Finger Pointing

Total Page:16

File Type:pdf, Size:1020Kb

Finger Pointing SYSADMIN Admin-Workshop: Finger Server Part 2: Setting up and Using the Finger Server Finger Pointing The finger service can be used to let other people know about your activities and appointments, without having to launch a complex groupware applica- tion.The protocol is amazingly simply – and that is one reason why we will be using finger as our entrée into the world of Server administration. BY MARC ANDRÉ SELIG lexible working hours can be a pain files. A daemon processes the requests could be exploited via this type of mech- sometimes. You end up talking to and supplies information on those users. anism.” Fan answer phone while a colleague If you want to use this service to pub- Of course many developers and ad- is still enjoying breakfast, or has already lish information about yourself, you mins simply ignore this warning today, gone home. Some people simply pin create a file called .plan or .project in keeping their Apaches with Mod_perl their schedules to their office doors, your home directory. The main differ- and Mod_php, and solemnly swearing to which is quite useful, unless your office ence is that a .project file traditionally apply the appropriate security patches, happens to be in a completely different consists of a single line, whereas a .plan when they get round to it. part of your office building. There is a lot file provides you with more scope. The The finger daemon adds system data to be said for groupware products if you .plan file is where you would store calen- to the information posted by a user, such need to organize a meeting and co-ordi- dar data or a PGP public key. as the shell, the last login time, or even nate schedules for a group of colleagues. information on unread mail. Listing 1 Although this might surprise some Security and the Finger shows the results of a sample query fin- people, Outlook and co. were not the Service ger Selig@localhost on my own host. first groupware products on the scene – Chapter 3 of RFC 1288 provides an usual The daemon parses /etc/passwd for in fact, the finger protocol was originally amount of detail on security aspects, the username. This is where it retrieves specified way back in 1977 [1]. Of especially considering the fact that the the full name, and the user’s room and course, modern groupware applications document is over ten years old (Decem- phone numbers. These three snippets of offer a lot more, but in many cases finger ber 1991). Some of the more interesting information are stored in the so-called is quite adequate. In addition, it tells you sections are still applicable to more mod- GECOS field. GECOS is the acronym a lot about the typical Unix philosophy. ern forms of networks, such as dynamic for General Electric Comprehensive websites or web services. Operating System, which was a fairly How Finger Works When they receive a request, some fin- widespread operating system around Finger’s basic design is wonderfully sim- ger servers call a user configurable 1970. Although GECOS is insignificant in ple, you might even say primitive – and external program. The RFC says: “Im- retrospect, this field with its “human” thus, a perfect example of a client/server plementing this feature may be more data migrated from GECOS to Unix and service. Users on a system store informa- trouble than it is worth, since there are retains the name to indicate its parent- tion about themselves in simple text always bugs in operating systems, which age. If you want to change this infor- mation, you should call chfn (change fin- Listing 1: Finger request ger), rather than editing the /etc/passwd 01 Login: mas Name: Marc 07 Project: file directly. Andre Selig 08 I'm busy with an article for 02 Directory: /home/mas Shell: Linux Magazine at present. Stop finger pointing /bin/bash 09 Plan: Finger allows end-users either to encour- 03 On since Mon Sep 8 11:20 10 This age other users to point (the finger (CEST) on pts/0 from :0 11 is daemon) at them, or to prevent finger 04 50 seconds idle 12 my access. You can create a file called .nofin- 05 On since Mon Sep 8 16:49 13 .plan ger in your home directory to reject the (CEST) on pts/1 from :0 14 it can contain more than just BSD daemon typical to so many Linux 06 No mail. one line. systems without any qualms. You can also prevent finger activity more or less 56 December 2003 www.linux-magazine.com Admin-Workshop: Finger Server SYSADMIN accidentally by assigning incorrect file permissions. .plan and .project need to Listing 2: The finger daemon in inetd be globally readable, and the daemon finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd expects at least look-up privileges for your home directory (chmod 711 ~ and chmod 644 ~/.plan). #, at the start of the line. You can simply The third column in /etc/inetd.conf delete the hash sign to enable the server. describes the protocol. This column typi- The Daemon inetd.conf reads like a table where cally contains either tcp for TCP/IP The finger server is included with most each line represents a specific service (connection oriented) and udp for distributions, but not installed by de- that the Internet super-server enables. UDP/IP (connectionless). This would fault. In this case, you will need to add The individual columns provide more seem to make the column redundant at the finger and finger-server packages. If detail about the service. first glance – but this is not true. Remem- you are having