.TH FFINGERD 8
.SH NAME
ffingerd \- secure and lightweight finger daemon
.SH DESCRIPTION
.PP
The \fIffingerd\fR program is a drop-in replacement for the standard
\fIfingerd\fR that comes with most systems today.  Most finger daemons
in use today support several features which are not acceptable for
security-conscious system administrators, so many chose to disable the
finger service completely.  This version of the finger daemon is invoked
by \fIinetd\fR, but it's not meant to be run as root.  In fact, it
should run as \fInobody\fR.  Ffingerd does not allow global finger
queries (finger @host), indirect finger queries (finger
foo@host.a@host.b), it does not give away valuable information like the
shell, login directory and time of last login, and users can put a
".nofinger" file in their homes and then ffingerd will respond with
"That user does not want to be fingered".
.SH LOGGING
Requests that may indicate attacks are logged by
.I ffingerd
through the \fIsyslog\fR(3) facility.  The default facility is
\fILOG_INFO\fR, you can change that by editing config.h after running
configure.
.PP
These requests are logged :
.TP
.BI "empty finger attempts"
.nf
finger @victim.com	# find out who's logged in
.TP
.BI "indirect finger attempts"
.nf
finger root@victim.com@innocuous.edu
	# to victim.com this finger query comes from
	# innocuous.edu
.fi
.TP
.BI "unwanted finger attempts"
Users can put \fI.nofinger\fR files in their home, and then attempts to
finger them will yield
.sp
.nf
That user does not want to be fingered
.SH FILES
.PP
~/.nofinger, ~/.plan, ~/.project, ~/.pubkey
.SH BUGS
When ffingerd is running as nobody and a user does not have world
execute permission set for his home, then ffingerd can not check whether
that user has a \fI.nofinger\fR file there and assumes it's not there.
.SH SEE\ ALSO
.PP
http://www.fefe.de/ffingerd/
.SH AUTHOR
.na
.nf
Felix von Leitner (felix@fefe.de),