SUMMARY: finger

From: Elena Gianolio (gianolio@ptsun00.cern.ch)
Date: Fri May 23 1997 - 02:53:51 CDT


Hello

my original question :

> how can I remove the possibility of doing the command
> finger on sunos and solaris ?
>
> I removed the line
> #finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd
> in the file /etc/inetd.conf and rebooted the machine but this seems not to be enought ...

the answer:
to stop the use of finger on the network:

comment the line in /etc/init.conf
#finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd
and the line in /etc/services
#finger 79/tcp

then
kill -HUP <inetd.pid>
or reboot

to prevent users from executing the command 'finger'
I should change the permission of the executable
chmod 500 finger
but it's very hard to disable regular fingering,
because even if I delete the programs,people can copy it over.
'finger' is not setuid or setgid, any
User could compile it himself, or collect the Information directly
from the Sources (passwd, utmp/wtmp, Mailspool Timestamps, ...).

thanks to :
Farzad Mansour <zod@home.net>
John Bradley <john.bradley@sr5.chinalake.navy.mil>
"Matthew Stier" <mstier@hotmail.com>
"Rudolph Wray" <rwray@hotmail.com>
john benjamins <johnb@Soliton.COM>
"Daniel R. Penrod" <penrod@wcnewmedia.com>
Sean Ward <seanw@amgen.com>
"Boyko, Steve" <SBoyko@nbpower.com>
Alex Finkel <afinkel@pfn.com>
Jochen Bern <bern@penthesilea.uni-trier.de>
vnarayan@haverford.edu (Vasantha Narayanan)
Rasana Atreya <atreya@library.ucsf.edu>
sysadmin@lvision.com (Systems Admin)
Daniel Baker <dbaker@hobbes.cuckoo.com>

regards
elena

                                     ,,,
GIANOLIO Elena (o o)
---------------------------------ooO-(_)-Ooo----------------------------------
CERN ECP div Phone : +41 22 767 47 51
1211 Geneva 23 Fax : +41 22 767 33 94
Switzerland Email :Elena.Gianolio@cern.ch
-----------------------------=====oooooooooo=====----------------------------



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:55 CDT