trouble finding the pack- ber that TCP/IP is not the only protocol age, you can search for bsd-finger to Protocol Issues family. Just like the service name, the locate the sourcecode. The first column in the line contains the entry in the third column is again a sym- Installing the server will not tell it name of the service. It is important to bol that Linux will translate into a to launch automatically. Linux distin- inetd that this name uniquely identifies number, by referring to the /etc/protocols guishes between two different categories the IP port. The operating system looks file. of server. One of them runs continuously in /etc/services to discover the port as a process, can react immediately to assigned to the symbolic name. To Wait or Not to Wait? incoming connections and assign re- The second column contains the The fourth column tells inetd to wait for sources independently as required. But socket type: stream indicates a connec- the current instance of the server pro- finger belongs to the other category. tion-oriented service; dgram (datagram) gram to terminate (wait), or not to wait When required, the daemon is launched a connectionless service. Connection ori- (nowait). In the latter case, inetd imme- by a central script called inetd (the so- ented services use a datastream to diately launches a new server process, called Internet super-server) or xinetd, exchange data and expect the protocol to when it receives a request for the allowing it to respond to current provide a reliable transport service. Con- service. requests. nectionless services simply transmit This may seem superfluous at first The latter method has its advantages. individual packets that may go astray or glance, but it is an important decision. Servers are more simple to program, arrive in the wrong order. The entry for the finger service is more stable (as an instance is run for To illustrate the difference you might nowait. In other words, when inetd each new request), and do not use any like to compare a phone call with a post- receives a request, it launches a finger resources while inactive. card. In the case of a phone call, the server. The server returns a response and You can check the /etc/inetd.conf caller expects the conversation to be terminates. If inetd receives a second or /etc/xinetd.d/* files to find out transmitted without any omissions or request, while the first request is being whether your distribution uses the tradi- errors. In contrast to this, when you mail processed, it immediately calls a second tional inetd or the more modern xinetd a postcard, you simply drop it in the instance of the finger server, which then approach. The finger entry in /etc/ mailbox and hope that it will arrive some handles the request. inetd.conf (see Listing 2) is often pre- time. And you are not really surprised if This would be different for a connec- configured, but disabled by the hash sign it does go astray. tionless service. In this case, inetd cannot know whether an incoming Too much of a good thing? packet belongs to the original request, or Even if you get the configuration right,and Finger also tells you when system adminis- if it should launch a second instance of everything works perfectly,finger can still trators are asleep or on vacation,and thus the server. Connectionless services typi- provide a potential attacker with a lot of unable to respond to attacks. Finger may cally expect a wait entry in this column. information about your network, the com- even show you the fill or stock levels of net- The fifth column of inetd.conf contains puters on the network, their function,and work attached coffee machines,or coke and the name of the Unix user account that the social networks within your enterprise. confectionery vending machines.This in turn inetd will run the service as.
Recommended publications
  • User Interface Commands
    CHAPTER 2 User Interface Commands This chapter describes the commands used to access user and privileged EXEC command modes. It provides a description of the help command and features, lists the command editing keys and functions, and details the command history feature. This chapter also includes the EXEC commands that can be used to set various terminal parameters on a temporary basis (for the duration of a session). It includes the Telnet commands you can use to make a connection from a terminal to a remote router in order to configure the router. The commands to actually configure these parameters on a more permanent basis are provided in the “Terminal Line and Modem Support Commands” chapter in the Router Products Command Reference publication. You need enter only enough characters of a command to uniquely identify the command, thereby abbreviating the command syntax you type. For user interface task information and examples, refer to the “Understanding the User Interface” chapter of the Router Products Configuration Guide. User Interface Commands 2-1 clear line clear line Use the clear line EXEC command to return a terminal line to idle state. clear line line-number Syntax Description line-number Absolute line number Default None Command Mode EXEC Usage Guidelines Use this command to log out of a specific session running on another line. If the line uses a modem, the modem will be disconnected. Example In the following example, line 3 is reset: clear line 3 2-2 Router Products Command Reference connect connect To make a Telnet connection, enter the connect EXEC command at the system prompt.
