netpass-devel Mailing List for NetPass (Page 13)
Brought to you by:
jeffmurphy
Menu
▾
▴
netpass-devel — Developer Discussion
You can subscribe to this list here.
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
(39) |
May
(103) |
Jun
(89) |
Jul
(22) |
Aug
(100) |
Sep
(21) |
Oct
(5) |
Nov
|
Dec
(7) |
| 2006 |
Jan
(25) |
Feb
(8) |
Mar
(12) |
Apr
(2) |
May
|
Jun
(1) |
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(4) |
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(3) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
|
From: Matt <mt...@us...> - 2005-06-01 18:11:38
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21702 Modified Files: npsubagent.pl Log Message: Index: npsubagent.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/npsubagent.pl,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- npsubagent.pl 30 May 2005 03:40:01 -0000 1.3 +++ npsubagent.pl 1 Jun 2005 18:11:24 -0000 1.4 @@ -4,6 +4,7 @@ use NetSNMP::agent (':all'); use NetSNMP::OID (':all'); use NetSNMP::ASN (':all'); +use SNMP; use FileHandle; my $BASEOID = ".1.3.6.1.4.1.8072.9999.9999.7375"; @@ -12,6 +13,8 @@ my $PROCEBTNMAC = "/proc/ebtables/npvnat/nummacs"; my $REFRESHRATE = 5; # refresh rate my $TIMEOUT = 3600; # 1hr +my $TRAPHOST = "npw2-d.cit.buffalo.edu"; +my $TRAPHOSTCOM = "50ohm"; my $fh = new FileHandle(); my $mactable = {}; @@ -69,20 +72,56 @@ $mactable->{$m}{lastseen} = $time; # send linkup trap here... + sendTrap($mactable->{$m}{port}, 'up', $TRAPHOST, $TRAPHOSTCOM); } $ltime += $REFRESHRATE; } } -# -# trap type 2 subtype 0 linkdown -# trap type 3 subtype 0 linkup -# - $agent->shutdown(); exit 0; +sub sendTrap { + my($port, $traptype, $traphost, $traphostcom) = @_; + my $enterpriseoid; + my $portoidbase = $BASEOID.'1'; + +print "sending linkup trap\n"; + + # + # enterprise oids + # .1.3.6.1.4.1.45.3.30.2 linkdown trap + # .1.3.6.1.4.1.45.3.35.1 linkup trap + # + + if ($traptype eq "up") { + $enterpriseoid = ".1.3.6.1.4.1.45.3.35.1"; + } else { + $enterpriseoid = ".1.3.6.1.4.1.45.3.30.2"; + } + + my $snmp = new SNMP::Session( + DestHost => $traphost, + RemotePort => 162, + Community => $traphostcom, + ); + + if (!defined($snmp)) { + warn "Unable to connect to $traphost with community = $traphostcom"; + return -1; + } +print "about to send trap\n"; + $snmp->trap ( + oid => $enterpriseoid, + uptime => 1234, + [[$portoidbase, $port, 1]] + ); +print "trap sent\n"; + + return 1; +} + sub delMac { my $mac = shift; @@ -142,7 +181,6 @@ # my ($handler, $registration_info, $request_info, $requests) = @_; - my $request; my $macbaseoid = $BASEOID.'.1'; my $statusbaseoid = $BASEOID.'.2'; @@ -183,8 +221,37 @@ goto done; } } - } -done: + } + } elsif ($request_info->getMode() == MODE_SET_RESERVE1) { + foreach my $m (keys %$mactable) { + if ($oid == new NetSNMP::OID ($statusbaseoid.'.'.$mactable->{$m}{decmac})) { + goto done if ($request->getValue() =~ /^\"(quar|unquar)\"$/); + $request->setError($request_info, SNMP_ERR_WRONGVALUE); + } + } + $request->setError($request_info, SNMP_ERR_NOSUCHNAME); + + } elsif ($request_info->getMode() == MODE_SET_ACTION) { + my $val = $request->getValue(); + $val =~ s/\"//g; + + my $o = new NetSNMP::OID($statusbaseoid); + + if ($oid =~ /^$o\.(\d+\.\d+\.\d+\.\d+\.\d+\.\d+)$/) { + my $mac = sprintf("%x:%x:%x:%x:%x:%x", split(/\./, $1)); + + if ($val eq "unquar") { + addMac($mac); + } else { + delMac($mac); + } + + $mactable->{$mac}{status} = $val; + goto done; + } + $request->setError($request_info, SNMP_ERR_INCONSISTENTVALUE); + } +done: } } |
|
From: Jeff M. <jcm...@os...> - 2005-06-01 12:44:14
|
On Tue, 2005-05-31 at 20:40 -0500, Robert Vance wrote: > Matt wrote: > > > --- NEW FILE: ebtablesnmpsetup.txt --- > > 1. remove all instances of net-snmp that may be on the system > > 2. build net-snmp from source enabling embedded perl > > 3. if installing net-snmp in a non std dir such as opt make > > sure to include the lib path in /etc/ld.so.conf and refresh > > 4. add "master agent" to /etc/snmp/snmpd.conf > > Would someone mind offering a little background on the reason for this > this change? you can ignore this doc and anything that refers to ebtables. this is for a perfigo-like inline device that can sit in front of waps, dialups and vpns. these are config notes for the inline device, not for the netpass server. |
|
From: Matt B. <mt...@os...> - 2005-06-01 10:12:50
|
Rob, this is the very beginnings of an ebtables with snmp interface implementation doc. -Matt On Tue, 31 May 2005, Robert Vance wrote: > Matt wrote: > > > --- NEW FILE: ebtablesnmpsetup.txt --- > > 1. remove all instances of net-snmp that may be on the system > > 2. build net-snmp from source enabling embedded perl > > 3. if installing net-snmp in a non std dir such as opt make > > sure to include the lib path in /etc/ld.so.conf and refresh > > 4. add "master agent" to /etc/snmp/snmpd.conf > > Would someone mind offering a little background on the reason for this > this change? > > Thanks! > > rev > > > ------------------------------------------------------- > This SF.Net email is sponsored by Yahoo. > Introducing Yahoo! Search Developer Network - Create apps using Yahoo! > Search APIs Find out how you can build Yahoo! directly into your own > Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 > _______________________________________________ > Netpass-devel mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netpass-devel > > |
|
From: Robert V. <re...@no...> - 2005-06-01 01:40:43
|
Matt wrote: > --- NEW FILE: ebtablesnmpsetup.txt --- > 1. remove all instances of net-snmp that may be on the system > 2. build net-snmp from source enabling embedded perl > 3. if installing net-snmp in a non std dir such as opt make > sure to include the lib path in /etc/ld.so.conf and refresh > 4. add "master agent" to /etc/snmp/snmpd.conf Would someone mind offering a little background on the reason for this this change? Thanks! rev |
|
From: Matt <mt...@us...> - 2005-05-30 03:40:11
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21309 Modified Files: npsubagent.pl Log Message: Index: npsubagent.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/npsubagent.pl,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- npsubagent.pl 26 May 2005 22:38:24 -0000 1.2 +++ npsubagent.pl 30 May 2005 03:40:01 -0000 1.3 @@ -7,10 +7,11 @@ use FileHandle; my $BASEOID = ".1.3.6.1.4.1.8072.9999.9999.7375"; -my $PROCARPFILE = "/proc/net/arp"; +my $BRCTLCMD = "/usr/local/sbin/brctl showmacs br0 |"; my $PROCEBTMAC = "/proc/ebtables/npvnat/macs"; my $PROCEBTNMAC = "/proc/ebtables/npvnat/nummacs"; -my $REFRESHRATE = 5; # refresh rate +my $REFRESHRATE = 5; # refresh rate +my $TIMEOUT = 3600; # 1hr my $fh = new FileHandle(); my $mactable = {}; @@ -33,19 +34,19 @@ $agent->register("npsubagent", $BASEOID, \&snmphandler) || die "Unable to register SNMP subagent"; - - my $ltime = time(); + while (1) { $agent->agent_check_and_process(0); + my $time = time(); - - if (($ltime + $REFRESHRATE) < time()) { + if (($ltime + $REFRESHRATE) < $time) { my $mactb = getMacTable(); next unless ref($mactb) eq 'HASH'; foreach my $m (keys %$mactable) { - next if exists $mactb->{$m}; + next if exists $mactb->{$m} || + ($mactable->{$m}{lastseen} + $TIMEOUT > $time); # make the port available push @$freeports, $mactable->{$m}{port}; @@ -54,23 +55,31 @@ delete $mactable->{$m}; # send linkdown trap here... - # might hafta introduce a timer here } foreach my $m (keys %$mactb) { - next if exists $mactable->{$m}; - + if (exists $mactable->{$m}) { + $mactable->{$m}{lastseen} = $time; + next; + } # assign a port - $mactable->{$m}{port} = shift @$freeports; - $mactable->{$m}{decmac} = $mactb->{$m}; + $mactable->{$m}{port} = shift @$freeports; + $mactable->{$m}{decmac} = $mactb->{$m}; + $mactable->{$m}{status} = "quar"; + $mactable->{$m}{lastseen} = $time; # send linkup trap here... } - $ltime = $ltime + $REFRESHRATE; + $ltime += $REFRESHRATE; } } +# +# trap type 2 subtype 0 linkdown +# trap type 3 subtype 0 linkup +# + $agent->shutdown(); exit 0; @@ -111,9 +120,9 @@ my $fh = new FileHandle; my %mtable; - $fh->open($PROCARPFILE) || return -1; + $fh->open($BRCTLCMD) || return -1; while (my $l = $fh->getline) { - if ($l =~ /(\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2})/) { + if ($l =~ /(\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2})\s+no/) { my $m = lc($1); $m =~ s/0(\d{1,2})/$1/g; my @o = split(':', $m); @@ -129,35 +138,53 @@ # # oid mapping # basoid.1.mac_in_dec = port - # + # basoid.2.mac_in_dec = status either quar/unquar # my ($handler, $registration_info, $request_info, $requests) = @_; my $request; - my $macbaseoid = $BASEOID.'.1'; + my $macbaseoid = $BASEOID.'.1'; + my $statusbaseoid = $BASEOID.'.2'; for($request = $requests; $request; $request = $request->next()) { my $oid = $request->getOID(); -print "requested oid = $oid\n"; if ($request_info->getMode() == MODE_GET) { if ($oid > new NetSNMP::OID($macbaseoid)) { foreach my $m (keys %$mactable) { if ($oid == new NetSNMP::OID($macbaseoid.'.'.$mactable->{$m}{decmac})) { $request->setValue(ASN_INTEGER, $mactable->{$m}{port}); + } elsif ($oid == new NetSNMP::OID($statusbaseoid.'.'.$mactable->{$m}{decmac})) { + $request->setValue(ASN_OCTET_STR, $mactable->{$m}{status}); } } } } elsif ($request_info->getMode() == MODE_GETNEXT) { - if ($oid >= new NetSNMP::OID($BASEOID)) { - foreach my $m (sort {new NetSNMP::OID($mactable->{$b}{decmac}) <=> - new NetSNMP::OID($mactable->{$a}{decmac})} keys %$mactable) { - if ($oid < new NetSNMP::OID($macbaseoid.'.'.$mactable->{$m}{decmac})) { + if ($oid >= new NetSNMP::OID($BASEOID) && + $oid < new NetSNMP::OID($statusbaseoid)) { + + foreach my $m (sort {new NetSNMP::OID($mactable->{$a}{decmac}) <=> + new NetSNMP::OID($mactable->{$b}{decmac})} keys %$mactable) { + if ($oid < new NetSNMP::OID($macbaseoid.'.'.$mactable->{$m}{decmac})) { $request->setOID($macbaseoid.'.'.$mactable->{$m}{decmac}); $request->setValue(ASN_INTEGER, $mactable->{$m}{port}); - } + goto done; + } } + $oid = new NetSNMP::OID($statusbaseoid); } + + if ($oid >= new NetSNMP::OID($statusbaseoid) && $oid < new NetSNMP::OID($BASEOID.'.3')) { + foreach my $m (sort {new NetSNMP::OID($mactable->{$a}{decmac}) <=> + new NetSNMP::OID($mactable->{$b}{decmac})} keys %$mactable) { + if ($oid < new NetSNMP::OID($statusbaseoid.'.'.$mactable->{$m}{decmac})) { + $request->setOID($statusbaseoid.'.'.$mactable->{$m}{decmac}); + $request->setValue(ASN_OCTET_STR, $mactable->{$m}{status}); + goto done; + } + } + } +done: } } } |
|
From: Matt <mt...@us...> - 2005-05-26 22:38:36
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15263 Modified Files: npsubagent.pl Log Message: Index: npsubagent.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/npsubagent.pl,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- npsubagent.pl 26 May 2005 22:13:17 -0000 1.1 +++ npsubagent.pl 26 May 2005 22:38:24 -0000 1.2 @@ -16,6 +16,9 @@ my $mactable = {}; my $freeports = (); +# we are just starting clear all macs from ebtables +delAllMacs(); + $fh->open($PROCEBTNMAC) || die "Unable to open $PROCEBTNMAC"; my $maxports = $fh->getline; $fh->close(); @@ -51,6 +54,7 @@ delete $mactable->{$m}; # send linkdown trap here... + # might hafta introduce a timer here } foreach my $m (keys %$mactb) { @@ -70,6 +74,39 @@ $agent->shutdown(); exit 0; +sub delMac { + my $mac = shift; + + return -1 if ($mac !~ /\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}/); + my $cmd = sprintf("echo \"del %s\" > %s", $mac, $PROCEBTMAC); + + return system($cmd); +} + +sub addMac { + my $mac = shift; + + return -1 if ($mac !~ /\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}/); + my $cmd = sprintf("echo \"add %s\" > %s", $mac, $PROCEBTMAC); + + return system($cmd); +} + +sub delAllMacs { + my $fh = new FileHandle; + my @macs; + + $fh->open($PROCEBTMAC) || return -1; + @macs = $fh->getlines(); + $fh->close; + + foreach my $mac (@macs) { + delMac($mac); + } + + return 1; +} + sub getMacTable { my $fh = new FileHandle; my %mtable; |
