.TH FFINGERD 8
ffingerd \- secure and lightweight finger daemon
The \fIffingerd\fR program is a drop-in replacement for the standard
\fIfingerd\fR that comes with most systems today. Most finger daemons
in use today support several features which are not acceptable for
security-conscious system administrators, so many chose to disable the
finger service completely. This version of the finger daemon is invoked
by \fIinetd\fR, but it's not meant to be run as root. In fact, it
should run as \fInobody\fR. Ffingerd does not allow global finger
queries (finger @host), indirect finger queries (finger
email@example.com@host.b), it does not give away valuable information like the
shell, login directory and time of last login, and users can put a
".nofinger" file in their homes and then ffingerd will respond with
"That user does not want to be fingered".
Requests that may indicate attacks are logged by
through the \fIsyslog\fR(3) facility. The default facility is
\fILOG_INFO\fR, you can change that by editing config.h after running
These requests are logged :
.BI "empty finger attempts"
finger @victim.com # find out who's logged in
.BI "indirect finger attempts"
# to victim.com this finger query comes from
.BI "unwanted finger attempts"
Users can put \fI.nofinger\fR files in their home, and then attempts to
finger them will yield
That user does not want to be fingered
~/.nofinger, ~/.plan, ~/.project, ~/.pubkey
When ffingerd is running as nobody and a user does not have world
execute permission set for his home, then ffingerd can not check whether
that user has a \fI.nofinger\fR file there and assumes it's not there.
.SH SEE\ ALSO
Felix von Leitner (firstname.lastname@example.org),