oracular (8) cfingerd.8.gz

Provided by: cfingerd_1.4.3-8ubuntu1_amd64 bug

NAME

       cfingerd - Configurable finger daemon.

SYNOPSIS

       cfingerd [ -c | -e | -o | -v ]
                  -c : Check configuration
                  -e : Emulate local finger w/o inetd
                  -o : Turn off all finger queries
                  -v : Request version information

       -c  checks  your installed configuration.  This makes sure there are no existing errors in
       the current cfingerd.conf file.

       -e allows you to emulate a local finger on a user that exists on your system.   This  lets
       you  test  cfingerd  on your system before installing it.  Using the "-e" directive is the
       same as installing the software, typing "finger username@" and getting the output.   Using
       "-e username" does the same.

       -o turns off all finger queries.  This makes it so that no one can finger your system - no
       matter what they try to do.  Unlike the other options, this option is used in  inetd.conf,
       not on the command line.

       -v requests cfingerd version information.

DESCRIPTION

       CFINGERD  is a totally new, and totally configurable finger daemon - one of the first.  It
       listenes on the finger port (port 79) to provide useful information about each  user  that
       is  on  your system according to the finger protocol as described in RFC 1288.  Only thing
       is, cfingerd provides a unique twist.

       CFINGERD  was  designed  for  the  sole  purpose  of  making  output  on  finger   queries
       configurable.  If you want to change any text that is displayed during finger queries, you
       can configure the finger daemon to display just about anything you want.

       CFINGERD also takes into account any security breaches, and attempts to close them.   With
       the  added  bonus  of  creating  ".nofinger"  files,  this  is displayed instead of finger
       information, making it possible for users to keep  themselves  relatively  anonymous  from
       outside  users.   For  a  maximum  of  users  privacy  you  should  place an exact copy of
       /etc/cfingerd/nouser_banner.txt in your .nofinger file.

WHY WAS IT DONE?

       The answer is simple.  Security.  Many sites turn off finger  for  the  reason  that  they
       don't want outside users to see who's on their system, or get information about a specific
       user on their system.  This seemed unfair to the rest of the  users  out  there,  so  this
       program  was  created.   Besides, those sites were waiting for this type of program.  Many
       sites that originally had their finger turned off turned them back on because of cfingerd.

       Many sites have complained that they wanted the ability to create a "fake-user", or a user
       that  doesn't  exist  but  calls a pre-written shell script.  CFINGERD has taken this into
       account,  and  provides  the  best  method  possible  for  creating  such  scripts.   (See
       cfingerd.conf(5) for more information on the configuration file.)

FEATURES CFINGERD PROVIDES, AND DESCRIPTIONS OF EACH

       CFINGERD  was  totally  rewritten.   Why is this?  Well, the older version of cfingerd had
       quite a few bugs, and it didn't quite do all of the things that cfingerd now  does.   This
       new  version  was totally revamped, and most of the bugs that were in the older version of
       cfingerd were removed in this one.  Besides, the code in here was more compact.

       Header and footer displays were a very big part of the original release of  cfingerd,  and
       shall  continue  to  remain in all versions.  Headers and footers are only displays at the
       beginning  and  ending  of  all  finger  displays,  and  are   used   as   unique   little
       "advertisements" or such.

       Last  time  displayed  is  always  a  critical issue.  It's covered in cfingerd.  Cfingerd
       simply shows how many times this user is connected, what their idle time is  on  each  TTY
       they're  connected  to,  and  whether  or not they are accepting messages.  If they're not
       accepting messages, a "[MESG-N]" display will be shown if this is the case.  This  display
       also shows the last time mail was read, and whether or not this user has mail.  If this is
       still too much for your taste, each of these items can be disabled system wide.

       Stand-alone and INETD support is compiled into the program,  but  only  INETD  support  is
       given  for  the  time  being.   The reason being is that I have not yet added the code for
       stand-alone daemon mode.

       .nofinger files are used when a user wishes to remain anonymous.  These  files  should  be
       placed  in their home directories, and can display anything they want.  There's just a few
       restrictions.  These .nofinger display files cannot  be  character  devices,  directories,
       fifos,  soft  or  hard  links, or anything else of that caliber.  They must only be normal
       files.

       Fakeusers were supported for the simple fact that many sites want  to  create  users  that
       don't  exist,  and  make them execute a shell.  If you want this done, then install a fake
       user.  Read up in cfingerd.conf(5) for more information on these useful options.

       Service listings were used to show what fakeusers  you  have  installed  on  your  system.
       These   can   be   formatted   however  you  wish,  and  are  explained  (once  again)  in
       cfingerd.conf(5).

       Searching for usernames is a very powerful feature that cfingerd takes full advantage  of.
       If  you  are  looking for a specific username on the system, or don't know what their name
       is, simply use the  search.pattern directive with  cfingerd  will  search  for  all  users
       containing pattern in their real name or username on that system.

       Searching  for usernames is NOT case sensitive.  You may search for a specific username or
       real name, for part of the username or real ame, or for  a  pattern  matching  the  entire
       username  or  the  entire real ame.  If you search for part of a user's name, chances are,
       it'll be displayed.

