Emulating a z/OS Mainframe with Hercules

Note: I started writing this article back in 2015 and hit a few roadblocks that I’ve been able to finally reconcile in the last few months. There are a lot of similar guides out there (which I will reference in my sources), but I found them to be too ambiguous to be completely helpful. While I’ve learned a lot from writing this and troubleshooting the issues from existing¬†guides, I am still far from a mainframe expert. There may be errors here, or things I could have accomplished in a better, more “proper” way. That said, I ultimately have a usable z/OS system up and running, and I hope I can help you have the same ūüôā

Introduction

I recently became aware of the fact that mainframes are still alive and well in the corporate world. But why? Why not just use supercomputers? Mainframes aim to perform a high number of instructions¬†per second, usually measured in the millions. If you hear someone talking about millions of instructions per second (MIPS), they’re probably measuring mainframe throughput. Supercomuters on the other hand aim to have a high number of floating-point operations per second (FLOPS). The difference is that mainframes usually deal with information processing in a short window while supercomuters usually deal with simulations requiring a lot of floating-point arithmetic. A supercomputer might be more suited to weather calculations on Jupiter, but a mainframe is still a better candidate for processing a lot of transactions like you might find in banking or airline booking systems.

Okay, but why not use some sort of content distribution network or cloud computing? For years, mainframes have been touted as the go-to for mission critical processing, with minimal downtime. While cloud computing is catching up in this regard, it can be argued that mainframes are still unrivaled when considering their efficiency and maintainability. One mainframe may be able to process a chunk of data more efficiently than thousands of linked machines in remote locations. Now, consider maintenance. Would you rather update one machine or thousands? And scalability? Many cloud providers supply controls to ramp up power when needed (such as during the holidays) or dial it back during more sleepy periods. Mainframes offer the same sort of control, and can easily scale up or down as needed without someone (or piece of software) needing to roll out or switch off a few hundred more servers.

Mainframes are an interesting piece of technology that still have a purpose, but they rarely discussed these days with the influx of new technologies in processing. It’s easy to try these services out, even for an amateur, but getting your hands on a mainframe is incredibly difficult in comparison. Even if you happened to be employed at a company still utilizing one, you would need training and shadowing sessions before even having the chance to touch a keyboard on a production machine.

Of course, there are ways to explore these systems without needing a physical unit, and that is what I’m going to get into momentarily. It is now possible to get your own taste of Big Iron right from your personal computer.

Requirements

Before we get into installing Hercules, an IBM mainframe emulator, you are going to need to find an image of z/OS. z/OS is the operating system of choice for modern IBM mainframes, but it is a little hard to get your hands on unless you actually have a full-scale system set up somewhere already. There are images of z/OS floating around the Internet that can be found, specifically version 1.10. I will not be sharing where these files can be found, and if you do find them, make sure you adhere to the software license while running z/OS.

Now, we also need a host system to support the Hercules emulator. While Hercules will run in Linux, Windows, and OSX, this guide will use a machine running Linux, specifically Debina 9 (Stretch). I will assume that you already have a system running Debian (or similar) and a non-root, sudo user with access to the z/OS files.

After all of this is set up, we can begin installation!

Configuring Hercules and c3270

First, we need to install some basic utilities and applications. But, one of them (c3270) is not available right away as it is classified as “non-free” software under Debian. You can still install packages like this, you just need to configure your system to do so. We need to edit the sources.list file to allow non-free packages.

Simply add non-free to the end of the stretch and stretch-updates sources by editing /etc/apt/sources.list with your favorite text editor:

$ sudo nano /etc/apt/sources.list

After editing, it should look like this:

$ cat /etc/apt/sources.list

deb http://ftp.us.debian.org/debian/ stretch main non-free
deb-src http://ftp.us.debian.org/debian/ stretch main non-free

deb http://security.debian.org/debian-security stretch/updates main
deb-src http://security.debian.org/debian-security stretch/updates main

# stretch-updates, previously known as 'volatile'
deb http://ftp.us.debian.org/debian/ stretch-updates main non-free
deb-src http://ftp.us.debian.org/debian/ stretch-updates main non-free

Now we are ready to install the packages we need. All of them can be installed by running the following command:

$ sudo apt-get install -y c3270 hercules

As this starts executing, go and put on a pot of coffee. As soon as you turn the machine on and walk back to your computer, this command will probably be through.

