3.1.5.8 finger

Information

This entry starts the fingerd daemon.

Rationale:

The fingerd daemon provides the server function for the finger command. This allows users to view real-time pertinent user login information on other remote systems. This service should be disabled as it may provide an attacker with a valid user list to target.

Solution

In /etc/inetd.conf, comment out the finger entry and refresh the inetd process:

chsubserver -r inetd -C /etc/inetd.conf -d -v 'finger' -p tcp
lssrc -s inetd && refresh -s inetd

Default Value:

Disabled

See Also

https://workbench.cisecurity.org/files/4119

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 91f5094dca825a5b54b863da49543abd461fd6b40fe6387653ef174fdea5bff5