Adding some more content to fingerd - infra - Terraform IoC for my remote (Hetzner) and local (Incus) servers.
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
(DIR) commit 703f1573bbc8c32798854bd0e9b8416281d3989e
(DIR) parent 04942e5e4cd292940891157315627ee4e78a4140
(HTM) Author: Jay Scott <me@jay.scot>
Date: Tue, 31 Jan 2023 21:08:47 +0000
Adding some more content to fingerd
Diffstat:
M ansible/roles/finger/files/list | 13 ++++++++++++-
M ansible/roles/finger/files/luser | 16 ++++++++++++++--
A ansible/roles/finger/files/morris.… | 112 +++++++++++++++++++++++++++++++
M ansible/roles/finger/files/nouser | 18 ++++++++++++------
M ansible/roles/finger/tasks/main.yml | 1 +
5 files changed, 151 insertions(+), 9 deletions(-)
---
(DIR) diff --git a/ansible/roles/finger/files/list b/ansible/roles/finger/files/list
@@ -1,4 +1,15 @@
#!/bin/sh
cat "/etc/efingerd/logo.txt"
-printf "\nusers:\n\t%s\n" "$(who -uw | cut -d " " -f 1 | sort | uniq)"
+
+printf "\n\n"
+printf "Welcome to jay.scot!\n"
+printf "Uptime : %s\n\n" "$(uptime)"
+
+printf "Available Fingers:\n\n"
+printf "\tusername ... get user info\n"
+
+printf "\n\n"
+printf "Current Users:\n\n"
+printf "\tJay Scott\t\t%s\n" "$(last jay -n1 -R --time-format full | head -n1)"
+printf "\tRobert Morris\t\tmorris\t pts/0\t Wed Nov 2 08:23:03 1988\tstill logged in"
(DIR) diff --git a/ansible/roles/finger/files/luser b/ansible/roles/finger/files/luser
@@ -7,11 +7,23 @@ elif [ "$3" = "git" ]; then
else
user_folder="/home/${3}"
- if [ -f "${user_folder}/finger.txt" ]; then
+ if [ -f "${user_folder}/.header" ]; then
+ cat "${user_folder}/.header"
printf "\n"
- cat "${user_folder}/finger.txt"
+ fi
+
+ if [ -f "${user_folder}/.plan" ]; then
+ printf "Plan:\n"
+ cat "${user_folder}/.plan"
+ printf "\n"
+ fi
+
+ if [ -f "${user_folder}/.project" ]; then
+ printf "Project:\n"
+ cat "${user_folder}/.project"
printf "\n"
fi
+
fi
exit 0
(DIR) diff --git a/ansible/roles/finger/files/morris.txt b/ansible/roles/finger/files/morris.txt
@@ -0,0 +1,112 @@
+
+The Morris worm or Internet worm of November 2, 1988, is one of the oldest
+computer worms distributed via the Internet, and the first to gain significant
+mainstream media attention. It resulted in the first felony conviction in the
+US under the 1986 Computer Fraud and Abuse Act. It was written by a graduate
+student at Cornell University, Robert Tappan Morris, and launched on November
+2, 1988, from the Massachusetts Institute of Technology network.
+
+
+|> Architecture
+
+
+The worm was created by Morris simply to see if it could be done,
+and was released from the Massachusetts Institute of Technology (MIT) in the
+hope of suggesting that its creator studied there, instead of Cornell. Morris
+later became a tenured professor at MIT in 2006. The worm's creator Robert
+Tappan Morris is the son of cryptographer Robert Morris, who worked at the NSA
+at the time.
+
+The worm exploited several vulnerabilities of targeted systems, including:
+
+ A hole in the debug mode of the Unix sendmail program
+
+ A buffer overflow or overrun hole in the finger network service
+
+ The transitive trust enabled by people setting up network logins with no
+ password requirements via remote execution (rexec) with Remote Shell (rsh),
+ termed rexec/rsh
+
+ The worm exploited weak passwords. Morris's exploits became generally
+ obsolete due to decommissioning rsh (normally disabled on untrusted networks),
+ fixes to sendmail and finger, widespread network filtering, and improved
+ awareness of weak passwords.
+
+Though Morris did not intend for the worm to be actively destructive, instead
+seeking to merely highlight the weaknesses present in many networks of the
+time, an unintentional consequence of Morris's coding resulted in the worm
+being more damaging and spreadable than originally planned. It was initially
+programmed to check each computer to determine if the infection was already
+present, but Morris believed that some system administrators might counter this
+by instructing the computer to report a false positive. Instead, he programmed
+the worm to copy itself 14% of the time, regardless of the status of infection
+on the computer. This resulted in a computer potentially being infected
+multiple times, with each additional infection slowing the machine down to
+unusability. This had the same effect as a fork bomb, and crashed the computer
+several times.
