 |
Adding some more content to fingerd - infra - Terraform IoC for my remote (Hetz… |
 |
Log |
|
Files |
|
Refs |
|
README |
|
--- |
|
commit 703f1573bbc8c32798854bd0e9b8416281d3989e |
|
parent 04942e5e4cd292940891157315627ee4e78a4140 |
 |
Author: Jay Scott <[email protected]> |
|
Date: Tue, 31 Jan 2023 21:08:47 +0000 |
|
|
|
Adding some more content to fingerd |
|
|
|
Diffstat: |
|
M ansible/roles/finger/files/list | 13 ++++++++++++- |
|
M ansible/roles/finger/files/luser | 16 ++++++++++++++-- |
|
A ansible/roles/finger/files/morris.… | 112 +++++++++++++++++++++++++++… |
|
M ansible/roles/finger/files/nouser | 18 ++++++++++++------ |
|
M ansible/roles/finger/tasks/main.yml | 1 + |
|
|
|
5 files changed, 151 insertions(+), 9 deletions(-) |
|
--- |
|
diff --git a/ansible/roles/finger/files/list b/ansible/roles/finger/files/list |
|
@@ -1,4 +1,15 @@ |
|
#!/bin/sh |
|
|
|
cat "/etc/efingerd/logo.txt" |
|
-printf "\nusers:\n\t%s\n" "$(who -uw | cut -d " " -f 1 | sort | uniq)" |
|
+ |
|
+printf "\n\n" |
|
+printf "Welcome to jay.scot!\n" |
|
+printf "Uptime : %s\n\n" "$(uptime)" |
|
+ |
|
+printf "Available Fingers:\n\n" |
|
+printf "\tusername ... get user info\n" |
|
+ |
|
+printf "\n\n" |
|
+printf "Current Users:\n\n" |
|
+printf "\tJay Scott\t\t%s\n" "$(last jay -n1 -R --time-format full | head -n1)" |
|
+printf "\tRobert Morris\t\tmorris\t pts/0\t Wed Nov 2 08:23:03 1988\tstil… |
|
diff --git a/ansible/roles/finger/files/luser b/ansible/roles/finger/files/luser |
|
@@ -7,11 +7,23 @@ elif [ "$3" = "git" ]; then |
|
else |
|
user_folder="/home/${3}" |
|
|
|
- if [ -f "${user_folder}/finger.txt" ]; then |
|
+ if [ -f "${user_folder}/.header" ]; then |
|
+ cat "${user_folder}/.header" |
|
printf "\n" |
|
- cat "${user_folder}/finger.txt" |
|
+ fi |
|
+ |
|
+ if [ -f "${user_folder}/.plan" ]; then |
|
+ printf "Plan:\n" |
|
+ cat "${user_folder}/.plan" |
|
+ printf "\n" |
|
+ fi |
|
+ |
|
+ if [ -f "${user_folder}/.project" ]; then |
|
+ printf "Project:\n" |
|
+ cat "${user_folder}/.project" |
|
printf "\n" |
|
fi |
|
+ |
|
fi |
|
|
|
exit 0 |
|
diff --git a/ansible/roles/finger/files/morris.txt b/ansible/roles/finger/files… |
|
@@ -0,0 +1,112 @@ |
|
+ |
|
+The Morris worm or Internet worm of November 2, 1988, is one of the oldest |
|
+computer worms distributed via the Internet, and the first to gain significant |
|
+mainstream media attention. It resulted in the first felony conviction in the |
|
+US under the 1986 Computer Fraud and Abuse Act. It was written by a graduate |
|
+student at Cornell University, Robert Tappan Morris, and launched on November |
|
+2, 1988, from the Massachusetts Institute of Technology network. |
|
+ |
|
+ |
|
+|> Architecture |
|
+ |
|
+ |
|
+The worm was created by Morris simply to see if it could be done, |
|
+and was released from the Massachusetts Institute of Technology (MIT) in the |
|
+hope of suggesting that its creator studied there, instead of Cornell. Morris |
|
+later became a tenured professor at MIT in 2006. The worm's creator Robert |
|
+Tappan Morris is the son of cryptographer Robert Morris, who worked at the NSA |
|
+at the time. |
|
+ |
|
+The worm exploited several vulnerabilities of targeted systems, including: |
|
+ |
|
+ A hole in the debug mode of the Unix sendmail program |
|
+ |
|
+ A buffer overflow or overrun hole in the finger network service |
|
+ |
|
+ The transitive trust enabled by people setting up network logins with no |
|
+ password requirements via remote execution (rexec) with Remote Shell (rsh), |
|
+ termed rexec/rsh |
|
+ |
|
+ The worm exploited weak passwords. Morris's exploits became generally |
|
+ obsolete due to decommissioning rsh (normally disabled on untrusted networks… |
|
+ fixes to sendmail and finger, widespread network filtering, and improved |
|
+ awareness of weak passwords. |
|
+ |
|
+Though Morris did not intend for the worm to be actively destructive, instead |
|
+seeking to merely highlight the weaknesses present in many networks of the |
|
+time, an unintentional consequence of Morris's coding resulted in the worm |
|
+being more damaging and spreadable than originally planned. It was initially |
|
+programmed to check each computer to determine if the infection was already |
|
+present, but Morris believed that some system administrators might counter this |
|
+by instructing the computer to report a false positive. Instead, he programmed |
|
+the worm to copy itself 14% of the time, regardless of the status of infection |
|
+on the computer. This resulted in a computer potentially being infected |
|
+multiple times, with each additional infection slowing the machine down to |
|
+unusability. This had the same effect as a fork bomb, and crashed the computer |
|
+several times. |
|
+ |
|
+The main body of the worm can only infect DEC VAX machines running 4BSD, |
