On Sat, Jan 05, 2002 at 07:09:01PM +0100, eim wrote: > I'm planing to install a secure finger daemon > on one of the public boxes I admin.
> Which Finger daemon is *really* secure ? > Shouldn't I install this service at all ? > Any experiences about compromised systems ? http://www.fefe.de/ffingerd/ ---- cut ---- 1. Does not need to be run as root 2. Does not support indirect queries 3. Does not allow global queries ("finger @bighost") 4. Users can disallow finger queries by creating the file ~/.nofinger 5. Does not view sensitive information like the home directory or the shell. 6. Displays .plan, .project and .pubkey (for PGP/GnuPG/PEM public keys) Please note that ffingerd does not try to limit the number of ffingerd processes running at the same time. That is the job of inetd. If your inetd lacks support for this, I recommend xinetd or tcpserver. ---- cut ---- I have been running ffingerd on some boxes where users requested a finger daemon for about 3 years and did not have any successfully penetration attemps since I installed it. With best regards Hans -- Hans-Joachim Picht, Consultant <[EMAIL PROTECTED]> Linux Consulting Europe http://www.lnxce.net Vogelhecke 2 D - 35447 Reiskirchen Tel: +491751629201 Fax: +49640862649 Germany -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