    [Show full text]
  • CSE 142 Python Slides
    CSE 390a Lecture 4 Persistent shell settings; intro to shell scripting slides created by Marty Stepp, modified by Jessica Miller & Ruth Anderson http://www.cs.washington.edu/390a/ 1 Lecture summary • persistent settings for your bash shell • basic script syntax and running scripts • shell variables and types • control statements: the for loop 2 .bash_profile and .bashrc • Every time you log in to bash, the commands in ~/.bash_profile are run . you can put any common startup commands you want into this file . useful for setting up aliases and other settings for remote login • Every time you launch a non-login bash terminal, the commands in ~/.bashrc are run . useful for setting up persistent commands for local shell usage, or when launching multiple shells . often, .bash_profile is configured to also run .bashrc, but not always Note: a dot (.) in front of a filename indicates a normally hidden file, use ls –a to see 3 Exercise:Edit your .bashrc • Exercise : Make it so that our attu alias from earlier becomes persistent, so that it will work every time we run a shell. • Exercise : Make it so that whenever you try to delete or overwrite a file during a move/copy, you will be prompted for confirmation first. 4 .plan • Another fun settings file • Stored in your home directory • Contains information you’d like others to be able to see . is displayed when the finger protocol is run • Exercise: create a quick .plan file, and make sure it works with finger 5 Shell scripts • script: A short program meant to perform a targeted task.
    [Show full text]
  • NBAR2 Standard Protocol Pack 1.0
    NBAR2 Standard Protocol Pack 1.0 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 © 2013 Cisco Systems, Inc. All rights reserved. CONTENTS CHAPTER 1 Release Notes for NBAR2 Standard Protocol Pack 1.0 1 CHAPTER 2 BGP 3 BITTORRENT 6 CITRIX 7 DHCP 8 DIRECTCONNECT 9 DNS 10 EDONKEY 11 EGP 12 EIGRP 13 EXCHANGE 14 FASTTRACK 15 FINGER 16 FTP 17 GNUTELLA 18 GOPHER 19 GRE 20 H323 21 HTTP 22 ICMP 23 IMAP 24 IPINIP 25 IPV6-ICMP 26 IRC 27 KAZAA2 28 KERBEROS 29 L2TP 30 NBAR2 Standard Protocol Pack 1.0 iii Contents LDAP 31 MGCP 32 NETBIOS 33 NETSHOW 34 NFS 35 NNTP 36 NOTES 37 NTP 38 OSPF 39 POP3 40 PPTP 41 PRINTER 42 RIP 43 RTCP 44 RTP 45 RTSP 46 SAP 47 SECURE-FTP 48 SECURE-HTTP 49 SECURE-IMAP 50 SECURE-IRC 51 SECURE-LDAP 52 SECURE-NNTP 53 SECURE-POP3 54 SECURE-TELNET 55 SIP 56 SKINNY 57 SKYPE 58 SMTP 59 SNMP 60 SOCKS 61 SQLNET 62 SQLSERVER 63 SSH 64 STREAMWORK 65 NBAR2 Standard Protocol Pack 1.0 iv Contents SUNRPC 66 SYSLOG 67 TELNET 68 TFTP 69 VDOLIVE 70 WINMX 71 NBAR2 Standard Protocol Pack 1.0 v Contents NBAR2 Standard Protocol Pack 1.0 vi CHAPTER 1 Release Notes for NBAR2 Standard Protocol Pack 1.0 NBAR2 Standard Protocol Pack Overview The Network Based Application Recognition (NBAR2) Standard Protocol Pack 1.0 is provided as the base protocol pack with an unlicensed Cisco image on a device.