The above has installed hercules, our IBM system emulator as well as c3270, a IBM 3270-compatible terminal emulator that we will use to interface with our system.

Now, I’m going to assume you have the z/OS files somewhere on your Linux machine, possibly in a directory path like IBM\ ZOS\ 1.10/Z110SA/images/Z110\ -\ Copy. I will assume that the root IBM folder is in your home directory. We will reorder things by creating a directory MAINFRAME within the home directory to house the z/OS installation:

$ cd ~
$ mv IBM\ ZOS\ 1.10/Z110SA/images/Z110\ -\ Copy ~/MAINFRAME
$ cd ~/MAINFRAME
$ mkdir PRTR

We will now have the following heirarchy:

$ ls ~/MAINFRAME
CONF DASD PRTR

At this point, we need to edit the config file that Hercules reads to boot our mainframe. You can open up the config file in your favorite text editor and follow along with the lines we will modify:

$ nano ~/MAINFRAME/CONF/ADCD_LINUX.CONF

First, we need to edit lines 38/39/40 of the config to map to your PRTR, CONF, and DASD directories in your ~/MAINFRAME directory. We will be using full directory paths, so use your username in place of mine, famicoman.

#********************************************************************
# SYMBOLS DEFINITION *
#********************************************************************

DEFSYM DASD "/home/famicoman/MAINFRAME/DASD"
DEFSYM PROD "/home/famicoman/MAINFRAME/PROD"
DEFSYM PRTR "/home/famicoman/MAINFRAME/PRTR"

Now, we edit networking information on line 115. We will need two unused IP addresses on our local network. We can get our machine’s current IP address using the ip command.

$ ip address show eno1
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fc:3f:db:09:60:59 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.248/24 brd 192.168.1.255 scope global dynamic eno1
valid_lft 81093sec preferred_lft 81093sec
inet6 fe80::fe3f:dbff:fe09:6059/64 scope link
valid_lft forever preferred_lft forever

Our Debian machine is located at 192.168.1.248. We can pick two additional addresses in the 192.168.1.1 Р192.168.1.254 range. 192.168.1.20 and 192.168.1.21 are currently unused so these will be chosen. 192.168.1.20 will be something of a virtual gateway for the mainframe (think of this sort of like an address for Hercules itself, which we will use as our entry point) while 192.168.1.21 will be an address for the z/OS machine. Keep in mind that 192.168.1.20 will be exposed to your network independently of your host machine, creating a logically separate machine. This means you can access it with its own address, and create separate firewall rules, port forwarding, etc. as though it was physical machine on your LAN.

We will replace the content at line 115 in the config with the following to create a virtual adapter to handle networking with our chosen addresses:

#********************************************************************
# CTCI COMMUNICATION DEVICES *
#********************************************************************
0E20.2 3088 CTCI /dev/net/tun 1500 192.168.1.20 192.168.1.21 255.255.255.255

Lastly, we edit line 31. This line changes the default port for Hercules console connections (made by c3270) from 23 to something of your choosing. I will be using port 2323 as I may be using port 23 otherwise, and it is not a privileged port.

CNSLPORT 2323

Now we can launch Hercules! (Do you smell your coffee percolating yet?)

I prefer to use screen sessions to keep thing organized (If you don’t have screen, install it with sudo apt-get install screen or just use tmux). This is also handy with using a virtual or remote host machine as you can keep the sessions going when not connected to the host. The below will place you in a new screen session where we will launch Hercules:

$ screen -S hercules

And now for the launch, specifying the config we edited earlier:

$ sudo hercules -f ~/MAINFRAME/CONF/ADCD_LINUX.CONF

Hercules will begin to load (and give you a lot of logs). Then you will be presented with the Hercules console.

The Hercules console after launching. Note our tun0 device opening and our custom console port specified.

Now, we want to create a 3270 terminal session with Hercules. So, hold <CTRL> + A + D to detach your screen session, returning you to your original console window on the Debian host. Next, create a new screen session for our 3270 connection:

$ screen -S c3270

Now in our new screen session, we will launch c3270 to connect into Hercules, emulating a 3270 connection to actual hardware:

c3270 localhost 2323

You should be presented with a Hercules splash screen:

The Hercules splash screen.

