1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
xfingerd 0.2
"Oh, yet another finger daemon... Go away..."
Yes... But you are not forced to even look at it... :)
To keep the noise low, let the features talk:
- Very simple daemon, does just a bit more than the original
BSD fingerd did, and all features which it has additionally,
are useful to at least me. :)
- Does not need to be run as root, in fact, this is not even
recommended. It runs quite happily as `nobody', and this
way it probably can't do any harm to you. Of course, in this
case it will be unable to show the plan files of users, who
made their home directory unreadable to anyone, but then again,
those users probably don't want to tell their plan... :)
- Output (and in fact, operation) is very similar to the normal
BSD one, no fancy headers, just pure information :)
- Can show .plan, .project, .pgpkey files, or the user can deny
any information given out from them by creating a .nofinger
file in his home directory. When printing user files, this
daemon won't let users to do tricks with named pipes, fifos,
symlinks, and only shows files which are world readable anyway,
and owned by the fingered user. (And even punt on such tricky
users so they don't get used to do nasty things.. :)
- Uses the tcp_wrappers libwrap to check if someone could finger
your system. Also uses this library to get the ident information
of the accessing system, and logs as much information as possible.
[You like to be sure if root@hacker.net fingers continually your
system, just because he wants to talk his girlfriend, and he's
not scanning your users for a target to break in, don't you? :)]
- If you use tcpserver/tcpcontrol, xfingerd can use the information
provided by them, so it doesn't need to look up ident info twice.
- It can show status of qmail mailboxes, and check for the case where
it's impossible (i.e. only user readable maildir). Also checks
qmail dash extended user names.
- Won't show all users who match the string you gave it, WHILE
still allows searching for someone. I.e. finger joe@yourhost
will only work if `joe' is a normal account, or if `joe' occurs
in a single name only. This is more useful, as it allows to
to finger `Joe.Public' (or even `Public,Joe'), if someone forgot
the login name of his friend, and still only if a single name
matches the target. In short, it won't disclose the account
names of everyone, whose name contains 'joe'.
- Quite configurable, you can turn off most of the features I
mentioned above (i.e. you don't want to tell anyone what shell
do you use), but only compile-time. While this may sound
as a drawback, I like it this way, because it does not need the
time to parse the config file every time a user is fingered.
(And yes, I don't have to write a parser.. :)
But anyway, you probably know already, what you want, don't
you? :)
Ok, that was quite long, and sounded like a commercial, so I rather
step on my soap box, and let you look around elsewhere.. :)
Anyway, if you happen to like it, or maybe not, but something would get
you to use this, feel free to contact me!
Don't let my spelling, or strange words confuse you, I really can read
English.. :)
Janos
Janos Farkas <chexum@shadow.banki.hu>
|
