pertaining to the incoming finger is displayed in the syslogging area. (It's also recommended that you reconfigure syslog.conf(5) to display to an unused VT.)

BUGS

When data is forwarded to other sites for fingering, it shows the output of the system that it forwarded the finger request to. This has got to change.

On ELF-specific systems, services lists usually show a bit of garbage at the beginning of the finger display. This doesn't appear to be a problem on a.out systems, so if you have ELF, you might want to compile cfingerd as a.out if this becomes a problem.

PLANS

Any other options or improvements will probably come from user suggestions.

Later plans will mean you can define your own display formats for the finger display. This means that you can redefine how you want your finger display to look.

CONTACTING

If you like the software and you want to learn more about it or want to see a feature added to it that isn't already here, write to khollis@bitgate.com.

Previous | Table of Contents | Next