Detach from your c3270 screen session and reattach to the hercules session. It might be a good idea to open a new terminal window on the host machine to keep multiple screen sessions open at once. I suggest two terminal windows, one with hercules and one with c3270. To reattach your hercules screen session, use the below command after detaching:

$ screen -r hercules

Now that you are presented with the Hercules console again, you should see your connection from the 3270 session in the logs.

HHCTE009I Client 127.0.0.1 connected to 3270 device 0:0700

Booting z/OS

Now we can boot z/OS for the first time! In the Hercules console, type the following and hit <RETURN>:

ipl a80

z/OS will now boot. Your coffee should be done by now, so go grab a cup. I’ll wait.

Depending on the specs of the host machine, this could take a long, long time. The first boot took around 90 minutes for me, and could take even longer. At this point, you will get a lot of logging info in both the c3270 session and the hercules session. A lot of this looks like it could be reporting that something has gone horribly wrong, but don’t worry, it is likely okay. This is probably a good time to go for a walk outside with your coffee. Maybe take a good book and settle under a tree for a bit.

A Potential Boot Issue

I did run into the following message on my c3270 session at some point while attempting boot:

IXC208I THE RESPONSE TO MESSAGE IXC420D IS INCORRECT: IS NOT A VALID
ACTION
IXC420D REPLY I TO INITIALIZE SYSPLEX ADCDPL, OR R TO REINITIALIZE
XCF.
REPLYING I WILL IMPACT OTHER ACTIVE SYSTEMS.

If this happens to you, you can safely type the following in the c3270 session and hit <RETURN>:

R 00,I

This will allow z/OS to continue booting.

This message in the 3270 console halted boot-up. Entering the provided command can resume system startup.

If you are unsure whether or not z/OS is fully booted (It can be hard to tell), the easiest thing to do is open another c3270 connection to localhost (maybe create a new screen¬†session via screen -S terminal). If you get the Hercules splash screen again you can safely close the session (<CTRL> + ], then type “exit”), wait a little longer, and try connecting again. Eventually, your second terminal session should connect and get to the log-on screen for your z/OS installation.

Welcome to the DUZA system!

To log in, we enter”TSO” at the prompt. When prompted for a username, enter “IBMUSER”.

Login starts by asking for a USERID.

Then, enter “SYS1” as the password.

The password gets blanked out as you type it.

From here, press <RETURN>, then the ISPF menu will launch.

You will get some brief messages after logging in. Press the <RETURN> key to go to the ISPF menu.

 

The ISPF menu serves as a gateway to a lot of system functionality.

Now in the ISPF menu, type “3.4” to load the Data Set List Utility.

Replace “IBMUSER” in the “Dsname Level” field with “DUZA” and press <RETURN>.

We will use the Data Set List Utility to locate our network settings.

Scroll down using the <F8> key in the Data Sets list and locate the one called DUZA.TCPPARAMS. With your cursor, click on the ‘D’ in “DUZA.TCPARAMS” and use the left-arrow key to navigate three spaces to the left. Type the letter ‘E’ and hit <RETURN> to see items in this data set.

We need to edit the TCPPARAMS for the DUZA system.

On the next screen, use your cursor to click on the first position on the line to the left of the word “PROFILE”. Type the letter ‘E’ and hit <RETURN> to edit this item.

Finally, we can edit the Profile.

Use <F8> to page down to line 90:

000090 DEVICE LCS1 LCS E20
000091 LINK ETH1 ETHERNET 0 LCS1
000092
000093 HOME
000094 10.0.1.20 ETH1
000095
000096 GATEWAY
000097 10.0.1.100 = ETH1 1500 HOST
000098
000099 DEFAULTNET 10.0.1.100 ETH1 1500 0
...
000109 START LCS1

Modify the lines so they look like the following with out IP addresses outlined earlier (and don’t forget line 109!):

000090 DEVICE CTCA1 CTC e20
000091 LINK CTC1 CTC 1 CTCA1
000092
000093 HOME
000094 192.168.0.210 CTC1
000095
000096 GATEWAY
000097 192.168.0.1 = CTC1 1492 HOST
000098
000099 DEFAULTNET 192.168.0.5 CTC1 1492
...
000109 START CTCA1

To save the updated config, place your cursor to the first underline character to the right of “Command ===>” and type “SAVE” followed by the <RETURN> key. Next, type “END” at the same location, again pressing the <RETURN> key.