|
From: Matt <mt...@us...> - 2005-05-26 22:13:34
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv9174 Added Files: npsubagent.pl Log Message: --- NEW FILE: npsubagent.pl --- #!/usr/bin/perl -w use strict; use NetSNMP::agent (':all'); use NetSNMP::OID (':all'); use NetSNMP::ASN (':all'); use FileHandle; my $BASEOID = ".1.3.6.1.4.1.8072.9999.9999.7375"; my $PROCARPFILE = "/proc/net/arp"; my $PROCEBTMAC = "/proc/ebtables/npvnat/macs"; my $PROCEBTNMAC = "/proc/ebtables/npvnat/nummacs"; my $REFRESHRATE = 5; # refresh rate my $fh = new FileHandle(); my $mactable = {}; my $freeports = (); $fh->open($PROCEBTNMAC) || die "Unable to open $PROCEBTNMAC"; my $maxports = $fh->getline; $fh->close(); push @$freeports, 1..$maxports; my $agent = new NetSNMP::agent( 'Name' => "npsubagent", 'AgentX' => 1, ) || die "Unable to create SNMP subagent"; $agent->register("npsubagent", $BASEOID, \&snmphandler) || die "Unable to register SNMP subagent"; my $ltime = time(); while (1) { $agent->agent_check_and_process(0); if (($ltime + $REFRESHRATE) < time()) { my $mactb = getMacTable(); next unless ref($mactb) eq 'HASH'; foreach my $m (keys %$mactable) { next if exists $mactb->{$m}; # make the port available push @$freeports, $mactable->{$m}{port}; # delete mac from main mactable delete $mactable->{$m}; # send linkdown trap here... } foreach my $m (keys %$mactb) { next if exists $mactable->{$m}; # assign a port $mactable->{$m}{port} = shift @$freeports; $mactable->{$m}{decmac} = $mactb->{$m}; # send linkup trap here... } $ltime = $ltime + $REFRESHRATE; } } $agent->shutdown(); exit 0; sub getMacTable { my $fh = new FileHandle; my %mtable; $fh->open($PROCARPFILE) || return -1; while (my $l = $fh->getline) { if ($l =~ /(\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2})/) { my $m = lc($1); $m =~ s/0(\d{1,2})/$1/g; my @o = split(':', $m); $mtable{$m} = join('.', map(hex($_), @o)); } } $fh->close(); return \%mtable; } sub snmphandler { # # oid mapping # basoid.1.mac_in_dec = port # # my ($handler, $registration_info, $request_info, $requests) = @_; my $request; my $macbaseoid = $BASEOID.'.1'; for($request = $requests; $request; $request = $request->next()) { my $oid = $request->getOID(); print "requested oid = $oid\n"; if ($request_info->getMode() == MODE_GET) { if ($oid > new NetSNMP::OID($macbaseoid)) { foreach my $m (keys %$mactable) { if ($oid == new NetSNMP::OID($macbaseoid.'.'.$mactable->{$m}{decmac})) { $request->setValue(ASN_INTEGER, $mactable->{$m}{port}); } } } } elsif ($request_info->getMode() == MODE_GETNEXT) { if ($oid >= new NetSNMP::OID($BASEOID)) { foreach my $m (sort {new NetSNMP::OID($mactable->{$b}{decmac}) <=> new NetSNMP::OID($mactable->{$a}{decmac})} keys %$mactable) { if ($oid < new NetSNMP::OID($macbaseoid.'.'.$mactable->{$m}{decmac})) { $request->setOID($macbaseoid.'.'.$mactable->{$m}{decmac}); $request->setValue(ASN_INTEGER, $mactable->{$m}{port}); } } } } } } |
|
From: Matt <mt...@us...> - 2005-05-26 19:49:39
|
Update of /cvsroot/netpass/NetPass/doc In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7796 Added Files: ebtablesnmpsetup.txt Log Message: --- NEW FILE: ebtablesnmpsetup.txt --- 1. remove all instances of net-snmp that may be on the system 2. build net-snmp from source enabling embedded perl 3. if installing net-snmp in a non std dir such as opt make sure to include the lib path in /etc/ld.so.conf and refresh 4. add "master agent" to /etc/snmp/snmpd.conf |
|
From: jeff m. <jef...@us...> - 2005-05-20 20:33:10
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23931/lib/NetPass Modified Files: Config.pm Log Message: network editor UI completion Index: Config.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/Config.pm,v retrieving revision 1.41 retrieving revision 1.42 diff -u -d -r1.41 -r1.42 --- Config.pm 20 May 2005 15:16:12 -0000 1.41 +++ Config.pm 20 May 2005 20:32:59 -0000 1.42 @@ -744,6 +744,11 @@ $self->{'cfg'}->obj('network')->$network({}); } + _log("DEBUG", "set network comment $comment\n"); + _log("DEBUG", "set network int $interface\n"); + _log("DEBUG", "set network qid $qvid\n"); + _log("DEBUG", "set network nqid $uqvid\n"); + $self->{'cfg'}->obj('network')->obj($network)->comment($comment); $self->{'cfg'}->obj('network')->obj($network)->interface($interface); $self->{'cfg'}->obj('network')->obj($network)->quarantine($qvid); @@ -752,6 +757,204 @@ return 0; } +=head2 $cfg-E<gt>setHA(-network => '', -enabled => 0|1, -primary => '', -secondary => '', -virtualip => '', -servers => []) + +Enable, disable and set High Availability related info. All parameters are required except for 'secondary'. + +RETURNS + +0 on success +"invalid parameters" on failure +"no such network" on failure + +=cut + + +sub setHA { + my $self = shift; + + my $parms = parse_parms({ + -parms => \@_, + -legal => [qw(-network -enabled -primary -secondary -virtualip -servers)], + -required => [qw(-network -enabled -primary -virtualip -servers)], + -defaults => { -secondary => '' } + } + ); + + if (!defined($parms)) { + return "invalid parameters: ".Carp::longmess("invalid parameters ".Class::ParmList->error); + } + + my ($network, $enabled, $primary, $secondary, $virtualip, $servers) = + $parms->get('-network', '-enabled', '-primary', '-secondary', '-virtualip', '-servers'); + + if ($enabled !~ /^[01]$/) { + return "invalid parameters: enabled is not 0 or 1"; + } + + $secondary ||= ''; + + $self->reloadIfChanged(); + + if( ! $self->{'cfg'}->obj('network')->exists($network) ) { + return "no such network"; + } + + if( ! $self->{'cfg'}->obj('network')->obj($network)->exists('ha') ) { + $self->{'cfg'}->obj('network')->obj($network)->ha({}); + } + + + $self->{'cfg'}->obj('network')->obj($network)->obj('ha')->status('enabled') if $enabled; + $self->{'cfg'}->obj('network')->obj($network)->obj('ha')->status('disabled') if !$enabled; + + my $v = 'primary-redirector'; + $self->{'cfg'}->obj('network')->obj($network)->obj('ha')->$v($primary); + $v = 'secondary-redirector'; + $self->{'cfg'}->obj('network')->obj($network)->obj('ha')->$v($secondary); + $self->{'cfg'}->obj('network')->obj($network)->obj('ha')->virtualip($virtualip); + + my %s; + my $sa = []; + if (ref($servers) eq "ARRAY") { + $sa = $servers; + } else { + $sa = [ $servers ]; + } + foreach my $s (@$sa) { + $s{$s} = ""; + } + $self->{'cfg'}->obj('network')->obj($network)->obj('ha')->servers(\%s); + + return 0; +} + +=head2 $cfg-E<gt>setGarp(-network => '', -enabled => 0|1, -delay => 10, -number => 3) + +Enable, disable and set Gratuitous Arp related info. Status and enabled are required. Delay and Number +are optional. + +RETURNS + +0 on success +"invalid parameters" on failure +"no such network" on failure + +=cut + + +sub setGarp { + my $self = shift; + + my $parms = parse_parms({ + -parms => \@_, + -legal => [qw(-network -enabled -delay -number)], + -required => [qw(-network -enabled)], + -defaults => { -delay => 10, -number => 3 } + } + ); + + if (!defined($parms)) { + return "invalid parameters: ".Carp::longmess("invalid parameters ".Class::ParmList->error); + } + + my ($network, $enabled, $delay, $number) = + $parms->get('-network', '-enabled', '-delay', '-number'); + + if ($enabled !~ /^[01]$/) { + return "invalid parameters: enabled is not 0 or 1"; + } + + if ($delay !~ /^\d+$/) { + return "invalid parameters: delay is non-numeric"; + } + + if ($number !~ /^\d+$/) { + return "invalid parameters: number is non-numeric"; + } + + $self->reloadIfChanged(); + + if( ! $self->{'cfg'}->obj('network')->exists($network) ) { + return "no such network"; + } + + if( ! $self->{'cfg'}->obj('network')->obj($network)->exists('garp') ) { + $self->{'cfg'}->obj('network')->obj($network)->garp({}); + } + + $self->{'cfg'}->obj('network')->obj($network)->obj('garp')->status('enabled') if $enabled; + $self->{'cfg'}->obj('network')->obj($network)->obj('garp')->status('disabled') if !$enabled; + $self->{'cfg'}->obj('network')->obj($network)->obj('garp')->delay($delay); + $self->{'cfg'}->obj('network')->obj($network)->obj('garp')->number($number); + + return 0; +} + +=head2 $cfg-E<gt>setSwitches(-network => '', -switches => [], -bsw => '') + +Set the list of switches that service this network. BSW is optional. If BSW has +user ports on it, it should be specified both in the switches list and as the +BSW parameter. + +RETURNS + +0 on success +"invalid parameters" on failure +"no such network" on failure + +=cut + + +sub setSwitches { + my $self = shift; + + my $parms = parse_parms({ + -parms => \@_, + -legal => [qw(-network -switches -bsw)], + -required => [qw(-network -switches)], + -defaults => { -bsw => '' } + } + ); + + if (!defined($parms)) { + return "invalid parameters: ".Carp::longmess("invalid parameters ".Class::ParmList->error); + } + + my ($network, $switches, $bsw) = + $parms->get('-network', '-switches', '-bsw'); + + $self->reloadIfChanged(); + + if( ! $self->{'cfg'}->obj('network')->exists($network) ) { + return "no such network"; + } + + if( ! $self->{'cfg'}->obj('network')->obj($network)->exists('switches') ) { + $self->{'cfg'}->obj('network')->obj($network)->switches({}); + } + + if ($bsw) { + $self->{'cfg'}->obj('network')->obj($network)->obj('switches')->bsw($bsw); + } else { + $self->{'cfg'}->obj('network')->obj($network)->obj('switches')->bsw($bsw); + } + + my $sa = []; + if (ref($switches) eq "ARRAY") { + $sa = $switches; + } else { + $sa = [ $switches ]; + } + my %s; + foreach my $s (@$sa) { + $s{$s} = ''; + } + $self->{'cfg'}->obj('network')->obj($network)->switches(\%s); + + return 0; +} + =head2 $val = $np->policy(-key => $key, -network => $nw, -val => $value) |
|
From: jeff m. <jef...@us...> - 2005-05-20 20:33:10
