The old finger service-detailed explanation-Linux Enterprise Application-Linux server application information. The following is a detailed description. Copyright Disclaimer: You can freely repost this article, but be sure to keep the integrity of this article.
Author: Zhang Zijian E-mail: zhangzijian@163.com Description: examples involved in this article are obtained under coreora core3.
In this document, I will introduce the basic knowledge and operating principles of the finger service. The finger command is detailed in a large amount of space and its returned information is explained. You can also modify the user's finger information. Finally, it describes the security risks of finger (which can be exploited by hackers to obtain a large amount of useful information from the system) and its handling methods. Interestingly, the article also contains some stories about the finger service.
The finger service is a service provided by the finger server to query the Public Information of local or remote host users. In RFC1288, its name is the User Information Lookup program.
In early UNIX systems, many students and researchers used the finger service to expose some of their specific information for communication. For example, some researchers use it to publish their own research, and some teachers publish their course schedules. Some hosts broadcast the game situation, and some publish information about the current earthquake activity. However, the finger service is more useful for disclosing specific information of a person.
Some returned information is as follows:
User Login Name
Real name
Office location
Home phone number
Office phone number
User main directory
Shell used
Plan
Note: The above information is only some of the information returned by the finger server, and other information is not provided. The information returned by the finger server varies with different systems.
The finger command first appeared in BSD3.0. Later, many unix versions have transplanted this program. The fedora core3 I use also has the finger client. However, fc3 disables the remote finger service by default. Now, many hosts have disabled this service (security reasons are described below ). However, some American universities also offer this old service.
Coke server story
In the middle of 1970s, the computer department of Carnegie meileng University was installed with a cool-Cola machine. Later, the Department expanded, from which programmers were assigned to offices on different floors. They often went far and came to the machine to find that there was no Coca-Cola. Or they find that there is Coca-Cola in the machine, but the time is not enough, it is still hot. Their solution is to install a switch in the machine to determine how many bottles of carbonated drinks can be obtained and track how long it will take for each bottle to cool. A dedicated Finger server was set up to allow people to remotely check the machine. When you Finger a dedicated user ID (coke), it will display the status of the capacity of this coke machine.
But now I cannot find their coke servers. Maybe they have changed the server I don't know, or they have already disabled the service. However, we can provide you with a finger server for the finger experiment. We will see it below.
Finger uses TCP port 79 Based on the transmission control protocol. The local host opens a connection to the remote host on the Finger port. The remote host's RUIP (remote user information program) becomes valid to process requests. The local host sends a Finger-Based Query instruction-based request to RUIP, and then waits for the RUIP to respond. RUIP receives and processes this request, returns a response, and then initiates a close connection. The local host receives the response and close signal, and then closes the local host.
Description
This principle is derived from RFC1288. To put it simply, the finger service is a set of Client/Server systems. The server provides user information for the client to query.
To use the finger service, you only need to know the remote host name, user login name, or user's real name. The basic format is finger user @ host or finger @ host.
In the following example, the remote host is the finger server of Carnegie Mellon University Computer College.
Example 1
Finger command without option
[Root @ localhost ~] # Finger @ cs.cmu.edu
Login Name TTY Idle When Where
Root Super-User pts/2 13d Wed :53 venera.fac.cs.cmu.edu
Explanations
The First Login column is the user Login name, which is root here.
The second column Name is the real User Name, which is Super-User here.
The third column TTY is the terminal name, where it is pts/2.
The fourth column of Idle shows the time when the user is active on this terminal. If the record is blank, the person is using his terminal. Otherwise, you will see how long the terminal is idle. It is idle for 13 days.
In the Fifth Column, When displays the user login date and time, which is on Wednesday.
Column 6 Where shows how users log on. If this item is blank, it indicates that this person is using a terminal that is directly connected to the host. Otherwise, this person connects to the host through a computer or terminal server with a given name. This is through the host venera.fac.cs.cmu.edu.
Example 2
Finger command with-l Parameter
[Root @ localhost ~] # Finger-l @ cs.cmu.edu
Login name: root In real life: Super-User
Directory:/Shell:/sbin/sh
On since May 10 10:53:14 on pts/2 from venera.fac.cs.cmu.edu
13 days Idle Time
No unread mail
No Plan.
Explanations
The finger command with the-l parameter returns detailed information. Here, the user's home directory, User shell, whether the user has unread emails, user plans, and other projects are displayed.
Example 3
The following example shows a lot of content. We can see that Hu Ning, a Chinese, has painted a fox in his plan (this fox is probably him ). For more information about the finger command, refer to the following section.
