bionic (8) cfingerd.8.gz

Provided by: cfingerd_1.4.3-3.2ubuntu1_amd64 bug

NAME

       cfingerd - Configurable finger daemon.

SYNOPSIS

       cfingerd [ -c | -e | -o | -v ]
                  -c : Check configuration
                  -e : Emulate local finger w/o inetd
                  -o : Turn off all finger queries
                  -v : Request version information

       -c  checks  your  installed  configuration.   This makes sure there are no existing errors in the current
       cfingerd.conf file.

       -e allows you to emulate a local finger on a user that  exists  on  your  system.   This  lets  you  test
       cfingerd  on  your  system  before installing it.  Using the "-e" directive is the same as installing the
       software, typing "finger username@" and getting the output.  Using "-e username" does the same.

       -o turns off all finger queries.  This makes it so that no one can finger your system -  no  matter  what
       they try to do.  Unlike the other options, this option is used in inetd.conf, not on the command line.

       -v requests cfingerd version information.

DESCRIPTION

       CFINGERD is a totally new, and totally configurable finger daemon - one of the first.  It listenes on the
       finger port (port 79) to provide useful information about each user that is on your system  according  to
       the finger protocol as described in RFC 1288.  Only thing is, cfingerd provides a unique twist.

       CFINGERD  was designed for the sole purpose of making output on finger queries configurable.  If you want
       to change any text that is displayed during finger queries,  you  can  configure  the  finger  daemon  to
       display just about anything you want.

       CFINGERD also takes into account any security breaches, and attempts to close them.  With the added bonus
       of creating ".nofinger" files, this is displayed instead of finger information, making  it  possible  for
       users  to  keep  themselves  relatively anonymous from outside users.  For a maximum of users privacy you
       should place an exact copy of /etc/cfingerd/nouser_banner.txt in your .nofinger file.

WHY WAS IT DONE?

       The answer is simple.  Security.  Many sites turn off finger for the reason that they don't want  outside
       users  to  see  who's  on  their  system, or get information about a specific user on their system.  This
       seemed unfair to the rest of the users out there, so this program was created.  Besides, those sites were
       waiting  for  this  type  of program.  Many sites that originally had their finger turned off turned them
       back on because of cfingerd.

       Many sites have complained that they wanted the ability to create a "fake-user", or a user  that  doesn't
       exist  but calls a pre-written shell script.  CFINGERD has taken this into account, and provides the best
       method  possible  for  creating  such  scripts.   (See  cfingerd.conf(5)  for  more  information  on  the
       configuration file.)

FEATURES CFINGERD PROVIDES, AND DESCRIPTIONS OF EACH

       CFINGERD  was totally rewritten.  Why is this?  Well, the older version of cfingerd had quite a few bugs,
       and it didn't quite do all of the things that cfingerd now does.  This new version was totally  revamped,
       and  most  of the bugs that were in the older version of cfingerd were removed in this one.  Besides, the
       code in here was more compact.

       Header and footer displays were a very big part of the original release of cfingerd, and  shall  continue
       to  remain  in  all  versions.   Headers and footers are only displays at the beginning and ending of all
       finger displays, and are used as unique little "advertisements" or such.

       Last time displayed is always a critical issue.  It's covered in cfingerd.   Cfingerd  simply  shows  how
       many  times this user is connected, what their idle time is on each TTY they're connected to, and whether
       or not they are accepting messages.  If they're not accepting messages,  a  "[MESG-N]"  display  will  be
       shown  if this is the case.  This display also shows the last time mail was read, and whether or not this
       user has mail.  If this is still too much for your taste, each of these  items  can  be  disabled  system
       wide.

       Stand-alone  and INETD support is compiled into the program, but only INETD support is given for the time
       being.  The reason being is that I have not yet added the code for stand-alone daemon mode.

       .nofinger files are used when a user wishes to remain anonymous.  These files should be placed  in  their
       home  directories, and can display anything they want.  There's just a few restrictions.  These .nofinger
       display files cannot be character devices, directories, fifos, soft or hard links, or  anything  else  of
       that caliber.  They must only be normal files.

       Fakeusers  were  supported for the simple fact that many sites want to create users that don't exist, and
       make them execute a shell.  If you want this done, then install a fake user.  Read up in cfingerd.conf(5)
       for more information on these useful options.

       Service  listings  were  used  to  show  what  fakeusers you have installed on your system.  These can be
       formatted however you wish, and are explained (once again) in cfingerd.conf(5).

       Searching for usernames is a very powerful feature that cfingerd takes full advantage  of.   If  you  are
       looking  for  a  specific  username  on  the  system,  or  don't know what their name is, simply use the
       search.pattern directive with cfingerd will search for all users containing pattern in their real name or
       username on that system.

       Searching  for usernames is NOT case sensitive.  You may search for a specific username or real name, for
       part of the username or real ame, or for a pattern matching the entire username or the entire  real  ame.
       If you search for part of a user's name, chances are, it'll be displayed.

