
                 Configurable Finger-Query Daemon  version 1.0.2
                  by Ken Hollis  (khollis@bitgate.chatlink.com)
     Released under the GPL as part of the Security/Administrative Package

 -----------------------------------------------------------------------------

 The Configurable Finger Daemon is a replacement for the already
 widely used Finger daemon, which is available from the standard GNU/BSD
 distribution.

 Why was this program written?  For the sole reason that finger is a *VERY*
 big security breach, and is often the first place that hackers check to see
 if they can crack your system.  Namely, they finger "root" on your system
 to see if root is on.  If he's not, then the hacker usually makes his attack
 at that time.

 The CFINGERD can be configured to PREVENT this altogether.  This README file
 simply tells you how to get the system running at minimal performance.  If
 you want to change any options, simply consult the manual pages by typing
 "man cfingerd" and "man cfingerd.conf" for information.

 If you already have an earlier version of cfingerd, make sure that you
 delete the /etc/cfingerd.conf file, and let Configure take care of the rest
 for you, or you will have to copy cfingerd.conf over the old one.  This
 program installs files based on the idea that this is the FIRST version of
 the cfingerd you have installed.  :)

 -----------------------------------------------------------------------------

 Getting started:
 """"""""""""""""
 The first thing you should do is edit your cfingerd.conf file and change any
 options you deem necessary.  It's pretty straight forward in this aspect;
 there are comments placed all over the place, so if you are not quite sure
 what they do, just read the comment line.  If you still don't understand it
 after that point, consult the manual pages.  :)

 After you are done with this, simply type "Configure".  Change any options
 you want to change when you go through the installation steps, and it will
 create the manual page for you.

 The Configuration script will automatically do the following things for
 you, so you don't have to set them:

 - Change the inetd.conf entry (file /etc/inetd.conf) to make the daemon
   run as root.  This is a necessity, since the configuration file 
   permissions are ROOT-READ ONLY.
 - Will figure out your "nobody" user ID, which is how your scripts are
   called.  Each script that is run is run under the nobody group/user ID,
   and thusly cannot cause a security breach.  If you don't have a nobody
   user ID/Group, don't despair.  It uses "old faithful" which is BOUND to
   work.  (At least, it did on all the systems we tested it on.  :)

 If you need to double check (or feel that the script did a bad job) the
 inetd.conf entry, you should see the following entry for "fingerd" or
 "finger", depending on how it's entered in your /etc/services file.

 finger	stream	tcp	nowait	root	/usr/sbin/tcpd	/usr/sbin/in.fingerd

 After you have gone through a successful compilation, and everything seems
 to work, your next task is to hang up inetd so it re-reads the inetd.conf
 file, and handle the correct program for finger.  This can be done with a:

 ps -aux | grep inetd

 and then simply kill off the process by using "kill -HUP processid".  Check
 your syslog display, and you should see "inetd: Rereading configuration" or
 something to that effect.

 Next, to test out your finger program, do a "finger @" and make sure that
 you get a finger display.

 If no errors are reported, then that means things are working.  Now, edit 
 the cfingerd.conf file and edit any other files that you want.  I suggest
 reading the man page.

 ----------------------------------------------------------------------------

 Reporting bugs:
 """""""""""""""
 If you see a bug that is reported, or a "SIGSEGV" is detected, please mail
 the specifics to me, showing exactly what you were doing at the time of the
 occurance.  Also, try to recreate the same problem, and let me know exactly
 what you did to make it crash.

 Also, send the cfingerd.conf file to me, and let me know of any other
 things that may have made the program crash that relate to this.

 I have had several complaints about bug reports that aren't really bug
 reports.  PLEASE READ THE DOCUMENTATION BEFORE RESULTING IN AN E-MAIL 
 MESSAGE TO ME.  If you tell me a problem and you haven't read the docs, and
 your question relates to something that is document-related, I will simply
 reply to your message:  "RTFM".  Don't waste my time.  READ THE DOCS.  I am
 a busy man.

 ----------------------------------------------------------------------------

 HAPPY CODING!
 -- Ken Hollis (The Nutty Coder)
 -- khollis@bitgate.chatlink.com