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23931/www/htdocs/Admin Modified Files: network.mhtml Log Message: network editor UI completion Index: network.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/network.mhtml,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- network.mhtml 20 May 2005 15:16:12 -0000 1.7 +++ network.mhtml 20 May 2005 20:32:59 -0000 1.8 @@ -39,6 +39,9 @@ $BSW => ''; </%args> <%perl> +use Data::Dumper; + +#print "<PRE>", Dumper(\%ARGS), "</PRE>"; my ($isRoot, $junk) = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); if (!$isRoot) { print qq{<p class='error'>Sorry, you don't have access to this form.}; @@ -52,7 +55,45 @@ my $ng; -$haNPServers = [ hostname, "xyz", "abc" ] if (ref ($haNPServers) ne "ARRAY" || $#{$haNPServers} == -1); + + +my @setResults = (); + +if ( ($submitButton eq "Commit Changes") && $network ) { + _log("DEBUG", $m->session->{'username'}. " is updating $network $secondaryRedirector\n"); + + my $rv; + $rv = $np->cfg->setNetwork(-network => $network, + -comment => $comment, + -interface => $interface, + -qvid => $qvid, + -uqvid => $uqvid); + push @setResults, "Failed to set 'network' fields: $rv" if $rv; + + $rv = $np->cfg->setHA( -network => $network, + -enabled => $haToggle eq "Enabled" ? 1 : 0, + -primary => $primaryRedirector, + -secondary => $secondaryRedirector, + -virtualip => $virtualIP, + -servers => $haNPServers + ); + push @setResults, "Failed to set HA fields: $rv" if $rv; + + $rv = $np->cfg->setGarp(-network => $network, + -enabled => $garpToggle eq "Enabled" ? 1 : 0, + -delay => $garpDelay, + -number => $garpNumber + ); + push @setResults, "Failed to set 'garp' fields: $rv" if $rv; + + $np->cfg->setSwitches( -network => $network, + -switches => $switches, + -bsw => $BSW); + push @setResults, "Failed to set 'switches': $rv" if $rv; + + $np->cfg->save(-user => $whoami) if ($#setResults == -1); +} + $garpDelay ||= 5; $garpNumber ||= 3; @@ -81,6 +122,8 @@ $virtualIP = $np->cfg->virtualIP($network); } + + # fetch all known networks and netgroups my $allNetworks = $np->cfg->getNetworks(); @@ -91,43 +134,13 @@ } $m->comp('/Admin/LockConfig', 'enableWhenLocked' => [ 'addNetwork', 'submitButton' ], 'init' => 0); my $WH = "--Select a Network--"; - -my @setResults = (); - -if ($submitButton eq "Commit Changes") { - my $rv; - $rv = $np->cfg->setNetwork(-network => $network, - -comment => $comment, - -interface => $interface, - -qvid => $qvid, - -uqvid => $uqvid); - push @setResults, "Failed to set 'network' fields: $rv" if $rv; - - $rv = $np->cfg->setHA( -network => $network, - -enabled => $haToggle, - -primary => $primaryRedirector, - -secondary => $secondaryRedirector, - -virtualip => $virtualIP, - -servers => $servers - ); - push @setResults, "Failed to set HA fields: $rv" if $rv; - - $rv = $np->cfg->setGarp(-network => $network, - -delay => $garpDelay, - -number => $garpNumber - ); - push @setResults, "Failed to set 'garp' fields: $rv" if $rv; - - $np->cfg->setSwitches( -network => $network, - -switches => $switches, - -bsw => $BSW); - push @setResults, "Failed to set 'switches': $rv" if $rv; -} +my $WH2 = "----------------------"; </%perl> <h2> Network Configuration </h2> +% print $q->p({-class => 'error'}, join('<BR>', @setResults)) if ($#setResults > -1); Notes: <ul> @@ -164,7 +177,8 @@ onblur='network_onblur_addNetwork(this);' onfocus='network_onfocus_addNetwork(this);'> </td> <td class='selector'> - <input type='submit' name='submitButton' id='submitButton' value='Commit Changes' disabled> + <input type='submit' onclick='network_onclick_submitButton();' + name='submitButton' id='submitButton' value='Commit Changes' disabled> </td> </tr> % if ($network) { @@ -180,12 +194,12 @@ <tr class='haOptions' id='haOptions1'><td class='left'>Primary Redirector:</td> <td colspan=2><input size=32 maxlength=255 name='primaryRedirector' value="<%$primaryRedirector%>"></td></tr> <tr class='haOptions' id='haOptions2'><td class='left'>Secondary Redirector:</td> - <td colspan=2><input size=32 maxlength=255 name='primaryRedirector' value="<%$secondaryRedirector%>"></td></tr> + <td colspan=2><input size=32 maxlength=255 name='secondaryRedirector' value="<%$secondaryRedirector%>"></td></tr> <tr class='haOptions' id='haOptions3'><td class='left'>Servers:<BR> <button id='delHaNPServer' onclick='network_onclick_delHaNPServer(); return false;' type='button'>Delete</button><BR> <input id='addHaNPServer' onfocus='network_onfocus_addHaNPServer(this);' onblur='return network_onblur_addHaNPServer(this);' value="Add Server..." size=12 maxlength=255></td> -<td colspan=2><%$q->scrolling_list(-id => 'haNPServers', -name => 'haNPServers', -size => 4, -values => $haNPServers , -multiple => 'true')%></td></tr> +<td colspan=2><%$q->scrolling_list(-id => 'haNPServers', -name => 'haNPServers', -size => 4, -values => [$WH2, @$haNPServers] , -multiple => 'true')%></td></tr> <tr class='haOptions' id='haOptions4'><td class='left'>Virtual IP:</td><td colspan=2><input id='virtualIP' name='virtualIP' size=16 maxlength=32 value="<%$virtualIP%>"></td></tr> @@ -206,12 +220,11 @@ <td colspan=2> BSW: <input name='BSW' id='BSW' value='<%$BSW%>' size=16 maxlength=80><BR> <%$q->scrolling_list(-id => 'switches', -name => 'switches', -size => 4, - -values => $switches , -multiple => 'true')%></td></tr> + -values => [ $WH2, @$switches ] , -multiple => 'true')%></td></tr> </td> </tr> <tr><td colspan=3> <PRE><B>TODO: - - switches (list + add new + link to switch config) - when click netgroup .. highlight networks list</B> </PRE> </td></tr> |
|
From: jeff m. <jef...@us...> - 2005-05-20 20:33:10
|
Update of /cvsroot/netpass/NetPass/www/htdocs/OSSTemplate/js In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23931/www/htdocs/OSSTemplate/js Modified Files: network.js Log Message: network editor UI completion Index: network.js =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/OSSTemplate/js/network.js,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- network.js 8 May 2005 02:35:47 -0000 1.3 +++ network.js 20 May 2005 20:32:59 -0000 1.4 @@ -113,6 +113,13 @@ } +function network_onclick_submitButton() { + highLightList("haNPServers"); + highLightList("switches"); + document.forms[0].submit(); +} + + function network_onblur_addHaNPServer(o) { var RN = "network_onblur_addServer"; dbg(1, RN); @@ -148,12 +155,15 @@ var servs = document.getElementById('haNPServers'); if (servs) { - for(var i = servs.options.length-1 ; i >= 0 ; i--) { - if (servs.options[i].selected) + // element 0 is the WH + for(var i = servs.options.length-1 ; i > 0 ; i--) { + if (servs.options[i].selected) { + // you cant delete yourself. if (servs.options[i].value != network_ourHostname) { dbg(1, RN + ": del " + servs.options[i].value); servs.options[i] = undefined; } + } } } return false; @@ -175,7 +185,8 @@ function network_onclick_delSwitch() { var switches = document.getElementById('switches'); if (switches) { - for(var i = switches.options.length-1 ; i >= 0 ; i--) { + // element 0 is WH + for(var i = switches.options.length-1 ; i > 0 ; i--) { if (switches.options[i].selected) switches.options[i] = undefined; } |
|
From: jeff m. <jef...@us...> - 2005-05-20 15:16:22
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21675/www/htdocs/Admin Modified Files: logout.mhtml network.mhtml Log Message: bugs, network cfg ui Index: logout.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/logout.mhtml,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- logout.mhtml 6 May 2005 20:13:34 -0000 1.5 +++ logout.mhtml 20 May 2005 15:16:12 -0000 1.6 @@ -16,7 +16,7 @@ _log("INFO", $m->session->{'username'}." is logging out of Admin tool\n"); $np->db->audit(-severity => 'NOTICE', -ip => $ENV{'REMOTE_ADDR'}, -user => $m->session->{'username'}, - -msg => [ "$username logged out of Admin tool" ]); + -msg => [ $m->session->{'username'}." logged out of Admin tool" ]); $m->session->{'logged_in'} = 0; tied(%{$m->session})->delete; print "Logging out. Please wait..<P>"; Index: network.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/network.mhtml,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- network.mhtml 19 May 2005 20:15:06 -0000 1.6 +++ network.mhtml 20 May 2005 15:16:12 -0000 1.7 @@ -92,6 +92,38 @@ $m->comp('/Admin/LockConfig', 'enableWhenLocked' => [ 'addNetwork', 'submitButton' ], 'init' => 0); my $WH = "--Select a Network--"; +my @setResults = (); + +if ($submitButton eq "Commit Changes") { + my $rv; + $rv = $np->cfg->setNetwork(-network => $network, + -comment => $comment, + -interface => $interface, + -qvid => $qvid, + -uqvid => $uqvid); + push @setResults, "Failed to set 'network' fields: $rv" if $rv; + + $rv = $np->cfg->setHA( -network => $network, + -enabled => $haToggle, + -primary => $primaryRedirector, + -secondary => $secondaryRedirector, + -virtualip => $virtualIP, + -servers => $servers + ); + push @setResults, "Failed to set HA fields: $rv" if $rv; + + $rv = $np->cfg->setGarp(-network => $network, + -delay => $garpDelay, + -number => $garpNumber + ); + push @setResults, "Failed to set 'garp' fields: $rv" if $rv; + + $np->cfg->setSwitches( -network => $network, + -switches => $switches, + -bsw => $BSW); + push @setResults, "Failed to set 'switches': $rv" if $rv; +} + </%perl> <h2> Network Configuration </h2> |
|
From: jeff m. <jef...@us...> - 2005-05-20 15:16:22
|
Update of /cvsroot/netpass/NetPass/lib/NetPass/WWW In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21675/lib/NetPass/WWW Modified Files: Session.pm.file Session.pm.mysql Log Message: bugs, network cfg ui Index: Session.pm.file =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/WWW/Session.pm.file,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- Session.pm.file 12 Apr 2005 19:52:17 -0000 1.4 +++ Session.pm.file 20 May 2005 15:16:12 -0000 1.5 @@ -54,7 +54,7 @@ session_use_cookie => 1, session_cookie_name => $cookieName, - session_cookie_expires => '+1d', + session_cookie_expires => '+1y', session_cookie_domain => '%COOKIEDOM%', comp_root => [ [ private => '/opt/netpass/www/components' ], Index: Session.pm.mysql =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/WWW/Session.pm.mysql,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- Session.pm.mysql 12 Apr 2005 19:52:17 -0000 1.3 +++ Session.pm.mysql 20 May 2005 15:16:12 -0000 1.4 @@ -65,7 +65,7 @@ session_use_cookie => 1, session_cookie_name => $cookieName, - session_cookie_expires => '+1d', + session_cookie_expires => '+1y', session_cookie_domain => '%COOKIEDOM%', comp_root => [ [ private => '/opt/netpass/www/components' ], |
|
From: jeff m. <jef...@us...> - 2005-05-20 15:16:21
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21675/lib/NetPass Modified Files: Config.pm Log Message: bugs, network cfg ui Index: Config.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/Config.pm,v retrieving revision 1.40 retrieving revision 1.41 diff -u -d -r1.40 -r1.41 --- Config.pm 19 May 2005 20:15:04 -0000 1.40 +++ Config.pm 20 May 2005 15:16:12 -0000 1.41 @@ -705,6 +705,53 @@ return ""; } +=head2 $cfg-E<gt>setNetwork(-network => '', -comment => '', -interface => '', -qvid => #, -uqvid => #) + +Given a network, set the various "core" network fields. A comment of "" or undef is OK. All other +fields are required. + +RETURNS + +0 on success +"..." on failure + +=cut + + +sub setNetwork { + my $self = shift; + + my $parms = parse_parms({ + -parms => \@_, + -legal => [qw(-network -comment -interface -qvid -uqvid)], + -required => [qw(-network -interface -qvid -uqvid)], + -defaults => { -comment => '' } + } + ); + + if (!defined($parms)) { + return "invalid parameters: ".Carp::longmess("invalid parameters ".Class::ParmList->error); + } + + my ($network, $comment, $interface, $qvid, $uqvid) = + $parms->get('-network', '-comment', '-interface', '-qvid', '-uqvid'); + + $comment ||= ''; + + $self->reloadIfChanged(); + + if( ! $self->{'cfg'}->obj('network')->exists($network) ) { + $self->{'cfg'}->obj('network')->$network({}); + } + + $self->{'cfg'}->obj('network')->obj($network)->comment($comment); + $self->{'cfg'}->obj('network')->obj($network)->interface($interface); + $self->{'cfg'}->obj('network')->obj($network)->quarantine($qvid); + $self->{'cfg'}->obj('network')->obj($network)->nonquarantine($uqvid); + + return 0; +} + =head2 $val = $np->policy(-key => $key, -network => $nw, -val => $value) @@ -766,8 +813,8 @@ _log("DEBUG", "policy(-key $pvar, -network $nw)\n") if $self->debug; - $self->reloadIfChanged() || return undef; - + $self->reloadIfChanged(); + $pvar =~ tr [A-Z] [a-z]; # because of AutoLowerCase # if network looks like an IP, figure out which <network> clause |
|
From: jeff m. <jef...@us...> - 2005-05-19 20:15:22
|
Update of /cvsroot/netpass/NetPass/lib/SNMP In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8038/lib/SNMP Modified Files: Device.pm Log Message: cleanup Index: Device.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/SNMP/Device.pm,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- Device.pm 5 Mar 2005 04:14:18 -0000 1.3 +++ Device.pm 19 May 2005 20:15:04 -0000 1.4 @@ -276,6 +276,10 @@ 'BayStack 5510' => { 'Desc' => "BayStack 5510", 'Module' => "SNMP::Device::BayStack" }, + 'Cisco' => { + 'Desc' => "Cisco", + 'Module' => "SNMP::Device::Cisco" + }, 'HP28688' => { 'Desc' => "HP28688 EtherTwist Hub PLUS", 'Module' => "SNMP::Device::HP" }, |
|
From: jeff m. <jef...@us...> - 2005-05-19 20:15:22