Here is what the updated settings look like via the 3270 terminal:

Our updated networking is ready to save. Note the IP addresses we specified earlier when configuring Hercules.

Next, we need to recycle the TCPIP service on the system. Go back to your first c3270 console session (detaching your terminal¬†session) and type¬†“STOP TCPIP” followed by the <RETURN> key in the console.

STOP TCPIP.

Wait a minute or two and then type “START TCPIP” followed by the <RETURN> key. After both commands, you should see a lot of console output regarding the TCPIP service. After starting the service back up, wait a few minutes before proceeding to make sure everything has come back up.

After running START TCPIP.

After restarting the TCP service, we need to detach the session and do a few more things on our host machine.

Back on the Debian host machine we need to enable IPv4 forwarding and proxy arp with the following two commands to get networking sorted out:

$ sudo sh -c "echo '1' > /proc/sys/net/ipv4/conf/all/proxy_arp"
$ sudo sh -c "echo '1' > /proc/sys/net/ipv4/conf/all/forwarding"

Testing Networking

We can now test whether we can remote into our z/OS machine, and if we can get out from the inside. From the console on the host Debian machine, telnet to our mainframe using port 1023:

$ telnet 192.168.1.20 1023

Login with the credentials we used earlier (IBMUSER/SYS1) and try out a traceroute command:

Trying 192.168.1.20...
Connected to 192.168.1.20.
Escape character is '^]'.
EZYTE27I login: IBMUSER
EZYTE28I IBMUSER Password:
IBM
Licensed Material - Property of IBM
5694-A01 Copyright IBM Corp. 1993, 2008
(C) Copyright Mortice Kern Systems, Inc., 1985, 1996.
(C) Copyright Software Development Group, University of Waterloo, 1989.

All Rights Reserved.

U.S. Government Users Restricted Rights -
Use,duplication or disclosure restricted by
GSA ADP Schedule Contract with IBM Corp.

IBM is a registered trademark of the IBM Corp.

IBMUSER:/u/ibmuser: >traceroute 8.8.8.8
CS V1R10: Traceroute to 8.8.8.8 (8.8.8.8)
Enter ESC character plus C or c to interrupt
1 192.168.1.21 (192.168.1.21)  1 ms  1 ms  1 ms
2 192.168.1.1 (192.168.1.1)  70 ms  4 ms  3 ms
3 71.185.57.1 (71.185.57.1)  5 ms  6 ms  4 ms
4 100.41.14.204 (100.41.14.204)  10 ms 100.41.14.206 (100.41.14.206)  8 ms 100.41.14.204 (100.41.14.204)  10 ms
5 * * *
6 * * *
7 140.222.0.187 (140.222.0.187)  10 ms 140.222.2.201 (140.222.2.201)  9 ms 140.222.0.187 (140.222.0.187)  6 ms
8 204.148.79.46 (204.148.79.46)  16 ms  11 ms  11 ms
9 108.170.246.33 (108.170.246.33)  12 ms 108.170.246.1 (108.170.246.1)  12 ms 108.170.240.97 (108.170.240.97)  10 ms
10 108.170.226.95 (108.170.226.95)  10 ms 209.85.254.75 (209.85.254.75)  15 ms 216.239.41.203 (216.239.41.203)  12 ms
11 8.8.8.8 (8.8.8.8)  11 ms  19 ms  10 ms

You can additionally try out some more Unix commands:

IBMUSER:/u/ibmuser: >uptime
07:55PM  up 6 day(s), 03:54,  1 users,  load average: 0.00, 0.00, 0.00
IBMUSER:/u/ibmuser: >uname -a
OS/390 DUZA 20.00 03 7060
IBMUSER:/u/ibmuser: >whoami
OMVSKERN
IBMUSER:/u/ibmuser: >ls
CEEDUMP.20050812.162501.65568  ptest.c                        setup1
SimpleCopy.class               ptest.o                        setup2
SimpleCopy.java                ptestc                         setup3
hfsin                          ptestc.trc.16842781            zfs
hfsout                         setup

Back in your second 3270 connection (which like me you may have named terminal), you can keep entering”EXIT” in the “Command ===>” field until you return back to the ISPF menu we saw earlier.

There are many options from the ISPF menu. Take some time to explore them when you get a chance!

From here, you can enter “6” in the “Option ===>” field to get to the Command menu. From here, you can try out other various commands like ping¬†or netstat by¬†entering them into the “===>” field.

