in.fingerdTEXTR*chY HUmBIN#!/usr/bin/perl -w # in.fingerd - A sysadmin tool... # Detects, stops, and reports finger requests & attacks... # NOTE: You NEED to READ The Code and SET Some Variables BEFORE Installing! # Those areas which need setting are INDICATED by the word 'Set ...'. # Version v0.01s - # Written by -Sneex- :] on Dec 20th, 1999 at 09:30AM # Copyright (C) Sneex 1999; All Rights Rserved... use strict; use diagnostics; use Sys::Syslog; # Set Warning: # Remeber to change all the localhost & localdomain to your host and domain; # also change yourID to your e-mail ID... print " This server is not allowing finger requests. If you are having trouble, or need to look up a user on this server, please contact either root\@localhost.localdomain or postmaster\@localdomain Thank you for your understanding in this matter, Systems Adminsitrator/Webmaster http://www/cgi/mail?yourid "; print "This notice was served (and logged) at ", scalar localtime, " local time.\n\n"; # Set the userID, if known... my $usrID = `/usr/bin/whoami`; my $target = @ARGV ? $ARGV[0] : 'unknown'; my $mailAdmin = 'yourID@localdomain'; # Send Log-On Reports to? my $mailProject = 'yourID@localdomain'; # Responsible for Project? my $SENDMAIL = '/usr/lib/sendmail'; # The location of your sendmail binary... $| = 1; # Use unbuffered I/O... open (MAIL, "| $SENDMAIL $mailAdmin") || die ("$0: Fatal Error! Cannot open sendmail: $!\n"); print MAIL "Reply-to: $mailProject\n"; print MAIL "From: 'in.fingerd.Tracking.Server'\n"; print MAIL "To: 'CompanyName.Server.SysAdmin'\n"; print MAIL "Subject: 'fingerd' service request by $usrID\n"; print MAIL "X-Comments: ===== A Message from the $0 application... =====\n"; print MAIL "SECURITY: Access to $0 by (real $< )(effective $> )\n"; print MAIL "\n"; # To hide 'event' under X-Comments, comment out line... print MAIL "UserID: $usrID tried \'finger $target\' request on \@ ", scalar localtime; # Who requested what... #print MAIL "\n"; #print MAIL "Relevant data:\n\n"; #print MAIL `ps -ef ; who ; w ; /top -SnU$usrID`; print MAIL "\n"; print MAIL "=================================================================\n"; print MAIL "NOTE: This message was sent through the in.fingerd Perl System, \n"; print MAIL " Msg Monitor v0.05s (Alpha) by -Sneex- :] (WC Jones), JaxPM\n"; print MAIL "=================================================================\n"; print MAIL "\n"; close (MAIL); # and finally - log what was found... openlog("in.fingerd", "ndelay", "daemon"); syslog("notice", "Local %s tried %s finger request.\n", $usrID, $target); closelog(); exit; hhFnNUJO g,VHHgRA"0-HA-HA-HA -HA -HA -HA -HA! -HA!-HA!-H`PA*2-HA-X-HA52-HA6-HA8P-HA9-HA; -HA<-HA>,-HA@-HA -HA@@-Hp/Hn/ NR>JO gB,.AH Monaco@  + R+ RU$R*chHH(FG(HH(d'`Monacoica Medium  Helvetica ConfidentialH Windows 95hhF rj~FMPSRBBSTL o