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8038/www/htdocs/Admin Modified Files: gencfg.mhtml network.mhtml Log Message: cleanup Index: network.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/network.mhtml,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- network.mhtml 8 May 2005 02:35:46 -0000 1.5 +++ network.mhtml 19 May 2005 20:15:06 -0000 1.6 @@ -172,7 +172,7 @@ size=12 maxlength=255> </td> <td colspan=2> -BSW: <input name='BSW' id='BSW' value='<%$BSW%>' size=16 maxlength=32><BR> +BSW: <input name='BSW' id='BSW' value='<%$BSW%>' size=16 maxlength=80><BR> <%$q->scrolling_list(-id => 'switches', -name => 'switches', -size => 4, -values => $switches , -multiple => 'true')%></td></tr> </td> Index: gencfg.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/gencfg.mhtml,v retrieving revision 1.14 retrieving revision 1.15 diff -u -d -r1.14 -r1.15 --- gencfg.mhtml 6 May 2005 03:09:33 -0000 1.14 +++ gencfg.mhtml 19 May 2005 20:15:06 -0000 1.15 @@ -274,6 +274,15 @@ )%> </TD></TR> <TR> +<TD CLASS='left'>ResetPort Link Flap Tolerance</TD> +<TD CLASS='right'> +<%$q->textfield ( + -name => 'policy:linkflap_tolerance', + -values => $np->cfg->policy(-key => 'linkflap_tolerance'), + -size => 5 + )%> seconds +</TD></TR> +<TR> <TD CLASS='left'>Enable MacScan?</TD> <TD CLASS='right'> <%$q->popup_menu ( @@ -288,7 +297,7 @@ <%$q->popup_menu ( -name => 'policy:nessus', -values => ['on', 'off'], - -default => ($np->cfg->policy(-key => 'resetport')) ? 'on': 'off', + -default => ($np->cfg->policy(-key => 'nessus')) ? 'on': 'off', )%> </TD></TR> <TR> |
|
From: jeff m. <jef...@us...> - 2005-05-19 20:15:21
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8038/lib/NetPass Modified Files: Config.pm Log Message: cleanup Index: Config.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/Config.pm,v retrieving revision 1.39 retrieving revision 1.40 diff -u -d -r1.39 -r1.40 --- Config.pm 17 May 2005 20:34:27 -0000 1.39 +++ Config.pm 19 May 2005 20:15:04 -0000 1.40 @@ -81,7 +81,7 @@ my $newCfg = $self->{'db'}->getConfig(); if (ref($newCfg) ne "HASH") { - _log("WARNING", "couldnt check for new config: $newCfg"); + _log("ERROR", "couldnt check for new config: $newCfg"); return; } @@ -766,7 +766,7 @@ _log("DEBUG", "policy(-key $pvar, -network $nw)\n") if $self->debug; - $self->reloadIfChanged(); + $self->reloadIfChanged() || return undef; $pvar =~ tr [A-Z] [a-z]; # because of AutoLowerCase |
|
From: jeff m. <jef...@us...> - 2005-05-19 20:15:19
|
Update of /cvsroot/netpass/NetPass/www/components/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8038/www/components/Admin Modified Files: TableEditPolicy Log Message: cleanup Index: TableEditPolicy =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/Admin/TableEditPolicy,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- TableEditPolicy 6 May 2005 20:13:34 -0000 1.5 +++ TableEditPolicy 19 May 2005 20:15:05 -0000 1.6 @@ -327,6 +327,21 @@ % } </TR> <TR> +<TD CLASS='left'>ResetPort Link Flap Tolerance</TD> +<TD CLASS='right'> +<%$q->textfield ( + -name => 'policy:linkflap_tolerance', + -values => $np->cfg->policy(-key => 'linkflap_tolerance', -network => $network), + -size => 5 + )%> seconds +</TD> +% if ($showDefault) { +<td class='center'><input type='checkbox' <%!$np->cfg->policyLocation(-key => 'linkflap_tolerance', -network => $network, -location => $formatFor)?"":"checked"%> name="override:linkflap_tolerance"></td> +<td class='right'><%$np->cfg->policy(-key => 'linkflap_tolerance')%></td><td class='left'> +(<%join(',', @{$np->cfg->policyLocation(-key => 'linkflap_tolerance', -network => $network)})%>)</td> +% } +</TR> +<TR> <TD CLASS='left'>Enable MacScan?</TD> <TD CLASS='right'> <%$q->popup_menu ( |
|
From: jeff m. <jef...@us...> - 2005-05-19 20:15:17
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8038/bin Modified Files: resetport.pl Log Message: cleanup Index: resetport.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/resetport.pl,v retrieving revision 1.12 retrieving revision 1.13 diff -u -d -r1.12 -r1.13 --- resetport.pl 24 Apr 2005 03:42:02 -0000 1.12 +++ resetport.pl 19 May 2005 20:15:03 -0000 1.13 @@ -146,8 +146,6 @@ print "entering while..\n" if exists $opts{'D'}; -my $unq_on_linkup = $np->cfg->policy(-key => 'UNQUAR_ON_LINKUP') || "0"; - # occasionally, you'll find a machine that will bring up link very early, # but wont source any traffic until quite a bit later. in those cases, # if we want to unquar-on-linkup, we cant. @@ -166,15 +164,13 @@ } RUNONCE::handleConnection(); - processLines($np, $unq, - $unq_on_linkup, \@lines); + processLines($np, $unq, \@lines); foreach my $switch (keys %$unq) { if (!defined($threads->{$switch}) || !$myself->object($threads->{$switch}->tid)) { # a thread doesnt exist for this switch - $threads->{$switch} = threads->create(\&procUQ, $switch, - $unq_on_linkup); + $threads->{$switch} = threads->create(\&procUQ, $switch); _log("INFO", "spawning thread to handle $switch\n"); } } @@ -200,9 +196,11 @@ sub processLines { my ($np, $unq) = (shift, shift); - my $unq_on_linkup = shift; my $lines = shift; + # reload this value to be sure we have the current one + my $unq_on_linkup = $np->cfg->policy(-key => 'UNQUAR_ON_LINKUP') || "0"; + while (defined(my $l = shift @{$lines})) { chomp $l; @@ -315,7 +313,7 @@ sub procUQ { my $switch = shift; - my $unq_on_linkup = shift; + print "thread connecting to DB\n" if $opts{'D'}; @@ -326,6 +324,8 @@ -debug => exists $opts{'D'} ? 1 : 0, -quiet => exists $opts{'q'} ? 1 : 0); + # reload this value to be sure we have the current one + my $unq_on_linkup = $np->cfg->policy(-key => 'UNQUAR_ON_LINKUP') || "0"; if (ref($np) ne "NetPass") { _log("ERROR", "failed to connect to NetPass: $np\n"); |
|
From: jeff m. <jef...@us...> - 2005-05-18 15:24:00
|
Update of /cvsroot/netpass/NetPass/www/components/Client In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13900/www/components/Client Modified Files: Remediate ShowResults Log Message: bugs in client remediation web page, strikes over-ride feature Index: ShowResults =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/Client/ShowResults,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- ShowResults 17 May 2005 20:34:28 -0000 1.6 +++ ShowResults 18 May 2005 15:23:43 -0000 1.7 @@ -48,11 +48,11 @@ my $struckOut = {}; my $maxStrikes = $np->cfg->policy(-key => 'STRIKES', -network => $ip); -my $noStrikesForSnort = $np->cfg->policy(-key => 'NO_STRIKES_FOR_SNORT', -network => $ip); -my $noStrikesForNessus = $np->cfg->policy(-key => 'NO_STRIKES_FOR_NESSUS', -network => $ip); -my $noStrikesForManual = $np->cfg->policy(-key => 'NO_STRIKES_FOR_MANUAL', -network => $ip); if ($np->db->macIsRegistered($mac) && $maxStrikes) { + my $noStrikesForSnort = $np->cfg->policy(-key => 'NO_STRIKES_FOR_SNORT', -network => $ip); + my $noStrikesForNessus = $np->cfg->policy(-key => 'NO_STRIKES_FOR_NESSUS', -network => $ip); + my $noStrikesForManual = $np->cfg->policy(-key => 'NO_STRIKES_FOR_MANUAL', -network => $ip); for(my $rn = 0 ; $rn <= $nres ; $rn++) { my $uf = $np->db->getResults(-mac => $mac, @@ -60,7 +60,7 @@ -type => $results->{'type'}->[$rn], -id => $results->{'id'}->[$rn]); _log("DEBUG", "$mac $ip history on ".$results->{'type'}->[$rn].":". - $results->{'id'}->[$rn]. " is ". $#{$uf->{'type'}}); + $results->{'id'}->[$rn]. " is ". $#{$uf->{'type'}}. "\n"); # +1 bc $# is zero relative, +1 again because it's prev result + cur result if ( (ref($uf) eq "HASH") && ($#{$uf->{'type'}}+2 > $maxStrikes) ) { next if ( ($uf->{'type'}->[0] =~ /^snort$/i) && $noStrikesForSnort ); @@ -72,7 +72,6 @@ } if ($nres > -1) { - # if there's only one result pending, we forgo the javascript -/+ thing and suppress # the title. if they are pquar, we also suppress the 'fixed' button. @@ -100,7 +99,7 @@ } print qq{<tr><td colspan=3 align="right"> }; - print $q->submit(-name=>"fixed:$type:$sid:$rid", -value=>'Fixed') + print $q->submit(-name=>"fixed;$type;$sid;$rid", -value=>'Fixed') unless ($pquar || ($struckOut->{$type}->{$sid} == 1)); print qq{</td>}; print qq{</tr><tr><td colspan=3>}; @@ -156,7 +155,7 @@ } print qq{</td><td>$shortName</td>}; print qq{<td width="1%" align="right"> }; - print $q->submit(-name=>"fixed:$type:$sid:$rid", -value=>'Fixed') + print $q->submit(-name=>"fixed;$type;$sid;$rid", -value=>'Fixed') unless ($pquar || ($struckOut->{$type}->{$sid} == 1)); print qq{</td>}; print qq{</tr><tr><td colspan=3 class="gray">}; Index: Remediate =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/Client/Remediate,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- Remediate 1 May 2005 05:44:11 -0000 1.10 +++ Remediate 18 May 2005 15:23:43 -0000 1.11 @@ -44,7 +44,7 @@ foreach my $sid (keys %ARGS) { if($ARGS{$sid} eq 'Fixed') { - my ($type, $id, $rid) = (split(':', $sid))[1,2,3]; + my ($type, $id, $rid) = (split(';', $sid))[1,2,3]; _log ("INFO", "$mac $ip user claims $type:$id:$rid is fixed.\n"); my $rv = $np->db->updateResult(-mac => $mac, -ip => $ip, -rowid => $rid, -status => 'user-fixed'); |
|
From: jeff m. <jef...@us...> - 2005-05-17 20:34:39
|
Update of /cvsroot/netpass/NetPass/etc In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16431/etc Modified Files: netpass-example.conf Log Message: Index: netpass-example.conf =================================================================== RCS file: /cvsroot/netpass/NetPass/etc/netpass-example.conf,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- netpass-example.conf 8 Apr 2005 20:08:11 -0000 1.7 +++ netpass-example.conf 17 May 2005 20:34:27 -0000 1.8 @@ -10,38 +10,47 @@ */ <policy> - AUTH_METHOD = NetPass::Auth::Radius - #ADMIN_AUTH_METHOD = NetPass::Auth::Radius - ADMIN_AUTH_METHOD = NetPass::Auth::DB - MULTI_MAC = ALL_OK /* | ONE_OK | DISALLOWED */ - RESULTS_DISPLAY = INLINE /* | POPUP */ - RESULTS_EXPAND = 5 /* N results or less, auto-expand */ - AUTO_REDIRECT = no /* | yes */ - COOKIE_DETECT = yes /* yes | no */ - COOKIE_NAME = UB-NetPass-Devel - REDIR_URL_DEFAULT = http://www.buffalo.edu - SURVEY_ENABLED = no - SURVEY_EMAIL = an_...@ad...,ano...@ad... - PID_DIR = /var/run/netpass - BASE_DIR = /opt/netpass + AUTH_METHOD = NetPass::Auth::Radius + ADMIN_AUTH_METHOD = NetPass::Auth::DB + MULTI_MAC = ALL_OK /* | ONE_OK | DISALLOWED */ + RESULTS_DISPLAY = INLINE /* | POPUP */ + RESULTS_EXPAND = 5 /* N results or less, auto-expand */ + AUTO_REDIRECT = no /* | yes */ + COOKIE_DETECT = yes /* yes | no */ + COOKIE_NAME = UB-NetPass-Devel + REDIR_URL_DEFAULT = http://www.buffalo.edu + SURVEY_ENABLED = no + SURVEY_EMAIL = an_...@ad...,ano...@ad... + PID_DIR = /var/run/netpass + BASE_DIR = /opt/netpass - PORT_SEARCH_ALGO = TREE /* LINEAR | TREE */ - PORT_CACHE = ON /* ON | OFF */ - UNQUAR_ON_LINKUP = OFF /* ON | OFF | ITDEPENDS */ - resetport = ON + PORT_SEARCH_ALGO = TREE /* LINEAR | TREE */ + PORT_CACHE = ON /* ON | OFF */ - LDAP_USER_QUERY = http://ldap.buffalo.edu/cgi-bin/ldq.pl?stype=userid&ldq=%s - LDAP_POPUP_WIDTH = 573 - LDAP_POPUP_HEIGHT = 734 + RESETPORT = ON + UNQUAR_ON_LINKUP = OFF /* ON | OFF | ITDEPENDS */ + LINKFLAP_TOLERANCE = 0 /* seconds */ + + LDAP_USER_QUERY = http://ldap.buffalo.edu/cgi-bin/ldq.pl?stype=userid&ldq=%s + LDAP_POPUP_WIDTH = 573 + LDAP_POPUP_HEIGHT = 734 + + NESSUS = on + MACSCAN = on + + STRIKES = 2 + NO_STRIKES_FOR_MANUAL = No + NO_STRIKES_FOR_NESSUS = No + NO_STRIKES_FOR_SNORT = No # these parameter's adjust portions of the web output - USERNAME_PROMPT = UBITname: - PASSWORD_PROMPT = Password: - COMPANY_NAME = University at Buffalo - COMPANY_SHORT_NAME = UB - COMPANY_UNIT_NAME = Computing and Information Technology - EXAMPLE_IPADDR = 128.205.x.x + USERNAME_PROMPT = UBITname: + PASSWORD_PROMPT = Password: + COMPANY_NAME = University at Buffalo + COMPANY_SHORT_NAME = UB + COMPANY_UNIT_NAME = Computing and Information Technology + EXAMPLE_IPADDR = 128.205.x.x # we'd appreciate it if you don't change this (credit where # credit's due). it will be displayed at the bottom of web |