    [Show full text]
  • Router Products Configurationguide
    Software Release 9.21 Chapters to ci co OlE Router Products ConfigurationGuide Chapters to6 Software Release 9.21 Corporate Headquarters PO Box 3075 1525 OBrien Drive Menlo Park CA 94026 415 326-1941 800 553-NETS Customer Order Number DOC-RTCG9.21 Cisco Document Assembly Number 83-0120-01 Text Part Number 78-1241-01 The products and specifications configurations and other technical information regarding the products contained in this manual are subject to change without notice All statements technical information and recommendations contained in this manual are believed to be accurate and reliable but are without of and take full for their of in this presented warranty any kind express or implied users must responsibility application any products specified manual incidental or limitation how warranties so Some states do not allow limitation or exclusion of liability for consequential or damages on long implied last and also have other that the above limitations or exclusions may not apply to you This warranty gives Customers specific legal rights you may rights vary from state to state instruction This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the manual may cause with the limits for device interference to radio communications This equipment has been tested and found to comply Class computing pursuant to Subpart of Part 15 of FCC Rules which are designed to provide reasonable protection against such interference when operated in commercial will be environment Operation
    [Show full text]
  • Edition with Romkey, April 16, 1986 (PDF)
    PC/IP User's Guide MASSACHUSETTS INSTITUTE OF TECHNOLOGY Laboratory For Computer Science Network programs based on the DoD Internet Protocol for the mM Personal Computer PC/~ release or March, 1986; document updated Aprill4, 1986 by: Jerome H. Saltzer John L. Romkey .• Copyright 1984, 1985, 1986 by the Massachusetts Institute or Technology Permission to use, copy, modlt'y, and distribute these programs and their documentation ror any purpose and without ree ls hereby granted, provided that this copyright and permission notice appear on all copies and supporting documentation, the name or M.I.T. not be used in advertising or publlclty pertalnlng to dlstrlbutlon or the programs without written prior permission, and notice be glven in supporting documentation that copying and distribution ls by permlsslon or M.I.T. M.I.T. makes no representations about the suitablllty or this software for any purpose. It is provided "as ls" without express or Implied warranty. - ii - CREDITS The PC/IP packages are bullt on the work of many people in the TCP/IP community, both at M.I.T. and elsewhere. Following are some of the people who directly helped in the creation of the packages. Network environment-John L. Romkey Terminal emulator and customizer-David A. Bridgham Inltlal TFTP-Kari D. Wright Inltlal telnet-Louls J. Konopelskl Teinet model-David D. Clark Tasking package-Larry W. Allen Development system-Christopher J. Terman Development environment-Wayne C. Gramlich Administrative Assistant-Muriel Webber October 3, 1985. This document is in cover .mss - iii- - iv Table of Contents 1. Overview of PC/IP network programs 1 1.1.
    [Show full text]
  • CSE 391 Lecture 4
    CSE 391 Lecture 4 Persistent shell settings; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/391/ 1 Lecture summary • Persistent settings for your bash shell • User accounts and groups • File permissions • The Super User 2 .bash_profile and .bashrc • Every time you log in to bash (e.g. ssh attu), the commands in ~/.bash_profile are run . you can put any common startup commands you want into this file . useful for setting up aliases and other settings for remote login • Every time you launch a non-login bash terminal (e.g. bash), the commands in ~/.bashrc are run . useful for setting up persistent commands for local shell usage, or when launching multiple shells . Do not put things that would produce output in .bashrc (e.g. echo) . often, .bash_profile is configured to also run .bashrc, but not always Note: a dot (.) in front of a filename indicates a normally hidden file, use ls –a to see 3 Exercise:Edit your .bashrc • Exercise : Make it so that our attu alias from earlier becomes persistent, so that it will work every time we run a shell. • Exercise : Make it so that whenever you try to delete or overwrite a file during a move/copy, you will be prompted for confirmation first. 4 Making Changes Visible • After editing your .bashrc or .bash_profile, how do you make the aliases etc. in the file take effect? . .bash_profile • log on again (e.g ssh attu), or • bash -l (el not one) will start a login shell, or • source .bash_profile .