       Warning searching will currently return the names of daemon users and users

       and you will be able to search for a user on your system.

       Security is a given.  If you don't want to show someone something, then it  won't  display
       what  you  don't  want.   Simply  edit the cfingerd.conf file and make changes.  It's that
       simple.

       Searching for usernames is NOT case sensitive.   If  you  are  searching  for  a  specific
       username,  or  part  of  the  user's  name.   If  you  search for part of a user's name or
       username, chances are, it'll be displayed.

       Not just PLAN, or PROJECT but there's also an option to display your public  PGP  key,  if
       you  have  one.   This  is  very useful if you want to keep your mail or other information
       secret to yourself, and don't want "big brother" watching over your shoulder as  you  talk
       amongst  yourselves.  (Thanks to Andy Smith for this patch).  (For your info, the standard
       plan file is .plan, project is .project, PGP info is .pgpkey, and XFace  icon  information
       is .xface)

       Remember,  any  or all of these options stated above, can be turned on or off at will.  If
       you want a specific option turned off, turn it off.  :)

FULL LIST OF BUILTIN USER NAMES

       cfingerd provides a set of builtin fake users.  Two of them are also  used  internally  by
       cfingerd.

       @      List  logged  on  users without .nofinger file.  If the system_list_sites option is
              used in the main configuration file cfingerd will try to  gather  information  from
              all listed hosts.

       userlist@
              Same  as  @,  except that it only lists people who are idle no longer than one day.
              This is intended to give a better overview of who's really online at the moment  of
              fingering.

       userlist-only@
              List  logged  on  users without .nofinger file - without headers and footers.  This
              fake user is used internally to gather system information from remote hosts for @.

       userlist-online@
              List logged on users without .nofinger file - without headers  and  footers.   Only
              users  will  be  listed  who are idle no longer than a day.  This fake user is used
              internally to gather system information from remote hosts for userlist@.

       version@
              Display version information for cfingerd.

       services@
              List all fake users.

       search.pattern@
              Search for users using the GCOS field in /etc/passwd.  Only users will be displayed
              who don't have a .nofinger-file.

       help@  Help text listing all of these.

       These can be disabled in cfingerd.conf(5) as follows

       @ and userlist@
              Set SYSTEM_LIST to FALSE.

       userlist-only@ and userlist-online@
              Disable  ALLOW_USERLIST_ONLY  (i.e.  prefix  it  with  a  minus  sign)  or  disable
              SYSTEM_LIST.

       version@
              Disable ALLOW_CONFESSION (i.e. prefix it with a minus sign).

       services@
              Disable ALLOW_FAKEUSER_FINGER (i.e. prefix it with a minus sign).

       search.pattern@
              Disable ALLOW_SEARCHABLE_FINGER (i.e. prefix it with a minus sign).

       help@  Disable ALLOW_CONFESSION (i.e. prefix it with a minus sign).

ERROR MESSAGES

       Any error messages that result are fairly easy to debug if you know what to look for.

       Segmentation Violations don't always occur, but if they ever do,  you  can  pretty  easily
       figure  out  what's going on.  Unfortunately, cfingerd doesn't have any compatibility with
       older cfingerd.conf files, so if you get a Segmentation Violation,  this  (usually)  means
       that your cfingerd.conf file needs to be replaced.

       Timeouts  usually  mean that a script has timed out, or a connection to another site timed
       out.

SYSLOGGING MESSAGES

       Well, there's no real way to describe SYSLOG messages since they can  be  changed  as  the
       system  administrator  chooses.   Although,  examples  can  be given based on the standard
       configuration that was distributed.

       If any IP addresses cannot be matched to a name  it  will  display  a  "IP:  Hostname  not
       matched".

       If the renice fails (to make the program run at the highest priority) then it will display
       "Fatal - Nice died: (reason)".

       If there is no buffer information waiting in the STDIN  buffer,  it  will  display  "STDIN
       contains no data".

       If a trusted host fingers your site, a "<- Trusted" will appear.

       If a rejected host fingers your site, a "<- Rejected" will appear.

       If root is fingered on your site, it will display "Root".

       If a service listing was fingered on your site, it will display "Service listing".

       If a user listing was requested, it will display "User listing".

       If a fake user was requested, it will display "Fake user".

       If  "whois"  data  was  requested,  it will display "Whois request".  (Note, whois was not
       implemented in this release, since it wasn't 'RFC' compliant.)

       Any extra information pertaining to the incoming finger is  displayed  in  the  syslogging
       area.   (It's also recommended that you reconfigure syslog.conf(5) to display to an unused
       VT.  :)

PLANS

       Any other options or improvements will probably come from user suggestions.  :)

       Later plans will make it so that you can define your own display formats  for  the  finger
       display.  This means that you can re-define how you want your finger display to look.

CONTACTING

       If  you like the software, and you want to learn more about the software, or want to see a
       feature   added   to   it   that   isn't   already   here,   then    please    write    to
       cfingerd@infodrom.north.de.         The        project's        webpage        is       at
       http://www.infodrom.north.de/cfingerd/ .

SEE ALSO

       cfingerd.conf(5), cfingerd.text(5), finger(1), userlist(1), syslog.conf(5).