[Root @ localhost ~] # Finger h@cs.cmu.edu
Search limit exceeded, first 10 entries displayed using fuzzy name match
No entries found for exact uid match
No entries found for exact name match
Login: hhfu Name: Hui Hua Fu
Directory:/afs/cs.cmu.edu/user/hhfu
Mail is forwarded to hhfu + @ imap-ns.srv.cs.cmu.edu
No Plan
Login: dwilson Name: Dan Wilson
Daniel H Wilson
Directory:/afs/cs.cmu.edu/user/dwilson
Mail is forwarded to dhw@alumni.cmu.edu
Plan:
Second year graduate student, Robotics Institute/CALD
Advisor: Chris Atkeson
Web Page: http://www.cs.cmu.edu /~ Dwilson/
Office: NSH A525
(412) 268-5909
Home: (412) 363-7462
Cell: (412) 478-2421
Login: ninghu Name: Ning Hu
Directory:/afs/cs.cmu.edu/user/ninghu
Mail is forwarded to ninghu + @ imap.srv.cs.cmu.edu
Plan:
. % ^ "B e $ Ning Hu Ph. D. Student
F $ e L d $ "'f --------------------------------------
. % $ R l j $ P 4% Computer Science Department
4. $ ^ r. J $ P $ Carnegie Mellon University
J 4 $ ^ * $ e. d 5000 Forbes Ave
P 3 $ F $ e. pitt0000gh, PA 15213
* ^ $ Z $. B
D J $ 'email: ninghu@cs.cmu.edu
J $ F ^ "$ P" "** $ L $ F
4 $-$ e. "$ zdFd Phone: (412) 268-1557 (O)
$. $. % (412) 243-6285 (H)
4 $"4 $ P * $ .*
$ % $ C "Home Page: www.cs.cmu.edu /~ Ninghu
$ % "" ^ * $ J $ B ^.
$ % 4 $ B. "* $ * F ::::::::::::::::::::::::::::::
% ^ $ Ee ** ": +:
4 F ++: ++
L. d: #: +: # + # ++: ++ # ++:
'* "D $ ++ # ++
". R$ $ % P %. @ $" #################+ #
####################
Login: yihchun Name: Yih-Chun Hu
Directory:/afs/cs.cmu.edu/user/yihchun
Mail is forwarded to yihchun@uiuc.edu
Plan:
I hope to graduate from CMU's Ph. D. program in Computer Science... eventually.
Office: 4114 Wean Hall, (412) 268-3075
Lab: 3418 Wean Hall, (412) 268-6972
Fax: (412) 268-5576
Home: (412) 688-0661
Web: http://www.cs.cmu.edu /~ Yihchun/
Snail Il: Yih-Chun Hu
Department of Computer Science
5000 Forbes Avenue
Carnegie Mellon University
Pitt0000gh, PA 15213
Travel:
Login: jennylo Name: Hiu Yu Lo
Directory:/afs/cs.cmu.edu/user/jennylo
No Plan
Login: janiceb Name: Janice H. Brochetti
Directory:/afs/cs.cmu.edu/user/janiceb
Mail is forwarded to janiceb + @ imap.srv.cs.cmu.edu
No Plan
Login: changbo Name: Changbo Hu
Directory:/afs/cs.cmu.edu/user/changbo
Mail is forwarded to changbo + @ imap-ns.srv.cs.cmu.edu
No Plan
Login: hzhang Name: Hui Zhang
Directory:/afs/cs.cmu.edu/user/hzhang
Mail is forwarded to hzhang + @ imap-ns.srv.cs.cmu.edu
Plan:
Worker sor
School of Computer Science Office: 7126 Wean Hall
Carnegie Mellon University Number: (412) 268-8945
5000 Forbes Ave Email: hzhang@cs.cmu.edu
Pitt0000gh, PA 15213-3891 URL: http://www.cs.cmu.edu /~ Hzhang
Login: hou Name: Lily Hou
Directory:/afs/cs.cmu.edu/user/hou
Mail is forwarded to hou + @ imap.srv.cs.cmu.edu
Plan:
Login: hyu Name: Hua Yu
Directory:/afs/cs.cmu.edu/user/hyu
Mail is forwarded to hyu2000@gmail.com
Project: Remodel the wheel
Plan:
Hua Yu (thesis mode, reloaded)
Office:
2602B Newell Simon Hall (412) 268-5479
Language Technology Institute (LTI a.k. a. CMT)
Fax: (412) 268-6298
Delivery:
4502 Newell Simon Hall (LTI)
Carnegie Mellon Univ., 5000 Forbes Ave.