|
From: jeff m. <jef...@us...> - 2005-05-17 20:34:37
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16431/www/htdocs/Admin Modified Files: netgroups.mhtml qc.mhtml Log Message: Index: qc.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/qc.mhtml,v retrieving revision 1.21 retrieving revision 1.22 diff -u -d -r1.21 -r1.22 --- qc.mhtml 4 May 2005 20:22:17 -0000 1.21 +++ qc.mhtml 17 May 2005 20:34:28 -0000 1.22 @@ -528,7 +528,7 @@ my $rv = ""; my @rv; - my $sql = "UPDATE register SET status=?, message=?, uqlinkup=? WHERE macAddress = ?"; + my $sql = "UPDATE register SET status=?, uqlinkup=? WHERE macAddress = ?"; my $sth = $dbh->prepare($sql); if (!defined($sth)) { return "Failed to prepare sql: ".$dbh->errstr; @@ -636,8 +636,6 @@ if ($args->{"message:$mac"} eq "--None--") { return "Error: $mac PQUAR requires that you specify a message."; } else { - #push @params, $args->{"message:$mac"}; - push @params, undef; $resultsRV = $np->db->addResult(-mac => $mac, -type => 'manual', -id => $args->{"message:$mac"}); } @@ -645,10 +643,7 @@ elsif ($args->{"status:$mac"} eq "QUAR") { if ($args->{"message:$mac"} eq "--None--") { - push @params, undef; } else { - push @params, undef; - #push @params, $args->{"message:$mac"}; $resultsRV = $np->db->addResult(-mac => $mac, -type => 'manual', -force => 1, -id => $args->{"message:$mac"}); @@ -808,29 +803,22 @@ <li> When setting a machine to UNQUAR or PUNQUAR: <ul> The port is set back to quarantined (yes, that's not a typo) -within 10 seconds of clicking 'save changes'. -The message field is implicitly set to 'None'. +within 10 seconds of clicking 'save changes'. You should clear any 'pending' results by setting them to 'fixed'. When they go to the website, it detects that they are unquarantined, changes their port -and sends them to the success page. <P> - -Presently, UNQUAR and PUNQUAR look/act the same. In the future, the IDS feature -will use these. For example, you will be -able to permanently unquarantine a host so that the IDS can not re-quarantine it.<P> +and sends them to the success page. If you forget to clear pending results, they will +be sent to the remediation page. <P> </Ul> <li> When setting a machine to QUAR or PQUAR: <ul> The port is changed to quarantined within 10 seconds of clicking 'save changes'. -If you set a message, they are given that message when they access the web. -Otherwise, if the message is "None", they are scanned.<P> - -PQUAR requires that a message be set. QUAR does not require a message. +If you add a result, they are given that message when they access the web. +Otherwise, if no results are pending, they are scanned.<P> +When using PQUAR be sure to add at least one result, otherwise the client won't know why they are +permenantly quarantined. QUAR does not require any results to be pending. <P> - -Presently, PQUAR and QUAR look/act the same. In the future, these will be used to -implement the IDS "two strikes" feature by setting a message, but -on the first strike you are only QUAR and the second strike you are PQUAR. </ul> + </ul> Index: netgroups.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/netgroups.mhtml,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- netgroups.mhtml 6 May 2005 03:09:33 -0000 1.5 +++ netgroups.mhtml 17 May 2005 20:34:28 -0000 1.6 @@ -142,11 +142,9 @@ # if a netgroup has no members, delete it my $newANGs = []; - _log("DEBUG", "purge\n"); my $rv = ''; foreach my $ngn (@{$np->cfg->getNetgroups()}) { - _log("DEBUG", "purge $ngn\n"); my $members = $np->cfg->getNetgroupMembers(-group => $ngn); if (ref($members) eq "ARRAY" && ($#{$members} == -1)) { _log("DEBUG", "$ip $whoami $ngn has no members. deleting.\n"); @@ -156,7 +154,6 @@ _log("DEBUG", "$ip $whoami failed to delete empty netgroup $ngn: $rv\n"); } } else { - _log("DEBUG", "still OK $ngn\n"); push @$newANGs, $ngn; } } |
|
From: jeff m. <jef...@us...> - 2005-05-17 20:34:37
|
Update of /cvsroot/netpass/NetPass/www/components/Client In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16431/www/components/Client Modified Files: ShowResults Log Message: Index: ShowResults =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/Client/ShowResults,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- ShowResults 1 May 2005 19:46:04 -0000 1.5 +++ ShowResults 17 May 2005 20:34:28 -0000 1.6 @@ -48,6 +48,9 @@ my $struckOut = {}; my $maxStrikes = $np->cfg->policy(-key => 'STRIKES', -network => $ip); +my $noStrikesForSnort = $np->cfg->policy(-key => 'NO_STRIKES_FOR_SNORT', -network => $ip); +my $noStrikesForNessus = $np->cfg->policy(-key => 'NO_STRIKES_FOR_NESSUS', -network => $ip); +my $noStrikesForManual = $np->cfg->policy(-key => 'NO_STRIKES_FOR_MANUAL', -network => $ip); if ($np->db->macIsRegistered($mac) && $maxStrikes) { @@ -60,6 +63,9 @@ $results->{'id'}->[$rn]. " is ". $#{$uf->{'type'}}); # +1 bc $# is zero relative, +1 again because it's prev result + cur result if ( (ref($uf) eq "HASH") && ($#{$uf->{'type'}}+2 > $maxStrikes) ) { + next if ( ($uf->{'type'}->[0] =~ /^snort$/i) && $noStrikesForSnort ); + next if ( ($uf->{'type'}->[0] =~ /^nessus/i) && $noStrikesForNessus ); + next if ( ($uf->{'type'}->[0] =~ /^manual$/i) && $noStrikesForManual ); $struckOut->{$uf->{'type'}->[0]} -> {$uf->{'id'}->[0]} = 1; } } |
|
From: jeff m. <jef...@us...> - 2005-05-17 20:34:37
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16431/lib/NetPass Modified Files: Config.pm DB.pm Log Message: Index: Config.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/Config.pm,v retrieving revision 1.38 retrieving revision 1.39 diff -u -d -r1.38 -r1.39 --- Config.pm 8 May 2005 02:35:46 -0000 1.38 +++ Config.pm 17 May 2005 20:34:27 -0000 1.39 @@ -898,7 +898,7 @@ } else { - _log("DEBUG", "set global policy for $pvar\n"); + _log("DEBUG", "set global policy for $pvar\n") if $self->debug; if (! recur_exists($self->{'cfg'}, "policy") ) { _log("DEBUG", "create global policy\n") if $self->debug; # create one Index: DB.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/DB.pm,v retrieving revision 1.41 retrieving revision 1.42 diff -u -d -r1.41 -r1.42 --- DB.pm 17 May 2005 15:02:38 -0000 1.41 +++ DB.pm 17 May 2005 20:34:27 -0000 1.42 @@ -1280,7 +1280,7 @@ $osC = qq{OS='$os', } if defined($os) && ($os ne "") && ($os ne "Unknown"); $unC = qq{username='$username', } if defined($username) && ($username ne ""); - $sql = qq{UPDATE register SET ipAddress='$ip', registeredOn=NOW(), status='unquar', message=NULL, $unC $osC switchIP=NULL, switchPort=NULL WHERE macAddress = '$mac'}; + $sql = qq{UPDATE register SET ipAddress='$ip', registeredOn=NOW(), status='unquar', $unC $osC switchIP=NULL, switchPort=NULL WHERE macAddress = '$mac'}; _log("DEBUG", "$mac $ip sql=$sql\n"); $rv = $self->{'dbh'}->do($sql); if (!defined($rv)) { |
|
From: jeff m. <jef...@us...> - 2005-05-17 20:34:36
|
Update of /cvsroot/netpass/NetPass/install.d In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16431/install.d Modified Files: pages.sql Log Message: Index: pages.sql =================================================================== RCS file: /cvsroot/netpass/NetPass/install.d/pages.sql,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- pages.sql 31 Dec 2004 19:13:02 -0000 1.1 +++ pages.sql 17 May 2005 20:34:27 -0000 1.2 @@ -19,5 +19,5 @@ -- -INSERT INTO pages (name, content) VALUES ('msg:welcome','\r\n<html><head></head><body><p>UB NetPass is a safety inspection program for student computers in ResNet. UB NetPass scans your computer for viruses, worms, and other vulnerabilities. Like a vehicle inspection program, your computer must pass before you are granted access to UB\'s network and the Internet.</p><p>If your computer fails inspection, you will be presented with instructions to help you correct any problems. Once you have corrected the problems identified by UB NetPass, you can have your computer re-scanned.</p><p><strong>You must have cookies enabled to use UB NetPass.</strong></p><!-- #BeginLibraryItem \"/Library/contact info.lbi\" --><p>If you do not understand this message or are having difficulty using UB NetPass, assistance is available from the CIT Help Desk. Professional repair and vulnerability remediation services are available from UBMicro.</p><table cellpadding=\"2\" border=\"0\"><caption>Contact Information </caption><tbody><tr><th scope=\"col\">CIT Help Desk</th><th scope=\"col\">UBMicro</th></tr><tr><td align=\"center\">255 Fronczak Hall<br />716-645-3542</td><td align=\"center\">109 The Commons<br />716-645-3554</td></tr></tbody></table><!-- #EndLibraryItem --><p>Please read the acceptable use policy, enter your UBITName and password and click the button to start the scan. </p></body></html>'),('msg:eula','\r\n<html><head></head><body><h2>UB ResNet Acceptable Use Policy</h2><h3>Conditions of Use</h3><p>To provide the highest quality access to information technologies, University Residence Halls & Apartments (URHA) and Computing & Information Technology (CIT) maintain a computing network that can connect each resident\'s personal computer to the Internet. This computing network is called ResNet. <br /></p><p>ResNet users are responsible for all network traffic originating from their computers. This includes, but is not limited to: email, Internet browsing, file transfers, and connections to other machines. </p><p>ResNet users are required to follow all University, Computing & Information Technology (CIT) and University Residence Halls rules and policies.<br /></p><p>As a condition of use, to initially connect to ResNet residents must ensure that their computer(s) present no identifiable risk to the network, i.e. the computer has anti-virus software installed and up-to-date critical operating system updates applied.<br /></p><p>At any time that there is credible evidence that a ResNet attached computer has become a risk to the network, ResNet access will be denied and the resident will be required to re-certify the computer\'s safe operation at his/her expense.<br /></p><p>Additionally, ResNet users must be aware that: </p><ol><li>ResNet must be used in accordance with all Copyright laws. This includes, but is not limited to, refraining from using your computer in a way that would violate those laws such as operating pirated software or MP3 servers. </li><li>URHA communication services, wiring and other hardware may not be modified or tampered with in any way. This includes attempting to extended the network beyond the area of its intended use (for example: Installing a hub or Remote Access Server). </li><li>ResNet must be used in accordance with URHA policies on Business Activity. It can not be used to post advertisements for personal business, or for the sale of products or services for commercial gain. </li><li>Harassment of other users, by any method, will not be tolerated. </li><li>ResNet can not be used to misrepresent or hide your personal identity. (for example: email sent from a fake address, or from any address that is not yours) </li></ol><p>Violating any of these conditions may result in: Suspension or loss of ResNet usage privilege, expulsion from University Residence Halls, discipline from other university bodies such as the Student Judiciary, criminal charges. Damage or theft of ResNet wiring or hardware is the financial responsibility of the residence members. If responsibility is traced to any individual or particular group of individuals, then they will be held personally responsible for the theft or damage. </p><p>ResNet users are also expected to be responsible network citizens. ResNet is a shared resource and as such, users should refrain from using any application which may interfere with the use of the network by others.