By Kurt Seifried Rev 0.1
Securing specific services - Finger (S07.C07)
Finger is one of those things most admins just disable and ignore. It is a useful tool on occasion, but if you want to allow other admins to figure out which of your users is currently trying to crack their machines, use identd. Finger lets out way to much info, and is a favourite tool for inital probes and data gathering on targets. There have also been several nasty DOS attacks released, basically consisting of sending sending hundreds of finger requests and in certain configurations just watching the server croak. Please don't run finger. I don't rmember offhand if it is turned off by default in RedHat 5.X, but to quote inetd.conf:
# Finger, systat and netstat give out user information which may be # valuable to potential "system crackers." Many sites choose to disable # some or all of these services to improve security.
If you still have the urge that you absolutely must run it, go stick your head in a blender, failing that use the command line options for finger in inetd.conf, use -u to deny finger @host requests that are only ever used to gather information for future attacks. Disable finger, really.
Securing Apache | Back to Section 7
Contact Kurt Seifried, All rights reserved Kurt Seifried 1998, content and information may not be reposted physically or electronically without the express permission of the author, this includes but is not limited to www mirror sites, email, usenet news, etc.