Here is the output of netstat. Notice how previously used commands are cached for you.

Shutting it Down

You always want to make sure to shut down your mainframe in the proper way. Otherwise, you may end up with corrupted data or an unbootable system!

From your first c3270 session, enter in¬†“S SHUTSYS”.

S SHUTSYS

Then after a little while enter in “Z EOD”.

Z EOD

Starting the shutdown process.

After a few minutes the machine will halt. Then, switch over to your Hercules console and enter in “exit” to close out Hercules.

exit

Rebooting the mainframe follows the same start-up process from initial boot, so you can easily come back to things.

Conclusion

That’s it, you now have a functioning mainframe! Albeit, it will be much slower than a real mainframe on real hardware (emulation on my machine usually only clocks between 5-12 MIPS).

Toggle back and forth between the console and graphical view in Hercules with the <ESC> key.

Feel free to explore the system, and start learning how to use z/OS and customize your installation!

Sources

 

Running & Using A Finger Daemon

The finger application was written in the 1970s to allow users on a network to retrieve information about other users. Back before Twitter and other micro-blogging platforms, someone could use the finger command to retrieve public contact information, project notes, GPG keys, status reporting, etc. from a user on a local or remote machine.

Finger has mostly faded into obscurity due to many organizations viewing the availability of public contact information as a potential security hole. With great ease, attackers could learn a target’s full name, phone number, department, title, etc. Still, many embraced the reach that finger could provide. Notably, John Carmack of id Software maintained detailed notes outlining his work in game development.

These days, finger is usually found only on legacy systems or for novelty purposes due to much of its functionality being replaced with the more-usable HTTP.
 
Installing finger & fingerd

This guide assumes we are running a Debian-based operating system with a non-root, sudo user. To allow finger requests from other machines, make sure the server has port 79 open and available.

The first thing we will need to do is install the finger client, finger daemon, and inet daemon:

sudo apt-get install finger fingerd inetutils-inetd

The inet daemon is necessary to provide network access to the finger daemon. inetd will listen for requests from clients on port 79 (designated for finger) and spawn a process to run the finger daemon as needed. The finger daemon itself cannot listen for these connections and must instead rely on inetd to act as the translator between the sockets and standard input/output.

To ensure that we have IPv6 compatibility (as well as maintain IPv4 compatibility), we will edit the inetd.conf configuration file:

sudo nano /etc/inetd.conf

Find the section that is labeled INFO, and comment out the line under it defining the finger service:

#finger    stream    tcp    nowait        nobody    /usr/sbin/tcpd    /usr/sbin/in.fingerd

Now below it we will add two lines that define the service for IPv4 and IPv6 explicitly:

finger    stream    tcp4    nowait        nobody    /usr/sbin/tcpd    /usr/sbin/in.fingerd
finger    stream    tcp6    nowait        nobody    /usr/sbin/tcpd    /usr/sbin/in.fingerd

Then we will restart inetd to run the changes:

sudo /etc/init.d/inetutils-inetd restart

Now we can use the finger command against our machine:

finger @locahost

 
User Configuration

Each user will have some user information displayed such as real name, login, home directory, shell, home phone, office phone, and office room. Many of these fields are probably not set for the current user account, but many of these can easily be updated with new information.

The chfn utility is built specifically to change information that is retrieved by the finger commands. We can run it interactively by invoking it:

chfn

If we run through this once, we may not be able to edit our full name or wipe out the contents of certain fields. Thankfully, chfn takes several flags to modify these fields individually (and with empty strings accepted!):

$ chfn -f "full name"
$ chfn -o "office room number"
$ chfn -p "office phone number"
$ chfn -h "home phone number"

Now that our information is set, we can start creating files that will be served by finger.