</p><p>Think of your personal computer as your computing home. It is advisable to "lock the front door" so that people can not use your machine without your supervision. Using a power-on password, or a screen saver password are good ways to control access to both the information on your computer, and your computer\'s access to ResNet.</p></body></html>'),('msg:10024','<html><head></head><body>\r\n<h3>Problem: BackOrifice was found</h3>\r\n<h3>Description</h3>\r\n<p>BackOrifice<!-- #BeginLibraryItem \"/Library/is an app.lbi\" -->\r\nis an application that is designed to give unauthorized users full control over your computer. It is usually installed without the knowledge or permission of the computer\'s owner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem --></p>\r\n<h3>Solution</h3><!-- #BeginLibraryItem \"/Library/reinstall.lbi\" -->\r\nExperts recommend a complete operating system reinstall. UB recommends you have this performed by a professional. Professional repair and vulnerability remediation services are available from UBMicro.<!-- #EndLibraryItem --></body></html>'),('msg:10036','\r\n<html><head></head><body>\r\n<h3>Problem: CDK Detect was found</h3>\r\n<h3>Description</h3>\r\nCDK Detect<!-- #BeginLibraryItem \"/Library/is an app.lbi\" -->\r\nis an application that is designed to give unauthorized users full control over your computer. It is usually installed without the knowledge or permission of the computer\'s owner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem --><h3>Solution</h3>\r\n<p><!-- #BeginLibraryItem \"/Library/reinstall.lbi\" -->\r\nExperts recommend a complete operating system reinstall. UB recommends you have this performed by a professional. Professional repair and vulnerability remediation services are available from UBMicro.<!-- #EndLibraryItem --></p>\r\n</body></html>'),('msg:10390','\r\n<html><head></head><body><h3>Problem: mstream agent was found</h3>\r\n<h3>Description</h3>\r\nThe mstream agent <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<p><!-- #BeginLibraryItem \"/Library/no known.lbi\" --> No known removal instructions\r\n are available. Please try scanning your computer using Symantec AntiVirus\r\nsoftware. <!-- #EndLibraryItem --></p>\r\n</body></html>'),('msg:10391','\r\n<html><head></head><body><h3>Problem: mstream handler was found</h3>\r\n<h3>Description</h3>\r\nThe mstream handler <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/no known.lbi\" -->No known removal instructions\r\nare available. Please try scanning your computer using your antivirus software. <!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10309','\r\n<html><head>\r\n</head><body><h3>Problem: Wingate was found</h3>\r\n<h3>Description</h3>\r\nWhen Wingate is installed and configured with a blank password,\r\nother computers can establish an Internet connection\r\nthrough the Wingate computer. This allows the second computer to hide its Internet\r\nconnection. Anything the second computer does on the Internet will look like\r\nit was done by the Wingate computer, possibly stealing your Internet "identity." \r\n\r\n<h3>Solution</h3>\r\n\r\n<p><strong>For Wingate 4.0:</strong></p>\r\n<ol>\r\n<li>Double-click the Wingate icon in the system tray (near the clock). </li>\r\n<li>Click "OK" to login without a password. </li>\r\n<li>The following screen should be a change password window. In it enter a new, strong password. </li>\r\n</ol>\r\n<p><strong>For Wingate 6.0:</strong></p>\r\n<ol>\r\n<li>Open the "Gatekeeper" module on the Wingate Server. </li>\r\n<li>Click the "Users" tab and configure individual users from there. </li>\r\n</ol></body></html>'),('msg:10307','\r\n<html><head></head><body><h3>Problem: An instance of the Trin00 for Windows "agent" was found to be running and accepting connections on your computer.</h3><h3>Description</h3>The Trin00 for Windows "agent" <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem --><!-- #BeginLibraryItem \"/Library/verify removal.lbi\" -->\r\n<p><strong>Verify Removal</strong></p>\r\n<p>If Symantec reports finding an infected file, take note of the filename and\r\n verify its deletion by checking the following registry key:<br />\r\n HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run </p>\r\n<ol>\r\n <li>Click on the "Start" menu. </li>\r\n <li>Click "Run." </li>\r\n <li>Type "regedit" and press ENTER. </li>\r\n <li>In the registry editor click on the "File" (or "Registry")\r\n menu. </li>\r\n <li>Click "Export." </li>\r\n <li>Click "All" underneath where it says "Export Range." </li>\r\n <li>Enter a filename into the filename field. (ex: "reg backup") </li>\r\n <li>Click "Save." </li>\r\n <li>Expand the "HKEY_LOCAL_MACHINE" folder. </li>\r\n <li>Expand the "SOFTWARE" folder, then the "Microsoft," "Windows," and "CurrentVersion" folders. </li>\r\n <li>Click on the "Run" folder. </li>\r\n <li>In the right-hand window, the name/data pair for the name of the infected\r\n file will appear under the Name and Data sections, respectively. (ex: Name: "infectedfile" Data: "infectedfile.exe") </li\r\n>\r\n <li>Highlight the name of the infected file by clicking on it and press the\r\n DELETE key. </li>\r\n <li>Click "Yes" to delete. </li>\r\n</ol>\r\n<p>If your computer appears to still be infected after the scan a full reformat\r\n may be necessary.<!-- #BeginLibraryItem \"/Library/reinstall.lbi\" --> Experts\r\n recommend a complete operating system reinstall. UB recommends you have this\r\n performed by a professional. Professional repair and vulnerability remediation\r\n services are available from UBMicro.<!-- #EndLibraryItem --></p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10288','\r\n<html><head></head><body><h3>Problem: Trin00 "agent" was found</h3>\r\n<h3>Description</h3>\r\nThe Trin00 "agent" <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10283','\r\n<html><head></head><body><h3>Problem: TFN "agent" was found</h3>\r\n<h3>Description</h3>The TFN "agent" <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\nare available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10270','\r\n<html><head></head><body><h3>Problem: Stacheldraht "agent" was found</h3>\r\n<h3>Description</h3>The Stacheldraht "agent" <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10203','\r\n<html><head></head><body><h3>Problem: rexecd server process was found</h3>\r\n<h3>Description</h3>Rexec is a daemon that allows code to be executed on the host computer by remote users, very often without requiring authentication. Because of this, the rexec server is thought to be highly insecure and unnecessary. It is also quite often the means by which intruders gain access to computers. <h3>Solution</h3>\r\n\r\n<p>It is generally recommended that users disable the rexec daemon, which will prevent from running in the future.</p>\r\n<ol><li>Use your preferred text editor to open /etc/inetd.conf. </li><li>Locate the rexecd line, which should look something like the following:<br />exec stream tcp nowait root /usr/lbin/rexecd rexecd </li><li>Place a hash/pound ("#") before the line to comment it out. </li><li>Save the inetd.conf file. </li><li>Locate the PIDs for any rexecd processes running by typing:<br />\r\nps aux | grep rexecd </li>\r\n <li>For all of the PIDs type:<br />kill HUP pid</li></ol></body></html>'),('msg:10166','\r\n<html><head></head><body>\r\n<h3>Problem: Anonymous FTP server</h3>\r\n<h3>Description</h3>\r\nAnonymous accounts are frequently targeted by hackers and viruses seeking to\r\nobtain unauthorized access to your computer. Your computer is running an FTP\r\nserver with an anonymous account and may be vulnerable to unauthorized remote\r\naccess.\r\n<h3>Solution</h3>You should disable all guest accounts that exist on your system, even if this disables the FTP service. </body></html>'),('msg:10147','\r\n<html><head></head><body>\r\n<h3>Problem: Nessus daemon ports were found</h3>\r\n<h3>Description</h3>The Nessus daemon allows remote users the ability to make the server scan other computers. The remote user must first have a valid username and password or valid public/private key. Howerver, should the Nessus server ever be found to be vulnerable, the Nessus server running on your computer would allow the vulnerability to be exploited. \r\n\r\n<h3>Solution</h3>\r\n\r\n<p>Removal/Remediation Steps: There are two means of resolving this vulnerability, both of which are recommended. Choose only one. </p><ol><li>Change the ports to which the that the Nessus daemon listens. </li><li>Block the ports to which you have Nessus listening. This can be done with ipchains (2.4x Linux kernel) or iptables (2.2x Linux kernel). </li></ol></body></html>'),('msg:10524','\r\n<html><head></head><body>\r\n<h3>Problem: Windows 95/98/ME SMB password verification vulnerability</h3>\r\n<h3>Description</h3>\r\nThis vulnerability will allow any unauthorized user to access the Windows 95/98/ME\r\nfile shared service with password protection. \r\n<h3>Solution</h3>\r\nDownload and update Windows with the appropriate patch: \r\n<ul>\r\n <li><a href=\"http://download.microsoft.com/download/win95/Update/11958/W95/EN-US/273991USA5.EXE\">Windows 95</a></li>\r\n <li><a href=\"http://download.microsoft.com/download/win98SE/Update/11958/W98/EN-US/273991USA8.EXE\">Windows\r\n 98</a></li>\r\n <li><a href=\"http://download.microsoft.com/download/winme/Update/11958/WinMe/EN-US/273991USAM.EXE\">Windows\r\n ME</a><br />\r\n </li>\r\n</ul>\r\n</body></html>'),('msg:10668','\r\n<html><head></head><body><h3>Problem: Windows Index Server vulnerability</h3><h3>Description</h3>\r\nYour computer is not patched for a Windows Index Server vulnerability. \r\n<p>There is a buffer overflow vulnerability in the Index Server 2.0 function\r\n to process a search request. Using this unchecked buffer, an attacker would\r\n be able to have the computer execute unauthorized and possibly malicious code\r\n in the Local System security context. This could compromise the machine and/or\r\n the network even further. </p>\r\n<h3>Solution</h3>\r\nDownload and install the following patch from Microsoft. \r\n<ol>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29660\">Index Server 2.0 Buffer overflow</a></li>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29631\">Index\r\n Server 2.0 "Malformed Hit-Highlighting" vulnerability</a></li>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29561\">Indexing Service for Windows 2000 Pro, Windows 2000 Server and Windows 2000 Advanced Server</a><br />\r\n </li>\r\n</ol>\r\n<h3> </h3>\r\n</body></html>'),('msg:10132','<html><head></head><body>\r\n<h3>Problem: Kuang2 virus was found.</h3>\r\n<h3>Description</h3>\r\n<p>The Kuang2 virus infects all .exe files on the computer.<!-- #BeginLibraryItem \"/Library/server unauth.lbi\" -->\r\nIt installs a server that is designed to give unauthorized users full control over your computer.<!-- #EndLibraryItem --></p>\r\n<h3>Solution</h3>\r\n\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem --><!