+
+The main body of the worm can only infect DEC VAX machines running 4BSD,
+alongside Sun-3 systems. A portable C "grappling hook" component of the worm
+was used to download the main body parts, and the grappling hook runs on other
+systems, loading them down and making them peripheral victims.
+
+
+|> Coding mistake
+
+
+Morris's coding mistake, in instructing the worm to replicate itself regardless
+of a computer's reported infection status, transformed the worm from a
+potentially harmless intellectual and computing exercise into a viral
+denial-of-service attack. Morris's inclusion of the rate of copy within the
+worm was inspired by Michael Rabin's mantra of randomization.
+
+The resulting level of replication proved excessive, with the worm spreading
+rapidly, infecting some computers several times. Rabin would eventually comment
+that Morris "should have tried it on a simulator first".
+
+|> Effects
+
+During the Morris appeal process, the US court of appeals estimated the cost of
+removing the virus from each installation was in the range of $200–53,000.
+Possibly based on these numbers, Clifford Stoll of Harvard estimated for the US
+Government Accountability Office that the total economic impact was between
+$100,000 and $10,000,000. Stoll, a systems administrator known for discovering
+and subsequently tracking the hacker Markus Hess three years earlier, helped
+fight the worm, writing in 1989 that "I surveyed the network, and found that
+two thousand computers were infected within fifteen hours. These machines were
+dead in the water—useless until disinfected. And removing the virus often took
+two days." Stoll commented that the worm showed the danger of monoculture,
+because "If all the systems on the ARPANET ran Berkeley Unix, the virus would
+have disabled all fifty thousand of them."
+
+It is usually reported that around 6,000 major UNIX machines were infected by
+the Morris worm. However, Morris's colleague Paul Graham claimed, "I was there
+when this statistic was cooked up, and this was the recipe: someone guessed
+that there were about 60,000 computers attached to the Internet, and that the
+worm might have infected ten percent of them." Stoll estimated that "only a
+couple thousand" computers were affected, writing that "Rumors have it that
+[Morris] worked with a friend or two at Harvard's computing department (Harvard
+student Paul Graham sent him mail asking for 'Any news on the brilliant
+project')."
+
+The Internet was partitioned for several days, as regional networks
+disconnected from the NSFNet backbone and from each other to prevent
+recontamination while cleaning their own networks.
+
+The Morris worm prompted DARPA to fund the establishment of the CERT/CC at
+Carnegie Mellon University, giving experts a central point for coordinating
+responses to network emergencies. Gene Spafford also created the Phage mailing
+list to coordinate a response to the emergency.
+
+Morris was tried and convicted of violating United States Code Title 18 (18
+U.S.C. § 1030), the Computer Fraud and Abuse Act, in United States v. Morris.
+After appeals, he was sentenced to three years' probation, 400 hours of
+community service, and a fine of US$10,050 (equivalent to $20,000 in 2021) plus
+the costs of his supervision. The total fine ran to $13,326, which included a
+$10,000 fine, $50 special assessment, and $3,276 cost of probation oversight.
+
+The Morris worm has sometimes been referred to as the "Great Worm", due to the
+devastating effect it had on the Internet at that time, both in overall system
+downtime and in psychological impact on the perception of security and
+reliability of the Internet. The name was derived from the "Great Worms" of
+Tolkien: Scatha and Glaurung.
(DIR) diff --git a/ansible/roles/finger/files/nouser b/ansible/roles/finger/files/nouser
@@ -1,11 +1,17 @@
#!/bin/sh
-cat <<EOM
+if [ "$3" = "morris" ]; then
+ cat "/etc/efingerd/morris.txt"
+else
-You tried to finger non-existent user!!!
-Your attempt is logged and sent to Scotland Yard, MI5 and the DLVA..
+ cat <<EOF
-Expect a visit soon.
+ You tried to finger non-existent user!!!
+ Your attempt is logged and sent to Scotland Yard, MI5 and the DLVA..
-Just joking, it went to /dev/null
-EOM
+ Expect a visit soon.
+
+ Just joking, it went to /dev/null
+EOF
+
+fi
(DIR) diff --git a/ansible/roles/finger/tasks/main.yml b/ansible/roles/finger/tasks/main.yml
@@ -23,6 +23,7 @@
loop:
- list
- logo.txt
+ - morris.txt
- log
- luser
- nouser