CFINGERD
Recommended setups
After running cfingerd for quite a while, I have found that if you make
the cfingerd setup the most secure, you will have the least problems.
CFINGERD currently stops all files from being symbolic links, char
devices, block devices, etc. Basically, each file has to be a normal
file in order to be read by cfingerd. With that in mind, you should keep
all files (whether or not they are read by root) as normal files. This
will stop any problems in the future you may have.
ROOT SHOULD ALWAYS HAVE A .nofinger FILE IN HIS/HER DIRECTORY! This is
only natural, since most System Admins don't like to be fingered.
IT IS HIGHLY RECOMMENDED that you install identd on your system. The
installation process of identd is very painless and only takes minutes to
accomplish. It's a great security program, and works very well. Install it.
Besides, if you don't, RFC1413 compliance won't be present on your system
if someone from localhost fingers your system.
If you have multiple systems that you are running for ISP systems, it is
recommended that you install cfingerd on all those systems, and put the
resulting systems in the "system_list_sites" section of cfingerd.conf.
This will make it so that you have a sorted output of systems when a user
fingers your system. Don't use strange programs when getting a userlist
output - it will only make the final output look strange.