Adding some more content to fingerd - infrastructure - Unnamed repository; edit this file 'description' to name the repository.
 (DIR) Log
 (DIR) Files
 (DIR) Refs
 (DIR) README
       ---
 (DIR) commit 703f1573bbc8c32798854bd0e9b8416281d3989e
 (DIR) parent 04942e5e4cd292940891157315627ee4e78a4140
 (HTM) Author: Jay Scott <me@jay.scot>
       Date:   Tue, 31 Jan 2023 21:08:47 +0000
       
       Adding some more content to fingerd
       
       Diffstat:
         M ansible/roles/finger/files/list     |      13 ++++++++++++-
         M ansible/roles/finger/files/luser    |      16 ++++++++++++++--
         A ansible/roles/finger/files/morris.… |     112 +++++++++++++++++++++++++++++++
         M ansible/roles/finger/files/nouser   |      18 ++++++++++++------
         M ansible/roles/finger/tasks/main.yml |       1 +
       
       5 files changed, 151 insertions(+), 9 deletions(-)
       ---
 (DIR) diff --git a/ansible/roles/finger/files/list b/ansible/roles/finger/files/list
       @@ -1,4 +1,15 @@
        #!/bin/sh
        
        cat "/etc/efingerd/logo.txt"
       -printf "\nusers:\n\t%s\n" "$(who -uw | cut -d " " -f 1 | sort | uniq)"
       +
       +printf "\n\n"
       +printf "Welcome to jay.scot!\n"
       +printf "Uptime : %s\n\n" "$(uptime)"
       +
       +printf "Available Fingers:\n\n"
       +printf "\tusername ... get user info\n"
       +
       +printf "\n\n"
       +printf "Current Users:\n\n"
       +printf "\tJay Scott\t\t%s\n" "$(last jay -n1 -R --time-format full | head -n1)"
       +printf "\tRobert Morris\t\tmorris\t pts/0\t      Wed Nov 2 08:23:03 1988\tstill logged in"
 (DIR) diff --git a/ansible/roles/finger/files/luser b/ansible/roles/finger/files/luser
       @@ -7,11 +7,23 @@ elif [ "$3" = "git" ]; then
        else
                user_folder="/home/${3}"
        
       -        if [ -f "${user_folder}/finger.txt" ]; then
       +        if [ -f "${user_folder}/.header" ]; then
       +                cat "${user_folder}/.header"
                        printf "\n"
       -                cat "${user_folder}/finger.txt"
       +        fi
       +
       +        if [ -f "${user_folder}/.plan" ]; then
       +                printf "Plan:\n"
       +                cat "${user_folder}/.plan"
       +                printf "\n"
       +        fi
       +
       +        if [ -f "${user_folder}/.project" ]; then
       +                printf "Project:\n"
       +                cat "${user_folder}/.project"
                        printf "\n"
                fi
       +
        fi
        