    [Show full text]
  • Uncovering Network Perimeter Vulnerabilities in Cisco Routers According to Requirements Defined in Pci Dss 2.0 David E
    Regis University ePublications at Regis University All Regis University Theses Summer 2011 Uncovering Network Perimeter Vulnerabilities in Cisco Routers According to Requirements Defined in Pci Dss 2.0 David E. Naples Regis University Follow this and additional works at: https://epublications.regis.edu/theses Part of the Computer Sciences Commons Recommended Citation Naples, David E., "Uncovering Network Perimeter Vulnerabilities in Cisco Routers According to Requirements Defined in Pci Dss 2.0" (2011). All Regis University Theses. 472. https://epublications.regis.edu/theses/472 This Thesis - Open Access is brought to you for free and open access by ePublications at Regis University. It has been accepted for inclusion in All Regis University Theses by an authorized administrator of ePublications at Regis University. For more information, please contact [email protected]. Regis University College for Professional Studies Graduate Programs Final Project/Thesis Disclaimer Use of the materials available in the Regis University Thesis Collection (“Collection”) is limited and restricted to those users who agree to comply with the following terms of use. Regis University reserves the right to deny access to the Collection to any person who violates these terms of use or who seeks to or does alter, avoid or supersede the functional conditions, restrictions and limitations of the Collection. The site may be used only for lawful purposes. The user is solely responsible for knowing and adhering to any and all applicable laws, rules, and regulations relating or pertaining to use of the Collection. All content in this Collection is owned by and subject to the exclusive control of Regis University and the authors of the materials.
    [Show full text]
  • Miineport W1 Series User's Manual
    MiiNePort W1 Series User’s Manual Edition 5.0, November 2017 www.moxa.com/product © 2017 Moxa Inc. All rights reserved. MiiNePort W1 Series User’s Manual The software described in this manual is furnished under a license agreement and may be used only in accordance with the terms of that agreement. Copyright Notice © 2017 Moxa Inc. All rights reserved. Trademarks The MOXA logo is a registered trademark of Moxa Inc. All other trademarks or registered marks in this manual belong to their respective manufacturers. Disclaimer Information in this document is subject to change without notice and does not represent a commitment on the part of Moxa. Moxa provides this document as is, without warranty of any kind, either expressed or implied, including, but not limited to, its particular purpose. Moxa reserves the right to make improvements and/or changes to this manual, or to the products and/or the programs described in this manual, at any time. Information provided in this manual is intended to be accurate and reliable. However, Moxa assumes no responsibility for its use, or for any infringements on the rights of third parties that may result from its use. This product might include unintentional technical or typographical errors. Changes are periodically made to the information herein to correct such errors, and these changes are incorporated into new editions of the publication. Technical Support Contact Information www.moxa.com/support Moxa Americas Moxa China (Shanghai office) Toll-free: 1-888-669-2872 Toll-free: 800-820-5036 Tel: +1-714-528-6777 Tel: +86-21-5258-9955 Fax: +1-714-528-6778 Fax: +86-21-5258-5505 Moxa Europe Moxa Asia-Pacific Tel: +49-89-3 70 03 99-0 Tel: +886-2-8919-1230 Fax: +49-89-3 70 03 99-99 Fax: +886-2-8919-1231 Moxa India Tel: +91-80-4172-9088 Fax: +91-80-4132-1045 Table of Contents 1.
    [Show full text]
  • Finger RFC #1288
    Network Working Group D. Zimmerman Request for Comments: 1288 Center for Discrete Mathematics and Obsoletes: RFCs 1196, 1194, 742 Theoretical Computer Science December 1991 The Finger User Information Protocol Status of this Memo This memo defines a protocol for the exchange of user information. This RFC specifies an IAB standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "IAB Official Protocol Standards" for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This memo describes the Finger user information protocol. This is a simple protocol which provides an interface to a remote user information program. Based on RFC 742, a description of the original Finger protocol, this memo attempts to clarify the expected communication between the two ends of a Finger connection. It also tries not to invalidate the many existing implementations or add unnecessary restrictions to the original protocol definition. This edition corrects and clarifies RFC 1196. Table of Contents 1. Introduction ........................................... 2 1.1. Intent ............................................... 2 1.2. History .............................................. 3 1.3. Requirements ......................................... 3 1.4. Updates .............................................. 3 2. Use of the protocol .................................... 4 2.1. Flow of events ......................................
