3.3.4.8 finger

Information

This entry starts the fingerd daemon.

Rationale:

The fingerd daemon provides the server function for the finger command. This allows users to view real-time pertinent user login information on other remote systems. This service should be disabled as it may provide an attacker with a valid user list to target.

Solution

In /etc/inetd.conf, comment out the finger entry and refresh the inetd process:

chsubserver -r inetd -C /etc/inetd.conf -d -v 'finger' -p tcp
lssrc -s inetd && refresh -s inetd

Default Value:

Disabled

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 9a97048814b4a3f12fb09e9a93d876e0b4a322a9fcca636d7bcafc3d265d07a6