Login or Register to Ask a Question and Join Our Community


UNIX for Beginners Questions & Answers

Finger command and security issue

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Beginners Questions & Answers Finger command and security issue
# 1  
Old 10-27-2016
Finger command and security issue
Code:
$ finger yeti                                      
Login: yeti                             Name: yeti
Directory: /arpa/tz/y/yeti              Shell: /bin/ksh
On since Wed Apr  2 15:24 (UTC) on pts/149
Mail last read Mon Mar 31 11:08 2014 (UTC)
No Plan.

Hi there,

I am trying to understand how does the finger dameon derives the information it returns and how it can be abused.

Moderator's Comments:
Mod Comment
Please wrap all code, files, input & output/errors in CODE tags.
It makes is far easier to read a preserves leading/multiple spaces for indenting or fixed width data.
Last edited by rbatte1; 10-27-2016 at 10:20 AM.. Reason: Added CODE tags
# 2  
Old 10-27-2016
finger/fingerd gives away information about users that it retrieves from a local or remote system, from the passwd file, home directory, login information. Information like name, login name, possibly even an email address and when a user recently logged in. It can be used to check if a user exists and can be a source for social engineering. There were also some security holes in the past.
# 3  
Old 10-27-2016
The service fingerd offers the connection when querying across the network. I'm not aware of any requirement to authenticate, but I'm sure I will be corrected if I'm wrong. This might pass some information (userids) that you do not wish to share in plain text. It would be more secure to have the service disabled and get the information (if you require it) with an ssh based command, such as:-
Code:
ssh ServerB finger > /tmp/ServerB.finger-output


I hope that this helps,
Robin
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Not able to disable finger & telnet command in Solaris 8

Hi I need to disable finger & telnet command in solaris 8 I have put the # infront of finger and telnet line in /etc/inetd.conf file. Further I have run the below command kill -1 <process id of inetd > But when I am running finger command it is till giving information for remote machine... (8 Replies)
Discussion started by: amity
8 Replies

2. UNIX for Dummies Questions & Answers

[Solved] Finger command

Hi, I am writing script to take last logon user id detials by using finger command. But I am getting below output. wer34 Feb 10:23 I NEED to display wer34 Feb 10 2013 10:23, Is there any way to get like this. (18 Replies)
Discussion started by: stew
18 Replies

3. UNIX for Dummies Questions & Answers

Extracting specific info finger command

how to extract user machine name for current terminal using finger command below command gives machinename for all session , is it possible to filter it to only currernt terminal ? finger -b -p $LOGNAME | grep from (12 Replies)
Discussion started by: lalitpct
12 Replies

4. UNIX for Dummies Questions & Answers

Finger command help

Hi Does anyone know if there is anyway of doing the finger command for all user id's in my enviroment. What I need to obtain is the full names of all users on the system. I know if i do the finger command with no arguments it will list users currently logged in, but i need all users... ... (2 Replies)
Discussion started by: m3y
2 Replies

5. UNIX for Advanced & Expert Users

finger command

I want to know the correct version of how i should use the finger command in this example below.(os is debian lenny) (nymserver.pl is located in /home/nymserv directory.) the two versions are : (in/etc/inetd.conf) finger stream tcp nowait nymuser /usr/nym/nymserv nymserv... (3 Replies)
Discussion started by: xstation
3 Replies

6. UNIX for Dummies Questions & Answers

Extracting specific info from finger command

Hello all, my unix is bash based and the finger command output is: Login Name Tty Idle LoginTime Office amos.john Amos John pts/26 1 Dec 5 16:18 (77.100.22.07) What am trying to achieve is extract the Login (amos.john) and Name (Amos John) from this output without using awk or sed. ... (1 Reply)
Discussion started by: franny
1 Replies

7. Shell Programming and Scripting

help in finger command.

Hi, iam using sunsolaris. when you type finger command -- it dispalys information about local and remote users. but here it shows as can't stat /dev/gold:8664 can anybody help what is the solution for this error. previously the output came. thanks, shan (1 Reply)
Discussion started by: shanshine
1 Replies

8. UNIX for Advanced & Expert Users

finger command

Hello all, Here is what I am trying to do. If a user exist, then send an echo "EXIST" or else "DOES NOT EXIST". (under HP-UX) Kind of: #!/usr/bin/sh USER=mylogin finger $USER if $? = 0 then echo "EXIST"" else echo "DOES NOT EXIST" fi (10 Replies)
Discussion started by: qfwfq
10 Replies

9. Shell Programming and Scripting

How to input username on text file into finger command on shell script

I'm trying to clean up my server and I have the list of some "special" users stored on the text file like this Now I want to write a shell script to finger all of them so I can have some kind of ideas who they are but here comes the problem....I completely forgot how to do it with shell... (3 Replies)
Discussion started by: Micz
3 Replies

10. Shell Programming and Scripting

Using the Finger command in a Script

This is my senario..... The user enters a userid into linux. ((I have have already scripted the command to read this userid.)) I need help in writing the script so It reads the userID and in conjuction w/ the finger command displays to the user "no plan" on the screen (so the user reads/sees... (4 Replies)
Discussion started by: apolishuk
4 Replies
Login or Register to Ask a Question