-- #BeginLibraryItem \"/Library/verify removal.lbi\" -->\r\n<p><strong>Verify Removal</strong></p>\r\n<p>If Symantec reports finding an infected file, take note of the filename and\r\n verify its deletion by checking the following registry key:<br />\r\n HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run </p>\r\n<ol>\r\n <li>Click on the "Start" menu. </li>\r\n <li>Click "Run." </li>\r\n <li>Type "regedit" and press ENTER. </li>\r\n <li>In the registry editor click on the "File" (or "Registry")\r\n menu. </li>\r\n <li>Click "Export." </li>\r\n <li>Click "All" underneath where it says "Export Range." </li>\r\n <li>Enter a filename into the filename field. (ex: "reg backup") </li>\r\n <li>Click "Save." </li>\r\n <li>Expand the "HKEY_LOCAL_MACHINE" folder. </li>\r\n <li>Expand the "SOFTWARE" folder, then the "Microsoft," "Windows," and "CurrentVersion" folders. </li>\r\n <li>Click on the "Run" folder. </li>\r\n <li>In the right-hand window, the name/data pair for the name of the infected\r\n file will appear under the Name and Data sections, respectively. (ex: Name: "infectedfile" Data: "infectedfile.exe") </li\r\n>\r\n <li>Highlight the name of the infected file by clicking on it and press the\r\n DELETE key. </li>\r\n <li>Click "Yes" to delete. </li>\r\n</ol>\r\n<p>If your computer appears to still be infected after the scan a full reformat\r\n may be necessary.<!-- #BeginLibraryItem \"/Library/reinstall.lbi\" --> Experts\r\n recommend a complete operating system reinstall. UB recommends you have this\r\n performed by a professional. Professional repair and vulnerability remediation\r\n services are available from UBMicro.<!-- #EndLibraryItem --></p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10093','\r\n<html><head>\r\n</head><body>\r\n<h3>Problem: GateCrasher server found</h3>\r\n<h3>Description</h3>GateCrasher<!-- #BeginLibraryItem \"/Library/is an app.lbi\" -->\r\nis an application that is designed to give unauthorized users full control over your computer. It is usually installed without the knowledge or permission of the computer\'s owner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem --><h3>Solution</h3>\r\n<p>Remove GateCrasher</p> \r\n<ol>\r\n<li>Click "Start." </li>\r\n<li>Click "Run." </li>\r\n<li>Type "cmd" and press ENTER. </li>\r\n<li>In the command window, type "telnet localhost 6969" and press ENTER. </li>\r\n<li>At the prompt, type "gatecrasher" and press ENTER. </li>\r\n<li>Type "uninstall" and press ENTER. </li>\r\n</ol>\r\n<p>Verify removal by checking the following registry key:<br />\r\n HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/"Explore" = "Explore.exe"</p>\r\n<p>Removal Verification</p>\r\n<ol>\r\n<li>Click on the "Start" menu. </li>\r\n<li>Click "Run." </li>\r\n<li>Type "regedit" and press ENTER. </li>\r\n<li>In the registry editor click on the "File" (or "Registry") menu. </li>\r\n<li>Click "Export." </li>\r\n<li>Click "All" underneath where it says "Export Range." </li>\r\n<li>Enter a filename into the filename field. (ex: "reg backup") </li>\r\n<li>Click "Save." </li>\r\n<li>Expand the "HKEY_LOCAL_MACHINE" folder. </li>\r\n<li>Expand the "SOFTWARE" folder, then the "Microsoft," "Windows," and "CurrentVersion" folders. </li>\r\n<li>Click on the "Run" folder. </li>\r\n<li>In the right-hand window, the name/data pair "Explore" and "Explore.exe" will appear under the Name and Data sections, respectively. </li>\r\n<li>Highlight "Explore" by clicking on it and press the DELETE key. </li>\r\n<li>Click "Yes" to delete. </li>\r\n</ol></body></html>\r\n'),('msg:10079','\r\n<html><head></head><body>\r\n<h3>Problem: Anonymous IIS FTP account</h3>\r\n<h3>Description</h3>\r\nAnonymous accounts are frequently targeted by hackers and viruses seeking to obtain unauthorized access to your computer. Your computer is running an FTP server with an anonymous account and may be vulnerable to unauthorized remote access.\r\n<h3>Solution</h3>\r\n<p>Disable the anonymous IIS FTP account:</p>\r\n<ol>\r\n<li>From within the IIS Manager, right-click the FTP site. Next, click on the directory, and then the virtual directory or file. \r\nClick "Properties." </li>\r\n<li>Click the "Security Accounts" tab. </li>\r\n<li>Uncheck the "Allow Anonymous Connections" checkbox. </li>\r\n</ol>\r\n\r\nWindows NT 4.0 Users: If the latest Windows Update Service Pack has not been installed on your computer, anonymous access \r\nmay be available even with the anonymous logon disabled. Download the latest Service Packs and all Critical \r\nUpdates from <a href=\"http://windowsupdate.microsoft.com/\">Microsoft Windows Update</a>. You may be instructed to restart \r\nyour computer several times in order to apply all Security Updates and Service Packs. For further help and instructions \r\non using windows update, go to: <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Windows Update \r\nDocumentation </a>\r\n</body></html>'),('msg:11835','\r\n<html><head></head>\r\n<body><h3>Problem: Windows RPC service vulnerability</h3><h3>Description</h3>RPC (Remote Procedure Call) allows commands to be executed on your computer remotely. This usually requires authentication by legitimate users. However, a vulnerability has been discovered that allows commands to be executed through a buffer overflow attack without any authentication. Please note that there have been several other vulnerabilities discovered in the Windows RPC service, and that this is not the one being exploited by the Blaster worm <h3>Solution</h3><ol><li>Click "Start." </li><li>Click "Control Panel."<br />If using the Classic View, click the "Switch to Category View" link on the left side. </li><li>Click "Network and Internet Connections." </li><li>Click "Network Connections." </li><li>Right-click "Local Area Connection", then click "properties."<br /> </li><li>Click the "Advanced" tab. </li><li>Click the checkbox labeled "Protect my computer and network by limiting or preventing access to this computer from the Internet." </li><li>Click "OK." </li></ol><p><!-- #BeginLibraryItem \"/Library/MS Update.lbi\" -->Please update Windows at <a href=\"http://windowsupdate.microsoft.com/\">Microsoft Windows Update</a> and apply all Critical Updates and Service Packs. You may be instructed to restart your computer several times in order to apply all Security Updates and Service Packs. For further help and instructions on using windows update, go to the <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Microsoft Windows Update documentation page</a> <!-- #EndLibraryItem --></p><!-- #BeginLibraryItem \"/Library/antivirus.lbi\" --><p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available on your TechTools CD or via download from the TechTools Software Download site for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>. The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p><h3>Attention WinXP SP2 Users</h3><p>If you have installed Windows XP Service Pack 2 please enable Windows Firewall:</p><ol><li>Click "Start." </li><li>Click "Control Panel." </li><li>Click the "Security Center." </li><li>Under "Manage security settings for" click "Windows Firewall." </li><li>Click the radio button labeled "On (Recommended)." </li><li>Click "OK."</li></ol><!-- #EndLibraryItem -->\r\n</body></html>'),('msg:12114','\r\n<html><head></head><body><h3>Problem: Outdated ISS BlackICE</h3><h3>Description</h3>\r\n<p>An outdated version of ISS BlackICE was found on your computer. Vulnerabilities\r\n are found for security products on a regular basis. It is \r\n recommended that outdated software be updated as soon as new versions are available.\r\n Continuing to run outdated versions of security products can expose your computer\r\n to \r\n intruders and viruses that are capable of exploiting the vulnerabilities that\r\n the new \r\n versions may correct.\r\n</p>\r\n<h3>Solution</h3>\r\n<p><a href=\"http://blackice.iss.net/update_center/\">Download and install</a> the\r\n latest update for the version of ISS BlackICE on your computer. \r\n</p>\r\n</body></html>'),('msg:test','\r\n<html><head></head>\r\n<body>test<br />\r\n</body></html>'),('msg:multi_mac','\r\n<html><head></head>\r\n<body style=\"visibility: visible;\"><p>This computer has successfully completed UB NetPass registration, but UB NetPass has determined that there is an unregistered or quarantined device sharing this port.</p><p>You may have received this message if:</p><ul><li>you have <strong>a switch or hub and another computer</strong> plugged into the switch or hub has not successfully registered or is quarantined. Scan all computers attached to your network port to successfully complete UB NetPass registration.</li><li>you have a <strong>Playstation</strong> or <strong>Microsoft X-Box</strong> plugged into your switch or hub. Please contact the <a href=\"http://helpdesk.buffalo.edu\">CIT Help Desk</a>.</li><li>you have a <strong>wireless network</strong> connection on your computer and it is bridged. Please <a href=\"http://wings.buffalo.edu/computing/documentation/win/XPBridges.htm\">disable the bridge</a>.</li><li>you have a <strong>Firewire port</strong> and Windows XP has bridged the connection. Please <a href=\"http://wings.buffalo.edu/computing/documentation/win/XPBridges.htm\">disable the bridge</a>.</li></ul><p>If you unplug the network cable of the quarantined or not registered computer it may take up to 5 minutes until your access is restored.</p><p>If you do not understand this message or are having difficulty using UB NetPass, assistance is available from the CIT Help Desk. Professional repair and vulnerability remediation services are available from UBMicro.</p><table cellpadding=\"2\" border=\"0\"><caption>Contact Information </caption><tbody><tr><th scope=\"col\">CIT Help Desk</th><th scope=\"col\">UBMicro</th></tr><tr><td align=\"center\">225 Fronczak Hall<br />716-645-3542</td><td align=\"center\">109 The Commons<br />716-645-3554</td></tr></tbody></table><!-- #EndLibraryItem --><p> </p>\r\n</body></html>'),('msg:scan_completed','\r\n<html><head></head><body><h2><p>Click Continue to view scan results.</p></h2></body></html>'),('msg:you_passed','\r\n<html><head></head><body><h2>This computer has successfully completed UB NetPass registration.</h2><p>We have not detected any vulnerabilities on your computer. You will be able to connect to the Internet in a few moments.</p><p><strong>Important note:</strong> UB NetPass cannot detect vulnerabilities if you have a firewall enabled.</p><p>You will be prompted for your UBITName and password by the UB ResNet firewall before you can connect to the Internet.</p><p><a href=\"$original_destination\">Click here to proceed to $original_destination</a> </p></body></html>'),('msg:being_scanned','\r\n<html><head></head><body><h2>Scanning</h2><p>UB NetPass is scanning your computer for vulnerabilities. The scan may take several minutes.</p></body></html>'),('msg:10409','\r\n<html><head></head><body><h3>Problem: SubSeven was found</h3>\r\n<h3>Description</h3>\r\nSubSeven <!-- #BeginLibraryItem \"/Library/is an app.lbi\" --> is an application\r\nthat is designed to give unauthorized users full control over your computer.\r\nIt is usually installed without the knowledge or permission of the computer\'s\r\nowner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10646','\r\n<html><head></head><body>\r\n<h3>Problem: Lion worm may have infected your computer</h3>\r\n<h3>Description</h3>\r\nSSH is running on port 33568, which is an indication of this virus. The Lion\r\nworm infects Linux machines via a vulnerability in BIND. It then emails out the\r\npassword and shadow files to the attacker. The versions of BIND that are vulnerable\r\nare 8.2, 8.2-P1, 8.2.1, 8.2.2-Px. \r\n<h3>Solution</h3>\r\nNo known removal instructions are available for the Lion worm. Please see any available antivirus packages for possible remediation. Patches for the BIND vulnerability are available at the <a href=\"http://www.sans.org/y2k/lion.htm\">SANS website</a>. \r\n</body></html>'),('msg:10673','\r\n<html><head></head><body><h3>Problem: Microsoft SQL Server with a blank "sa" password.