4.1.5.8 finger

Information

This entry starts the fingerd daemon.

Rationale:

The fingerd daemon provides the server function for the finger command. This allows users to view real-time pertinent user login information on other remote systems. This service should be disabled as it may provide an attacker with a valid user list to target.

Solution

In /etc/inetd.conf, comment out the finger entry and refresh the inetd process:

chsubserver -r inetd -C /etc/inetd.conf -d -v 'finger' -p tcp
lssrc -s inetd && refresh -s inetd

Default Value:

Disabled

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7

Plugin: Unix

Control ID: 17d7fdf51447b7fa027529329b62c9fe59c4ad7d44d873ad7b9a94597d4065ff