The first file will be the .plan file. This is typically used to store updates on projects, but can be used for pretty much anything such as schedules, favorite quotes, or additional contact information.

nano ~/.plan

Next, we can create a .project file. This file is traditionally used to describe a current project, but can house any content provided it displays on a single line.

nano ~/.project

Next, if we have a GPG key, it can also be included via the .gnupg file.

gpg --armor --output ~/.gnupg --export "my name"

Depending on our machine’s configuration, we can also set up mail forwarding which will be shown when our user account is queried via a .forward file.

echo my@other.email.com > ~/.forward

Now that all the files are created, we need to change the permissions on them to allow them to properly be read by finger. This command will allow others to read and execute our new files:

chmod o+rx ~/.plan ~/.project ~/.gnupg ~/.forward

Afterwards, anyone with finger should be able to query the account provided the host is reachable and the port is exposed:

$ finger famicoman@peer0
Login: famicoman                        Name: mike dank
Directory: /home/famicoman              Shell: /bin/bash
Office: #phillymesh, famicoman@gmail    Home Phone: @famicoman
On since Wed Mar  1 18:28 (UTC) on pts/0 from ijk.xyz
   5 seconds idle
No mail.
PGP key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFhQteQBEADOQdY/JyNsRBcqNlHJ3L7XeMWWqG+vlGYjF5sOsKkWDrgRrAhE
gJthGdPSYLIn5/kRst5PkDGjZHFq1k4VAaUlMslCbLgj0xMzUWmhGRKtFjrnQzFi
UVaW/GcW682b5wKkEbSpwRrLHJ19cwYiQHRA6dahiCkWkdh7MluHKTwU1kaUrs3E
3satrSAlOJHH2bg5mDuQPTov/q6hot2pfq8jseQuwVflssqOt4tx3o0tcwbKJwQs
8qU3cVkfg+gzzogM5iMmKAjhFt9Ta7E2kp+iR8gOkH7CK2tu+WIpdpSYuIOe2nEa
AdYSGJRmIZxqwGPwZu893OiYTiLF2dGEWj4cSmZFJ9BYxw9b7dMePDs3l9T1DyJN
FF6JyqtiTpSOfw4+9oNL/+8kmRFMtQBGDH5Dqn4Bg+EYUUGWh3BQb1UGRGNRbls1
SYw4unPsMAaGd0tqafyEOE7kHcQwGMWyI4eFi0bkBRTCvjyqTqTImdr4+xRKn4rW
vS+O+gSSWnrKW67TF0vFuPKV4w4sdPhldcYZjiPNI1m6nmnih4756LW+W5fCKMyN
RN4yPmaF6awEM3fPf3BWhxDmsBvYLqLlE9b6DQ6DmIsC6x5S/jBFr/W0cgZKuMBR
wIHGIpCTgkVsvjTxTeDnZQzEuaZFOpHrYBYG0+JccE5ZZ2/aEupB1tLWzwARAQAB
tCtNaWtlIERhbmsgKEZhbWljb21hbikgPGZhbWljb21hbkBnbWFpbC5jb20+iQI+
BBMBAgAoBQJYULXkAhsDBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
CRAWGa5NfPKo9xBPEADGK7ol4nU1cDpYc6XPYb4w4s8G/9Ht3UGZvy4ClB7TvntR
HuixWISQyElK4pDntrpXfLmDgqNQqUtjev6w0uEEc7MQW0WBYPlJ9rmVuDJtPjOP
hr9wUnwrd6KypHGw1Y6qukf/w8gCDZyZ8BVOm3r6XT6VlpuVVBP16ax6Mh7sTf4i
/D8D1JH89zApfplqiiA+OAvunbm19jrczby5ILhevbwfpP+ob7FqevCQi/ppGncg
s2LZceIYPh09OzakBiZkIwzMsuWHYxrenUmg8kuVaVyaGXdCc+KZr7c4oGioLxOL
8p8PunjL+i/uGtvZ3tQEvHjB9r1Ghu1t5MUQC4xTvgLnvLOQA0gmknwRQ6nSWrQf
yDJPnaJcBKlfnCR7eKtotsTobUCWDMC9sEvLjLYMgxtEbu46/J57oDQ1LniejI9X