        exit 0
 (DIR) diff --git a/ansible/roles/finger/files/morris.txt b/ansible/roles/finger/files/morris.txt
       @@ -0,0 +1,112 @@
       +
       +The Morris worm or Internet worm of November 2, 1988, is one of the oldest
       +computer worms distributed via the Internet, and the first to gain significant
       +mainstream media attention. It resulted in the first felony conviction in the
       +US under the 1986 Computer Fraud and Abuse Act. It was written by a graduate
       +student at Cornell University, Robert Tappan Morris, and launched on November
       +2, 1988, from the Massachusetts Institute of Technology network.
       +
       +
       +|> Architecture
       +
       +
       +The worm was created by Morris simply to see if it could be done,
       +and was released from the Massachusetts Institute of Technology (MIT) in the
       +hope of suggesting that its creator studied there, instead of Cornell. Morris
       +later became a tenured professor at MIT in 2006. The worm's creator Robert
       +Tappan Morris is the son of cryptographer Robert Morris, who worked at the NSA
       +at the time.
       +
       +The worm exploited several vulnerabilities of targeted systems, including:
       +
       +  A hole in the debug mode of the Unix sendmail program
       +
       +  A buffer overflow or overrun hole in the finger network service
       +
       +  The transitive trust enabled by people setting up network logins with no
       +  password requirements via remote execution (rexec) with Remote Shell (rsh),
       +  termed rexec/rsh
       +
       +  The worm exploited weak passwords. Morris's exploits became generally
       +  obsolete due to decommissioning rsh (normally disabled on untrusted networks),
       +  fixes to sendmail and finger, widespread network filtering, and improved
       +  awareness of weak passwords.
       +
       +Though Morris did not intend for the worm to be actively destructive, instead
       +seeking to merely highlight the weaknesses present in many networks of the
       +time, an unintentional consequence of Morris's coding resulted in the worm
       +being more damaging and spreadable than originally planned. It was initially
       +programmed to check each computer to determine if the infection was already
       +present, but Morris believed that some system administrators might counter this
       +by instructing the computer to report a false positive. Instead, he programmed
       +the worm to copy itself 14% of the time, regardless of the status of infection
       +on the computer. This resulted in a computer potentially being infected
       +multiple times, with each additional infection slowing the machine down to
       +unusability. This had the same effect as a fork bomb, and crashed the computer
       +several times.
       +
       +The main body of the worm can only infect DEC VAX machines running 4BSD,
       +alongside Sun-3 systems. A portable C "grappling hook" component of the worm
       +was used to download the main body parts, and the grappling hook runs on other
       +systems, loading them down and making them peripheral victims.
       +
       +
       +|> Coding mistake
       +
       +
       +Morris's coding mistake, in instructing the worm to replicate itself regardless
       +of a computer's reported infection status, transformed the worm from a
       +potentially harmless intellectual and computing exercise into a viral
       +denial-of-service attack. Morris's inclusion of the rate of copy within the
       +worm was inspired by Michael Rabin's mantra of randomization.
       +
       +The resulting level of replication proved excessive, with the worm spreading
       +rapidly, infecting some computers several times. Rabin would eventually comment
       +that Morris "should have tried it on a simulator first".
       +
       +|> Effects
       +
       +During the Morris appeal process, the US court of appeals estimated the cost of
       +removing the virus from each installation was in the range of $200–53,000.
       +Possibly based on these numbers, Clifford Stoll of Harvard estimated for the US
       +Government Accountability Office that the total economic impact was between
       +$100,000 and $10,000,000. Stoll, a systems administrator known for discovering
       +and subsequently tracking the hacker Markus Hess three years earlier, helped
       +fight the worm, writing in 1989 that "I surveyed the network, and found that
       +two thousand computers were infected within fifteen hours. These machines were
       +dead in the water—useless until disinfected. And removing the virus often took
       +two days." Stoll commented that the worm showed the danger of monoculture,
       +because "If all the systems on the ARPANET ran Berkeley Unix, the virus would
       +have disabled all fifty thousand of them."
       +
       +It is usually reported that around 6,000 major UNIX machines were infected by
       +the Morris worm. However, Morris's colleague Paul Graham claimed, "I was there
       +when this statistic was cooked up, and this was the recipe: someone guessed
       +that there were about 60,000 computers attached to the Internet, and that the
       +worm might have infected ten percent of them." Stoll estimated that "only a
       +couple thousand" computers were affected, writing that "Rumors have it that
       +[Morris] worked with a friend or two at Harvard's computing department (Harvard
       +student Paul Graham sent him mail asking for 'Any news on the brilliant
       +project')."
       +
       +The Internet was partitioned for several days, as regional networks
       +disconnected from the NSFNet backbone and from each other to prevent
       +recontamination while cleaning their own networks.
       +
       +The Morris worm prompted DARPA to fund the establishment of the CERT/CC at
       +Carnegie Mellon University, giving experts a central point for coordinating
       +responses to network emergencies. Gene Spafford also created the Phage mailing
       +list to coordinate a response to the emergency.
       +
       +Morris was tried and convicted of violating United States Code Title 18 (18
       +U.S.C. § 1030), the Computer Fraud and Abuse Act, in United States v. Morris.
       +After appeals, he was sentenced to three years' probation, 400 hours of
       +community service, and a fine of US$10,050 (equivalent to $20,000 in 2021) plus
       +the costs of his supervision. The total fine ran to $13,326, which included a
       +$10,000 fine, $50 special assessment, and $3,276 cost of probation oversight.
       +
       +The Morris worm has sometimes been referred to as the "Great Worm", due to the
       +devastating effect it had on the Internet at that time, both in overall system
       +downtime and in psychological impact on the perception of security and
       +reliability of the Internet. The name was derived from the "Great Worms" of
       +Tolkien: Scatha and Glaurung.
 (DIR) diff --git a/ansible/roles/finger/files/nouser b/ansible/roles/finger/files/nouser
       @@ -1,11 +1,17 @@
        #!/bin/sh
        
       -cat <<EOM
       +if [ "$3" = "morris" ]; then
       +        cat "/etc/efingerd/morris.txt"
       +else
        
       -You tried to finger non-existent user!!!
       -Your attempt is logged and sent to Scotland Yard, MI5 and the DLVA..
       +        cat <<EOF
        
       -Expect a visit soon.
       +        You tried to finger non-existent user!!!
       +        Your attempt is logged and sent to Scotland Yard, MI5 and the DLVA..
        
       -Just joking, it went to /dev/null
       -EOM
       +        Expect a visit soon.
       +
       +        Just joking, it went to /dev/null
       +EOF
       +
       +fi
 (DIR) diff --git a/ansible/roles/finger/tasks/main.yml b/ansible/roles/finger/tasks/main.yml
       @@ -23,6 +23,7 @@
          loop:
            - list
            - logo.txt
       +    - morris.txt
            - log
            - luser
            - nouser