4.1.5.8 finger

Information

This entry starts the fingerd daemon.

Rationale:

The fingerd daemon provides the server function for the finger command. This allows users to view real-time pertinent user login information on other remote systems. This service should be disabled as it may provide an attacker with a valid user list to target.

Solution

In /etc/inetd.conf, comment out the finger entry and refresh the inetd process:

chsubserver -r inetd -C /etc/inetd.conf -d -v 'finger' -p tcp
lssrc -s inetd && refresh -s inetd

Default Value:

Disabled

See Also

https://workbench.cisecurity.org/benchmarks/7851