|
Introduction: The Auxio Finger Client - afinger
A finger client is a user information lookup program, displaying information about
login names, real names, shells, login times, idle times, telephone numbers etc.
Unfortunately, it has become a bit of a threat to security to reveal all of
the information about all logins on a system to everyone.
afinger is a configurable finger client written in
Perl, and has been placed under the
GNU General Public License, or GNU GPL.
Afinger can be used together with a finger daemon and from the command line,
honours a .nofinger file in home directories, you can set a minimum and maximum UID,
use a Fortune program for erroneous requests, and virtually control each part of the returned
information from the configuration options.
When used stand-alone, afinger will behave like any other finger
client such as the one distributed with your operating system.
If you decide to let remote users retrieve information about the users on your system,
you will need a finger daemon. Mostly run from the inetd
"super-server", the finger daemon listens for TCP requests received on port 79.
Once a remote system connects, the finger daemon reads a single command line terminated by a
<CRLF> which is passed to the local finger client. The finger daemon closes its connections
as soon as all output is finished.
Thus, if you replace your existing finger with afinger, and have a finger daemon running,
it will use afinger to return the information requested by a local or remote user, with
all fields controlled by either the system administrator or the "fingered" user
him- or herself by placing a .nofinger file in the home directory.
It might also be of interest that afinger does not honour finger relaying, for example
user@host@anotherhost, even if the finger daemon has been configured this way.
The in.fingerd manual page states regarding forwarding: "Useful behind firewalls, but
probably not wise for security and resource reasons."
Likewise, requests of the form finger @host are not being honoured,
even if the finger daemon has been configured to allow this. The form
finger user@host should be used instead.
Requirements
- Perl 5
- Finger daemon (optional)
- Fortune (optional)
Tested Platforms
- Linux
- Solaris 2.6
- HP/UX 10.20
- FreeBSD
- OpenBSD
Installation
The installation is very straightforward and can be done in a few steps:
- If your Perl binary is not installed in /usr/bin, open afinger in
your favorite UNIX editor, and change the first line into the full
path to your Perl binary.
- The configuration file afinger.conf is expected to exist
in /usr/local/etc/ by default.
If your wish to have this located elsewhere on your system, edit afinger,
and change the following line in the header:
my $config = '/usr/local/etc/afinger.conf';
into
my $config = 'PATH/TO/afinger.conf';
Now you should read and edit afinger.conf as you please.
Note: If afinger can't find afinger.conf, it will use the settings
inside afinger itself.
- Copy afinger to /usr/local/bin/ and afinger.conf to /usr/local/etc/
or any other path you might have set, and set the installed afinger
to be executable (`chmod 755 /usr/local/bin/afinger`).
- Optionally to let your finger daemon use afinger:
Rename your current finger client.
Create a symbolic link that points from the original finger
location to the afinger location.
The symbolic link may prevent the removal of afinger upon an upgrade of
a system which uses a package management system.
Also see the file INSTALL in the afinger
distribution.
Configuration
The configuration for Auxio finger can be set from the configuration
file afinger.conf.
| option |
default |
explanation |
| forward |
yes |
The contents of an existing $HOME/.forward file of the login (for email forwarding)
can be displayed. |
| network |
yes |
Allow network queries (user@host). This isn't the same as forwarding. |
| login |
yes |
Display login name. |
| name |
yes |
Display real name. |
| home |
yes |
Display home directory. |
| shell |
yes |
Display shell. |
| office |
yes |
Display office location. |
| phone |
yes |
Display home phone. |
| plan |
yes |
Display $HOME/.plan file. |
| proj |
yes |
Display $HOME/.project file. |
| plntime |
yes |
Display .plan modification time. |
| prjtime |
no |
Display .project modification time. |
| mail |
yes |
Display mail status information. |
| term |
yes |
Display terminal information. |
| pub |
yes |
Display public key file. |
| fortune |
no |
Use the Fortune program for errors. |
| cookie |
bofh |
Fortune-cookie file to use. |
| maxbyte |
32768 |
Maximum of Bytes returned via the network. |
| minuid |
500 |
UIDs below minuid can not be fingered. |
| maxuid |
60000 |
UIDs above maxuid can not be fingered. |
| usecgi |
no |
Use afinger as CGI script (prepends Content-Type). |
Again, if a configuration file cannot be found, afinger will use the settings
inside the script.
Output Examples
afinger used locally on a user with an UID below the minimum level returning
a Fortune cookie:
$ afinger root
Today's problem: Disk or processor on fire.
Using afinger on a remote user with several fields omitted by the remote afinger:
$ afinger pkrul@www.auxio.org
[www.auxio.org]
Login: Name: Pieter Krul
Office: Home Phone: +31185189642
New mail received Mon Dec 25 00:45:38 2000
Unread since Sun Dec 24 23:00:37 2000
No Plan.
It is also possible for instance to omit all fields, except a ~/.plan, to
create output similar to the one returned when you finger linux@www.kernel.org
Fortunes
The BOFH fortune cookie file (bofh.dat) is included in the afinger package.
It is based on The BOFH excuses
by Jeff Ballard et al.
This file can be copied to eg. /usr/share/games/fortunes/ or wherever
the cookies may be placed on the system, and be used directly by the fortune
program, if installed. Other cookies will work as well, allthough the output may be
a bit of a surprise.
Download
There are currently no Debian, RPM or PKG packages available of Auxio Finger.
The latest version of afinger is 0.43, available as a GNU compressed tar archive from:
Older versions of afinger:
|
Changes
Changes in Auxio finger
------------------------------------------------------------------------------
v0.43:
Added support for displaying modification times of .plan and .project
Fixed some quotes in the bofh cookie file.
v0.42:
Added support for using afinger as a simple CGI program.
v0.41:
Support for an external configuration file has been added by
Peter Jones.
Arguments passed by a finger daemon are now being checked with
Getopt(), which also brought support for the FreeBSD finger
daemon (Peter Jones), and multiple queries at once.
Overall code cleanup.
CREDITS and INSTALL files added.
v0.4:
A maximum UID can now be configured (default: 60000).
getpwnam() is now being used, which has the advantages that besides
it's easier, NIS support was automagically added.
Terminals and login times are now being displayed using 'who', which
is much faster, allthough each OS has it's own idea of command
switches.
Fortune output is no longer configured by default.
v0.31:
Input is now being more extensively being filtered for weird
characters such as *()|? etc. This wasn't dangerous before, but it
could produce responses like...
/^[:.*/: unmatched [] in regexp at /usr/bin/finger line 79,
chunk 1.
..which isn't that nice to see.
If a hostname can't be looked up in the DNS, a more sane response is
now being given.
Placed the .forward file check before the mail status check.
v0.3:
A mail status check has been added.
v0.2:
You can now choose which part of the output will be displayed.
This is only useful when using afinger together with a finger
daemon. See the configuration options in the header of the
script.
v0.1:
Initial release.
|
|
