Adding some more content to fingerd - infrastructure - Unnamed repository; edit this file 'description' to name the repository. (DIR) Log (DIR) Files (DIR) Refs (DIR) README --- (DIR) commit 703f1573bbc8c32798854bd0e9b8416281d3989e (DIR) parent 04942e5e4cd292940891157315627ee4e78a4140 (HTM) Author: Jay Scott <me@jay.scot> Date: Tue, 31 Jan 2023 21:08:47 +0000 Adding some more content to fingerd Diffstat: M ansible/roles/finger/files/list | 13 ++++++++++++- M ansible/roles/finger/files/luser | 16 ++++++++++++++-- A ansible/roles/finger/files/morris.… | 112 +++++++++++++++++++++++++++++++ M ansible/roles/finger/files/nouser | 18 ++++++++++++------ M ansible/roles/finger/tasks/main.yml | 1 + 5 files changed, 151 insertions(+), 9 deletions(-) --- (DIR) diff --git a/ansible/roles/finger/files/list b/ansible/roles/finger/files/list @@ -1,4 +1,15 @@ #!/bin/sh cat "/etc/efingerd/logo.txt" -printf "\nusers:\n\t%s\n" "$(who -uw | cut -d " " -f 1 | sort | uniq)" + +printf "\n\n" +printf "Welcome to jay.scot!\n" +printf "Uptime : %s\n\n" "$(uptime)" + +printf "Available Fingers:\n\n" +printf "\tusername ... get user info\n" + +printf "\n\n" +printf "Current Users:\n\n" +printf "\tJay Scott\t\t%s\n" "$(last jay -n1 -R --time-format full | head -n1)" +printf "\tRobert Morris\t\tmorris\t pts/0\t Wed Nov 2 08:23:03 1988\tstill logged in" (DIR) diff --git a/ansible/roles/finger/files/luser b/ansible/roles/finger/files/luser @@ -7,11 +7,23 @@ elif [ "$3" = "git" ]; then else user_folder="/home/${3}" - if [ -f "${user_folder}/finger.txt" ]; then + if [ -f "${user_folder}/.header" ]; then + cat "${user_folder}/.header" printf "\n" - cat "${user_folder}/finger.txt" + fi + + if [ -f "${user_folder}/.plan" ]; then + printf "Plan:\n" + cat "${user_folder}/.plan" + printf "\n" + fi + + if [ -f "${user_folder}/.project" ]; then + printf "Project:\n" + cat "${user_folder}/.project" printf "\n" fi + fi exit 0 (DIR) diff --git a/ansible/roles/finger/files/morris.txt b/ansible/roles/finger/files/morris.txt @@ -0,0 +1,112 @@ + +The Morris worm or Internet worm of November 2, 1988, is one of the oldest +computer worms distributed via the Internet, and the first to gain significant +mainstream media attention. It resulted in the first felony conviction in the +US under the 1986 Computer Fraud and Abuse Act. It was written by a graduate +student at Cornell University, Robert Tappan Morris, and launched on November +2, 1988, from the Massachusetts Institute of Technology network. + + +|> Architecture + + +The worm was created by Morris simply to see if it could be done, +and was released from the Massachusetts Institute of Technology (MIT) in the +hope of suggesting that its creator studied there, instead of Cornell. Morris +later became a tenured professor at MIT in 2006. The worm's creator Robert +Tappan Morris is the son of cryptographer Robert Morris, who worked at the NSA +at the time. + +The worm exploited several vulnerabilities of targeted systems, including: + + A hole in the debug mode of the Unix sendmail program + + A buffer overflow or overrun hole in the finger network service + + The transitive trust enabled by people setting up network logins with no + password requirements via remote execution (rexec) with Remote Shell (rsh), + termed rexec/rsh + + The worm exploited weak passwords. Morris's exploits became generally + obsolete due to decommissioning rsh (normally disabled on untrusted networks), + fixes to sendmail and finger, widespread network filtering, and improved + awareness of weak passwords. + +Though Morris did not intend for the worm to be actively destructive, instead +seeking to merely highlight the weaknesses present in many networks of the +time, an unintentional consequence of Morris's coding resulted in the worm +being more damaging and spreadable than originally planned. It was initially +programmed to check each computer to determine if the infection was already +present, but Morris believed that some system administrators might counter this +by instructing the computer to report a false positive. Instead, he programmed +the worm to copy itself 14% of the time, regardless of the status of infection +on the computer. This resulted in a computer potentially being infected +multiple times, with each additional infection slowing the machine down to +unusability. This had the same effect as a fork bomb, and crashed the computer +several times. + +The main body of the worm can only