|
+alongside Sun-3 systems. A portable C "grappling hook" component of the worm |
|
+was used to download the main body parts, and the grappling hook runs on other |
|
+systems, loading them down and making them peripheral victims. |
|
+ |
|
+ |
|
+|> Coding mistake |
|
+ |
|
+ |
|
+Morris's coding mistake, in instructing the worm to replicate itself regardless |
|
+of a computer's reported infection status, transformed the worm from a |
|
+potentially harmless intellectual and computing exercise into a viral |
|
+denial-of-service attack. Morris's inclusion of the rate of copy within the |
|
+worm was inspired by Michael Rabin's mantra of randomization. |
|
+ |
|
+The resulting level of replication proved excessive, with the worm spreading |
|
+rapidly, infecting some computers several times. Rabin would eventually comment |
|
+that Morris "should have tried it on a simulator first". |
|
+ |
|
+|> Effects |
|
+ |
|
+During the Morris appeal process, the US court of appeals estimated the cost of |
|
+removing the virus from each installation was in the range of $200–53,000. |
|
+Possibly based on these numbers, Clifford Stoll of Harvard estimated for the US |
|
+Government Accountability Office that the total economic impact was between |
|
+$100,000 and $10,000,000. Stoll, a systems administrator known for discovering |
|
+and subsequently tracking the hacker Markus Hess three years earlier, helped |
|
+fight the worm, writing in 1989 that "I surveyed the network, and found that |
|
+two thousand computers were infected within fifteen hours. These machines were |
|
+dead in the water—useless until disinfected. And removing the virus often to… |
|
+two days." Stoll commented that the worm showed the danger of monoculture, |
|
+because "If all the systems on the ARPANET ran Berkeley Unix, the virus would |
|
+have disabled all fifty thousand of them." |
|
+ |
|
+It is usually reported that around 6,000 major UNIX machines were infected by |
|
+the Morris worm. However, Morris's colleague Paul Graham claimed, "I was there |
|
+when this statistic was cooked up, and this was the recipe: someone guessed |
|
+that there were about 60,000 computers attached to the Internet, and that the |
|
+worm might have infected ten percent of them." Stoll estimated that "only a |
|
+couple thousand" computers were affected, writing that "Rumors have it that |
|
+[Morris] worked with a friend or two at Harvard's computing department (Harvard |
|
+student Paul Graham sent him mail asking for 'Any news on the brilliant |
|
+project')." |
|
+ |
|
+The Internet was partitioned for several days, as regional networks |
|
+disconnected from the NSFNet backbone and from each other to prevent |
|
+recontamination while cleaning their own networks. |
|
+ |
|
+The Morris worm prompted DARPA to fund the establishment of the CERT/CC at |
|
+Carnegie Mellon University, giving experts a central point for coordinating |
|
+responses to network emergencies. Gene Spafford also created the Phage mailing |
|
+list to coordinate a response to the emergency. |
|
+ |
|
+Morris was tried and convicted of violating United States Code Title 18 (18 |
|
+U.S.C. § 1030), the Computer Fraud and Abuse Act, in United States v. Morris. |
|
+After appeals, he was sentenced to three years' probation, 400 hours of |
|
+community service, and a fine of US$10,050 (equivalent to $20,000 in 2021) plus |
|
+the costs of his supervision. The total fine ran to $13,326, which included a |
|
+$10,000 fine, $50 special assessment, and $3,276 cost of probation oversight. |
|
+ |
|
+The Morris worm has sometimes been referred to as the "Great Worm", due to the |
|
+devastating effect it had on the Internet at that time, both in overall system |
|
+downtime and in psychological impact on the perception of security and |
|
+reliability of the Internet. The name was derived from the "Great Worms" of |
|
+Tolkien: Scatha and Glaurung. |
|
diff --git a/ansible/roles/finger/files/nouser b/ansible/roles/finger/files/nou… |
|
@@ -1,11 +1,17 @@ |
|
#!/bin/sh |
|
|
|
-cat <<EOM |
|
+if [ "$3" = "morris" ]; then |
|
+ cat "/etc/efingerd/morris.txt" |
|
+else |
|
|
|
-You tried to finger non-existent user!!! |
|
-Your attempt is logged and sent to Scotland Yard, MI5 and the DLVA.. |
|
+ cat <<EOF |
|
|
|
-Expect a visit soon. |
|
+ You tried to finger non-existent user!!! |
|
+ Your attempt is logged and sent to Scotland Yard, MI5 and the DLVA.. |
|
|
|
-Just joking, it went to /dev/null |
|
-EOM |
|
+ Expect a visit soon. |
|
+ |
|
+ Just joking, it went to /dev/null |
|
+EOF |
|
+ |
|
+fi |
|
diff --git a/ansible/roles/finger/tasks/main.yml b/ansible/roles/finger/tasks/m… |
|
@@ -23,6 +23,7 @@ |
|
loop: |
|
- list |
|
- logo.txt |
|
+ - morris.txt |
|
- log |
|
- luser |
|
- nouser |