    [Show full text]
  • AIS Data Profile 30 December 2016
    AIS Data Profile 30 December 2016 STIX Tab STIX Sub-Tab IN/OUT Examples Field Guidance Type Text Type STIX Core STIX Type BOTH [Company Name]:[Column A]- @id This is a required field - NCCIC will replace on xs:QName Schema restricted text [Company Unique ID] dissemination with NCCIC values. (partial) BOTH 1.1.1 @version This is a required field - DHS will not accepted stix:STIXPackageVersionEnum Vocabulary defined text anything other than 1.1.1 If anything other than the accepted value is submitted the field will be removed during the sanitization process. BOTH 2002-05-30T09:00:00 @timestamp This is a required field - Schema restricted text - xs:dateTime Schema restricted text This field should be date and time only. BOTH NA STIX_Header This is a required Container Object. stix:STIXHeaderType Container BOTH NA Indicators Container Object stix:IndicatorsType Container BOTH NA TTPs Container Object stix:TTPsType Container BOTH NA Courses_of_Action Container Object stix:CoursesOfActionType Container BOTH NA Exploit_Targets Container Object stix_common:ExploitTargetsType Container STIX Header Type BOTH Provides an unstructured, text Title Review Field - On automated dissemination this xs:string Free form text title field will be replaced by an auto-generated Title. The submitted contents will be reviewed/modified/sanitized and disseminated via human manual process. Future capabilities may eliminate the human review process. BOTH See Vocab Tab Package_Intent This is a required field - Reference the Vocab stixCommon:ControlledVocabularyStringType Vocabulary defined text Tab - stixVocabs:PackageIntentEnum-1.0 stixVocabs:PackageIntentEnum-1.0 If anything other than the accepted value is submitted the field will be removed during the sanitization process.
    [Show full text]
  • Section 4 Network Programming and Administration Exercises
    Lab Manual SECTION 4 NETWORK PROGRAMMING AND ADMINISTRATION EXERCISES Structure Page Nos. 4.0 Introduction 48 4.1 Objectives 48 4.2 Lab Sessions 49 4.3 List of Unix Commands 52 4.4 List of TCP/IP Ports 54 3.5 Summary 58 3.6 Further Readings 58 4.0 INTRODUCTION In the earlier sections, you studied the Unix, Linux and C language basics. This section contains more practical information to help you know best about Socket programming, it contains different lab exercises based on Unix and C language. We hope these exercises will provide you practice for socket programming. Towards the end of this section, we have given the list of Unix commands frequently required by the Unix users, further we have given a list of port numbers to indicate the TCP/IP services which will be helpful to you during socket programming. To successfully complete this section, the learner should have the following knowledge and skills prior to starting the section. S/he must have: • Studied the corresponding course material of BCS-052 and completed the assignments. • Proficiency to work with Unix and Linux and C interface. • Knowledge of networking concepts, including network operating system, client- server relationship, and local area network (LAN). Also, to successfully complete this section, the learner should adhere to the following: • Before attending the lab session, the learner must already have written steps/algorithms in his/her lab record. This activity should be treated as home- work that is to be done before attending the lab session. • The learner must have already thoroughly studied the corresponding units of the course material (BCS-052) before attempting to write steps/algorithms for the problems given in a particular lab session.
    [Show full text]
  • Terminal / Remote Access Server Reference Manual
    Terminal / Remote Access Server Reference Manual version 1.2 Reference Manual - Terminal / Remote Access Server Conventions To help with reading and using this reference manual, we will use the following conventions : Bold : ACS commands. Only commands are displayed in bold font, not parameters. Italic : Commands parameters and examples values are displayed in italic font. Text box All text typed during an ACS session GRAY Commands syntax - 2 - Reference Manual - Terminal / Remote Access Server CONTENTS AUDIT...................................................................................................................................5 CLOSE SESSION................................................................................................................8 DHCP...................................................................................................................................9 DOMAIN.............................................................................................................................11 EXIT...................................................................................................................................13 FINGER..............................................................................................................................14 HELP..................................................................................................................................15 IFCONFIG..........................................................................................................................16
    [Show full text]