rTUN8cnRLpOQUy0eTBTtUWYqdqO9fAjvMIsnWR4IcMlTJazghygQ+zENvGlEfey2
NL4nC2Yus3EAeCEJC52vccSsf3b7HT/4GemNOVjh72kZ1FM6HL+UNaU7JLppNQk6
mFKC3/wIKxKBjm/vR21Efl+f2iwUAiLjrugaY6g4BXPX3p6iCHftEW7gA6s4UC0A
1HYScq9Duxv+AQpe/mfVA2SBrD3OLTknW2Z5EZSTHqyzRQtHviXTRkdtQscF7rkC
DQRYULXkARAAugwI5dpLpIYI4KZcHsEwyYqUL35ByGCuqklYGOSMkkX0/WFH2ugv
Vs8fqgrn/koXjKBPpxdElfTAGbD2MSTvAUzwMgvMaLZUxY2Qh1RipkNXvSAO+W6W
nJKyBvasboK8l61yta/RrPvUr+equxtBawD3ja9DPzfTYuVCewR6ztcdvqAho5D1
Ds5HxO6aLPsMW8Fj8kf+Ae5eypuNBAN0ivpkDfQyaungh2EjrVpJzWJ8ZqYah/cK
1R55rPhq/JtjcO8g2nnsi+L5EuMma9+50lVPHlHjO9Y0xaQMq2/rLJcDu8UbymX7
LSoxzixiLYtig3GAB+1XkIqMwaEkFF1zTlAZ7drAfhH1AJ0L7SQBur5J1EM3iRYO
XmelyxJPwKgL4K6U4NnnrVpf71GyBktXyuEiOWDFjINs2OzwL4z/l1oWuJuFW/vO
C/yM5Ed7yzLXm0exAnW8Y0u1hwbhRy31zIYbLeB+PuiAqrnvSr1xhAWalBM3dqF+
VIsuKlcoFOmX74/OCEFQ/cqrrkhQ/PrkZqQZCyjyUhkuIqasMZGhLakAIO226E1r
IsUX0jMliJ/A89ZyDmoZyyvRjyydCkOS5HXahFLCufPC8FgcAL6VcpVF2sHBmWcj
vOlfr7OXHzKvKVNy8qymzyfRCPHoYQvxW9UAhru/iIqKOTIDo3OwJ9EAEQEAAYkC
JQQYAQIADwUCWFC15AIbDAUJCWYBgAAKCRAWGa5NfPKo91+XD/0a+gcsXpKo2gy+
oQC/osyJhesx2CGzZqmSB3fpyq9D+jnsCzt/Bh/EtR+2sUWxokIVc5dLzyr0icNl
c0iJBO6It662Q9FnNemiGgv2PLYbjjDC/CP82QWoWrSzPpDKu0DgrF6+MPQgRleT
Z8g0+nLHYMgCTAPfwaaYHLvLLaOt0Ju7L2kt9TSKn2aU2NJReVC5mm3Jxg6Bz3Ae
iQ6iigKI7R/huVDVzBuJQNiToRQswbb/PidYdwyiI3GJC6m+q8HEWAl+cGahqUVg
IIDlmj6SeIsP0r+SGygX0PRWyW/NmQPWamG5e4TDL0pZpu1CzGqfN/A2KLXVO6ss
X2l2HWadBQgd0goFNX7PK210I5B8SfiJM5+cLgChcT9g3mKil8XUkKTSE+c0Q9e5
1AkUrUS69KZeqqtJOB350YP9ZGY7TbOXjXp0Y0/fo3/X+0sZzmP8jIyozLAecM0e
fPrIeA2mego6nWaSRp5FH8KlvHpUvFcKNV+SVSbrbzmSVSpgKmQRp2kd+tyDOPrt
2tXIoWMYdVtlluSYqR2lPv7WFyxCPX8DmxK6fYeVoqBf+7g4GZPdcSviDBlJEJfc
HAZZKsSZzgMugwqLidQ+W53eIDyIOVw0tvcHDJ1S5mpWqvROf7gfNXXFvLjECACN
wnqdjeFGPLlP5Q6tVPvp8j7prVlvZQ==
=xm3N
-----END PGP PUBLIC KEY BLOCK-----
Project:
Philly Mesh - http://mesh.philly2600.net - #phillymesh:tomesh.net
Plan:
%=============================================%
==2017-01-26===================================
%=============================================%
+ Installed fingerd

* Configuring SILC network
* Documentation for fingerd and silcd

By default, finger can display login and contact information for all accounts on a machine. Luckily, accounts can be individually configured so that finger will ignore their existence if there is a .nofinger file in their home directories:

sudo touch /home/someotheraccount/.nofinger && chmod o+rx /home/someotheraccount/.nofinger

 
Conclusion

You should now have finger and fingerd installed and configured on your server for each user to make use of. Keep in mind that the information you enter here will be public (provided the server is) and people around the world may be able to gleam you contact information or even last login time via the finger command.
 
Sources