       Warning searching will currently return the names of daemon users and users

       and you will be able to search for a user on your system.

       Security  is  a given.  If you don't want to show someone something, then it won't display what you don't
       want.  Simply edit the cfingerd.conf file and make changes.  It's that simple.

       Searching for usernames is NOT case sensitive.  If you are searching for a specific username, or part  of
       the user's name.  If you search for part of a user's name or username, chances are, it'll be displayed.

       Not  just  PLAN,  or  PROJECT but there's also an option to display your public PGP key, if you have one.
       This is very useful if you want to keep your mail or other information secret to yourself, and don't want
       "big brother" watching over your shoulder as you talk amongst yourselves.  (Thanks to Andy Smith for this
       patch).  (For your info, the standard plan file is .plan, project is .project, PGP info is  .pgpkey,  and
       XFace icon information is .xface)

       Remember,  any  or  all  of  these  options stated above, can be turned on or off at will.  If you want a
       specific option turned off, turn it off.  :)

FULL LIST OF BUILTIN USER NAMES

       cfingerd provides a set of builtin fake users.  Two of them are also used internally by cfingerd.

       @      List logged on users without .nofinger file.  If the system_list_sites option is used in the  main
              configuration file cfingerd will try to gather information from all listed hosts.

       userlist@
              Same as @, except that it only lists people who are idle no longer than one day.  This is intended
              to give a better overview of who's really online at the moment of fingering.

       userlist-only@
              List logged on users without .nofinger file - without headers and footers.  This fake user is used
              internally to gather system information from remote hosts for @.

       userlist-online@
              List  logged  on  users  without .nofinger file - without headers and footers.  Only users will be
              listed who are idle no longer than a day.  This fake user is  used  internally  to  gather  system
              information from remote hosts for userlist@.

       version@
              Display version information for cfingerd.

       services@
              List all fake users.

       search.pattern@
              Search for users using the GCOS field in /etc/passwd.  Only users will be displayed who don't have
              a .nofinger-file.

       help@  Help text listing all of these.

       These can be disabled in cfingerd.conf(5) as follows

       @ and userlist@
              Set SYSTEM_LIST to FALSE.

       userlist-only@ and userlist-online@
              Disable ALLOW_USERLIST_ONLY (i.e. prefix it with a minus sign) or disable SYSTEM_LIST.

       version@
              Disable ALLOW_CONFESSION (i.e. prefix it with a minus sign).

       services@
              Disable ALLOW_FAKEUSER_FINGER (i.e. prefix it with a minus sign).

       search.pattern@
              Disable ALLOW_SEARCHABLE_FINGER (i.e. prefix it with a minus sign).

       help@  Disable ALLOW_CONFESSION (i.e. prefix it with a minus sign).

ERROR MESSAGES

       Any error messages that result are fairly easy to debug if you know what to look for.

       Segmentation Violations don't always occur, but if they ever do, you can pretty easily figure out  what's
       going  on.   Unfortunately, cfingerd doesn't have any compatibility with older cfingerd.conf files, so if
       you get a Segmentation Violation, this (usually) means that your cfingerd.conf file needs to be replaced.

       Timeouts usually mean that a script has timed out, or a connection to another site timed out.

SYSLOGGING MESSAGES

       Well, there's no real way  to  describe  SYSLOG  messages  since  they  can  be  changed  as  the  system
       administrator  chooses.   Although,  examples  can  be given based on the standard configuration that was
       distributed.

       If any IP addresses cannot be matched to a name it will display a "IP: Hostname not matched".

       If the renice fails (to make the program run at the highest priority) then it will display "Fatal -  Nice
       died: (reason)".

       If there is no buffer information waiting in the STDIN buffer, it will display "STDIN contains no data".

       If a trusted host fingers your site, a "<- Trusted" will appear.

       If a rejected host fingers your site, a "<- Rejected" will appear.

       If root is fingered on your site, it will display "Root".

       If a service listing was fingered on your site, it will display "Service listing".

       If a user listing was requested, it will display "User listing".

       If a fake user was requested, it will display "Fake user".

       If "whois" data was requested, it will display "Whois request".  (Note, whois was not implemented in this
       release, since it wasn't 'RFC' compliant.)

       Any extra information pertaining to the incoming finger is displayed in the syslogging area.  (It's  also
       recommended that you reconfigure syslog.conf(5) to display to an unused VT.  :)

PLANS

       Any other options or improvements will probably come from user suggestions.  :)

       Later  plans  will  make it so that you can define your own display formats for the finger display.  This
       means that you can re-define how you want your finger display to look.

CONTACTING

       If you like the software, and you want to learn more about the software, or want to see a  feature  added
       to it that isn't already here, then please write to cfingerd@infodrom.north.de.  The project's webpage is
       at http://www.infodrom.north.de/cfingerd/ .

SEE ALSO

       cfingerd.conf(5), cfingerd.text(5), finger(1), userlist(1), syslog.conf(5).