infect DEC VAX machines running 4BSD, +alongside Sun-3 systems. A portable C "grappling hook" component of the worm +was used to download the main body parts, and the grappling hook runs on other +systems, loading them down and making them peripheral victims. + + +|> Coding mistake + + +Morris's coding mistake, in instructing the worm to replicate itself regardless +of a computer's reported infection status, transformed the worm from a +potentially harmless intellectual and computing exercise into a viral +denial-of-service attack. Morris's inclusion of the rate of copy within the +worm was inspired by Michael Rabin's mantra of randomization. + +The resulting level of replication proved excessive, with the worm spreading +rapidly, infecting some computers several times. Rabin would eventually comment +that Morris "should have tried it on a simulator first". + +|> Effects + +During the Morris appeal process, the US court of appeals estimated the cost of +removing the virus from each installation was in the range of $200–53,000. +Possibly based on these numbers, Clifford Stoll of Harvard estimated for the US +Government Accountability Office that the total economic impact was between +$100,000 and $10,000,000. Stoll, a systems administrator known for discovering +and subsequently tracking the hacker Markus Hess three years earlier, helped +fight the worm, writing in 1989 that "I surveyed the network, and found that +two thousand computers were infected within fifteen hours. These machines were +dead in the water—useless until disinfected. And removing the virus often took +two days." Stoll commented that the worm showed the danger of monoculture, +because "If all the systems on the ARPANET ran Berkeley Unix, the virus would +have disabled all fifty thousand of them." + +It is usually reported that around 6,000 major UNIX machines were infected by +the Morris worm. However, Morris's colleague Paul Graham claimed, "I was there +when this statistic was cooked up, and this was the recipe: someone guessed +that there were about 60,000 computers attached to the Internet, and that the +worm might have infected ten percent of them." Stoll estimated that "only a +couple thousand" computers were affected, writing that "Rumors have it that +[Morris] worked with a friend or two at Harvard's computing department (Harvard +student Paul Graham sent him mail asking for 'Any news on the brilliant +project')." + +The Internet was partitioned for several days, as regional networks +disconnected from the NSFNet backbone and from each other to prevent +recontamination while cleaning their own networks. + +The Morris worm prompted DARPA to fund the establishment of the CERT/CC at +Carnegie Mellon University, giving experts a central point for coordinating +responses to network emergencies. Gene Spafford also created the Phage mailing +list to coordinate a response to the emergency. + +Morris was tried and convicted of violating United States Code Title 18 (18 +U.S.C. § 1030), the Computer Fraud and Abuse Act, in United States v. Morris. +After appeals, he was sentenced to three years' probation, 400 hours of +community service, and a fine of US$10,050 (equivalent to $20,000 in 2021) plus +the costs of his supervision. The total fine ran to $13,326, which included a +$10,000 fine, $50 special assessment, and $3,276 cost of probation oversight. + +The Morris worm has sometimes been referred to as the "Great Worm", due to the +devastating effect it had on the Internet at that time, both in overall system +downtime and in psychological impact on the perception of security and +reliability of the Internet. The name was derived from the "Great Worms" of +Tolkien: Scatha and Glaurung. (DIR) diff --git a/ansible/roles/finger/files/nouser b/ansible/roles/finger/files/nouser @@ -1,11 +1,17 @@ #!/bin/sh -cat <<EOM +if [ "$3" = "morris" ]; then + cat "/etc/efingerd/morris.txt" +else -You tried to finger non-existent user!!! -Your attempt is logged and sent to Scotland Yard, MI5 and the DLVA.. + cat <<EOF -Expect a visit soon. + You tried to finger non-existent user!!! + Your attempt is logged and sent to Scotland Yard, MI5 and the DLVA.. -Just joking, it went to /dev/null -EOM + Expect a visit soon. + + Just joking, it went to /dev/null +EOF + +fi (DIR) diff --git a/ansible/roles/finger/tasks/main.yml b/ansible/roles/finger/tasks/main.yml @@ -23,6 +23,7 @@ loop: - list - logo.txt + - morris.txt - log - luser - nouser