Pitt0000gh, PA 15213
Home:
Apt.301, 5628 Hempstead St. (412) 422-2762
Pitt0000gh, PA 15217
Hyu@cs.cmu.edu http://www.cs.cmu.edu /~ Hyu
"Be who you are and say what you feel because the people who mind
Don't matter and the people who matter don't mind. "-Dr. Seuss
"I contend, that the Negro is the creative voice of America, is creative
America, and it was a happy day... when the first unhappy slave landed
On its shores. "-Duke elington
Displays data about one or more users, including information listed in files. plan and. project under each user directory. You can specify each user as a login name (exact match) or as a surname or name (display information of all matched names ). In the network environment, the form of identifiable parameters is user @ host or @ host.
Option
-S
The short format is displayed, including the login name, real name, terminal name, write status, idle time, office location, and office phone number.
-L
Use the long format (default) to display all information contained by the-s option, as well as the main directory, home phone number, logon shell, mail status,. plan,. project, and. forward.
-P
The. plan and. project files are omitted in the display.
-M
Do not match the user's "real" name.
Description
If the user name is provided, the "-l output style" is set by default if the finger option is not specified. Otherwise, the "-s" style is used. Note: In the two formats, some fields may be lost if the information is insufficient. If the finger parameter is not specified, an entry is printed for each user currently logged on. Finger can be used to view user information on a remote machine. The format is user @ host or @ host. The default output of the former is-l, and the default output of the latter is-s. -L is the only option for transferring data to a remote machine.
--------------------------------------------------------------------------------
How to change finger information
You can use the chfn command to modify the content of finger. See the following example:
[Root @ localhost ~] # Chfn zhangzijian
Changing finger information for zhangzijian.
Name [zhangzijian]: laojian
Office [2, 11229]: China
Office Phone [13888888888]:
Home Phone [13888888888]:
Finger information changed.
Explanation: The chfn command without option enters the interactive mode. If you do not enter any content in each project, the original value is retained.
[Root @ localhost ~] # Chfn-o 13800138000 zhangzijian
Changing finger information for zhangzijian.
Finger information changed.
Explanation: Here, I designate China Mobile's recharge phone number as my office phone number.
How to Use the chfn command
Chfn [options] [username]
After the user is verified, you can modify the information stored in/etc/passwd and displayed. If the options option is not available, the chfn enters the interaction mode and prompts you to modify it. To get a blank area, enter the keyword none. Only privileged users can change information for another user. For common users, chfn prompts the user to enter the password before the change.
The most popular finger application was developed by the University of California Berkeley. However, the BSD version provides very few options for detailed Finger RUIP (remote user information program) for specific site security policies or to protect users from dangerous data attacks. In addition, it has many security risks that users and administrators need to pay attention to, especially because the purpose of the Protocol is to return system user information, which is the most likely cause of problems.
In some Unix systems, the fingerd implementation has security issues. Remote attackers may exploit this vulnerability to obtain information about system users. When a request is submitted using a number as the user name, a remote attacker may obtain some account names in the system. For example, finger 0 @ host.
For example, in the example of Carnegie Mellon University, you can obtain the shell information used by the administrator of the cs.cmu.edu host and when the host will be active. In this way, attackers can obtain a lot of information about the host. In the following example, the famous morris worm crashed about 1988 unix hosts that accounted for 1/10 of the Internet in 6000, with a loss of about $15 million.
Review history [Robert tappan morris's network worm uses finger daemon. Finger daemon allows sending more than 512 bits from the remote host as Finger requests. However, finger has a cache overflow vulnerability because a correct boundary check is missing. The finger host interprets anything that exceeds 512 bits as a command executed locally, regardless of the permission of finger daemon.]
Countermeasure
If possible, disable the remote service of finger and retain the local service. If you want to disable local services, you can directly Delete the finger command.
Disable remote services (in linux)
You can set the fingerd STARTUP script in inetd. d/xinetd. d and set the disable item to yes.
Disable remote service (under solaris)
Open the/etc/inetd. conf file and find the following line:
Finger stream tcp nowait nobody/usr/sbin/in. fingerd in. fingerd
Add # At the beginning of the line to annotate it
# Finger stream tcp nowait nobody/usr/sbin/in. fingerd in. fingerd
3. Restart inetd
# Ps-ef | grep inetd
Root 167 1 0 Oct 07? 0: 07/usr/sbin/inetd-s-t
# Kill-HUP 167 (in the above example, 167 is the pid of inetd)
If you want to retain the finger service, pay attention to the server version updates. And record the IP addresses that attempt to connect to the server to the log.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