</h3>\r\n<h3>Description</h3>\r\nBy default, the "sa" login has full rights to the SQL server. When\r\nit is blank (NULL), it allows unlimited access to anyone. The Slammer worm exploits\r\nthis by connecting to SQL servers with blank passwords for the "sa" account\r\nand installs itself in an attempt to spread even further. \r\n<h3>Solution</h3><ol><li>Click "Start." </li><li>Click "Run." </li><li>Type "cmd" and press ENTER. </li><li>Type "osql U sa" to connect to the local, default instance of the Microsoft SQL Server Desktop Engine. Otherwise, if you are running a named instance, type "osql U sa S SERVERNAME/INSTANCENAME," where SERVERNAME and INSTANCENAME get replaced with the name of the server and instance, respectively. Then press ENTER. </li><li>At the "Password:" prompt, press ENTER. </li><li>Type " sp_password @old = null, @new = "complexpwd", @loginame ="sa" " where "complexpwd" is replaced with your new password. </li><li>Type "go." </li><li>Type "exit." </li></ol>\r\n</body></html>'),('msg:10685','\r\n<html><head></head><body>\r\n<h3>Problem: Several IIS vulnerabilities found</h3>\r\n<h3>Description</h3>\r\nUsing these vulnerabilities, an attacker could cause your computer to execute\r\nmalicious code remotely. \r\n<h3>Solution</h3>\r\n<p>Download and install the appropriate patch from Microsoft: </p>\r\n<ul>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32061\">Microsoft IIS 4.0</a> </li>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32011\">Microsoft IIS 5.0</a> </li>\r\n</ul>\r\n</body></html>'),('msg:10713','\r\n<html><head></head><body>\r\n<h3>Problem: CodeRed Worm found </h3>\r\n<h3>Description</h3>\r\nThe "Code Red" worm is a malicious self-propagating worm that exploits\r\nMicrosoft Internet Information Server (IIS)-enabled systems that are susceptible\r\nto a buffer overflow vulnerability.\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n<p>Download and install the appropriate Microsoft patch:</p>\r\n <ul>\r\n <li><a href=\"http://www.microsoft.com/ntserver/nts/downloads/critical/q269862/default.asp\">Microsoft IIS\r\n 4.0</a> \r\n </li>\r\n <li><a href=\"http://www.microsoft.com/windows2000/downloads/critical/q269862/default.asp\">Microsoft\r\n IIS 5.0</a>\r\n </li>\r\n </ul>\r\n</body></html>'),('msg:10798','\r\n<html><head></head><body>\r\n<h3>Problem: PC Anywhere was found with a blank password</h3>\r\n<h3>Description</h3>\r\nA blank PC Anywhere password allows anyone to connect to your computer and \r\noperate it with complete control. \r\n<h3>Solution</h3><ol><li>Open the PC Anywhere application as an administrator. </li><li>Right-click on the Host object you are using and click "Properties." </li><li>Click the "Caller Access Tab." </li><li>Switch the authentication type to "Windows" or "PC Anywhere." </li><li>If you are using the "PC Anywhere" authentication, set a strong password. </li></ol>\r\n</body></html>'),('msg:10935','\r\n<html><head>\r\n</head><body>\r\n<h3>Problem: IIS ASP ISAPI filter buffer overflow vulnerability</h3>\r\n<h3>Description</h3>\r\nThis vulnerability allows an attacker the ability to execute code on your computer\r\nfrom a remote location. This could allow your machine to be compromised, granting\r\nfull access to the attacker. \r\n<h3>Solution</h3>\r\n<p>Download and install the appropriate patches.</p>\r\n<p><strong>Microsoft IIS 4.0: </strong></p>\r\n <ul>\r\n <li><a href=\"http://www.microsoft.com/ntserver/nts/downloads/security/q319733/default.asp\">Windows\r\n NT 4.0 Workstation, Windows NT 4.0 Server, or Windows NT 4.0 Server,\r\n Enterprise Edition</a> </li>\r\n <li> <a href=\"http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q317636/default.asp\">Windows\r\n NT 4.0 Server, Terminal Server Edition (Included in the Windows NT Server\r\n 4.0, Terminal Server Edition Security Rollup Package)</a> <br />\r\n \r\n </li>\r\n </ul>\r\n<p><strong>Microsoft IIS 5.0: </strong></p>\r\n\r\n<ul>\r\n <li><!-- #BeginLibraryItem \"/Library/MS Update.lbi\" -->Please update Windows at <a href=\"http://windowsupdate.microsoft.com/\">Microsoft\r\n Windows Update</a> and apply all Critical Updates and Service Packs. You\r\n may be instructed to restart your computer several times in order to apply\r\n all Security Updates and Service Packs. For further help and instructions\r\n on using windows update, go to the <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Microsoft\r\n Windows Update documentation page</a> <!-- #EndLibraryItem --></li>\r\n <li> <a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37857\">Microsoft IIS 5.1</a></li>\r\n</ul>\r\n</body></html>'),('msg:11000','\r\n<html><head></head><body>\r\n<h3>Problem: FTP server with well known account names with blank passwords</h3>\r\n<h3>Description</h3>\r\n<p>Usernames with blank passwords exposes whatever system resources\r\n accessible to that username to the outside world. This is even more serious when\r\n the usernames are well known and standardized. \r\n</p>\r\n<h3>Solution</h3>\r\n\r\n<p>Apply complex passwords to all user accounts on the FTP server. In Windows NT/2000/XP,\r\n this may require editing operating system users. \r\n</p>\r\n</body></html>'),('msg:11028','\r\n<html><head></head><body>\r\n<h3>Problem: .HTR filter buffer overflow vulnerability</h3>\r\n<h3>Description</h3>\r\n<p>An attacker can use this vulnerability to execute code on your computer from a remote location. This could allow your machine to be compromised, granting full access to the attacker. </p>\r\n<h3>Solution</h3>\r\n<p>Download and install the appropriate patches.</p>\r\n\r\n<ul>\r\n <li> <a href=\"http://www.microsoft.com/ntserver/nts/downloads/security/q321599/default.asp\">Microsoft\r\n IIS 4.0</a> </li>\r\n <li> Microsoft IIS 5.0: <!-- #BeginLibraryItem \"/Library/MS Update.lbi\" -->Please\r\n update Windows at <a href=\"http://windowsupdate.microsoft.com/\">Microsoft\r\n Windows Update</a> and apply all Critical Updates and Service Packs. You\r\n may be instructed to restart your computer several times in order to apply\r\n all Security Updates and Service Packs. For further help and instructions\r\n on using windows update, go to the <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Microsoft\r\n Windows Update documentation page</a> <!-- #EndLibraryItem --></li>\r\n</ul>\r\n</body></html>'),('msg:11123','\r\n<html><head></head><body><h3>Problem: Radmin was found running on your machine.</h3><h3>Description</h3>\r\n\r\n<p>Radmin is a remote control program, much like Windows XPs Remote\r\n Desktop. If an insecure password is set for this service, it could grant an\r\n unauthorized user complete access to your computer. </p>\r\n<h3>Solution</h3>\r\n \r\n <p>Please make sure that you have a strong password set for any accounts with login access to radmin. If it is not needed, disable radmin so that it will not run in the future. </p>\r\n</body></html>'),('msg:11135','\r\n<html><head></head><body><h3>Problem: Bugbear Worm was found</h3>\r\n<h3>Description</h3>\r\nBugbear is a worm that propagates through Windows file shares and email. Bugbear\r\ntakes advantage of a flaw in Internet Explorer 5.01 and IE 5.5 which causes\r\nIE to automatically execute an attachment without the user\'s knowledge or intervention. <br />\r\n<br />\r\nBugbear is capable of allowing remote access to certain resources, disabling\r\nfirewall and antivirus software, and performing key logging operations. \r\n<h3>Solution</h3><ol><li>Disable/close all Windows file shares. </li><li><!-- #BeginLibraryItem \"/Library/MS Update.lbi\" -->Please\r\n update Windows at <a href=\"http://windowsupdate.microsoft.com/\">Microsoft\r\n Windows Update</a> and apply all Critical Updates and Service Packs. You\r\n may be instructed to restart your computer several times in order to apply\r\n all Security Updates and Service Packs. For further help and instructions\r\n on using windows update, go to the <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Microsoft\r\n Windows Update documentation page</a> <!-- #EndLibraryItem --></li>\r\n <li>Download and run Symantec\'s <a href=\"http://securityresponse.symantec.com/avcenter/venc/data/w32...@mm...ml\">BugBear\r\n removal utility</a>. It will scan\r\n for the BugBear virus and remove it.<br /><br /></li></ol>\r\n</body></html>'),('msg:11160','\r\n<html><head></head><body>\r\n<h3>Problem: FTP server with blank Administrator password</h3>\r\n<h3>Description</h3>\r\n<p>Because the Administrator account usually has full access to the file system,\r\n running an FTP server with a blank Administrator password\r\n allows anyone who attempts to login using that configuration the same access\r\n permissions as an authorized Administrator. </p>\r\n<h3>Solution</h3>\r\n<p>Set the password for the Administrator within the FTP server. This may require changing the password for the Windows Administrator, depending on the FTP server and the version of Windows. Please make sure to create a strong password. </p>\r\n</body></html>'),('msg:11187','\r\n<html><head></head><body><h3>Problem: Parasite Mothership was found</h3>\r\n<h3>Description</h3>\r\n<p>The Parasite Mothership listens for incoming connections; it can be\r\n used to grant an unauthorized user access to your computer. </p>\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/reinstall.lbi\" --> Experts recommend a complete\r\noperating system reinstall. UB recommends you have this performed by a professional.\r\nProfessional repair and vulnerability remediation services are available from\r\nUBMicro.<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:11214','\r\n<html><head></head><body>\r\n<h3>Problem: Microsoft SQL buffer overflow vulnerability </h3><h3>Description</h3>\r\n<p>These vulnerabilities allow remote code to be executed on your computer, which could grant SYSTEM level access to unauthorized users if exploited. This vulnerability is also being exploited by the Sapphire worm. </p>\r\n<h3>Solution</h3>\r\n\r\n<p>Download and install the appropriate Microsoft patch:</p>\r\n<ul>\r\n <li> <a href=\"http://support.microsoft.com/default.aspx?scid=kb;en-us;327068&sd=tech\">Microsoft\r\n SQL Server 7.0</a> (Must be running SQL Server Service Pack 4)</li>\r\n <li><a href=\"http://support.microsoft.com/default.aspx?scid=kb;en-us;316333&sd=tech\">Microsoft\r\n SQL Server 2000</a> (Must be running SQL Server Service Pack 2)</li>\r\n</ul>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:11412','\r\n<html><head></head><body>\r\n<h3>Problem: IIS WebDAV vulnerability</h3>\r\n<h3>Description</h3>\r\n<p>There is a buffer overflow vulnerability in the WebDAV server, which can be used to execute code remotely within the LocalSystem security context. This could compromise the system and grant access to unauthorized users. </p>\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/MS Update.lbi\" -->Please update Windows at <a href=\"http://windowsupdate.microsoft.com/\">Microsoft\r\nWindows Update</a> and apply all Critical Updates and Service Packs. You may\r\nbe instructed to restart your computer several times in order to apply all Security\r\nUpdates and Service Packs. For further help and instructions on using windows\r\nupdate, go to the <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Microsoft\r\nWindows Update documentation page</a> <!-- #EndLibraryItem -->\r\n</body></html>'),('msg:11633','\r\n<html><head></head><body><h3>Problem: Lovgate virus was found</h3>\r\n<h3>Description</h3>\r\n<p>The Lovgate virus propagates through email and listens on certain ports. </p>\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:11707','\r\n<html><head></head><body><h3>Problem: BugBear.B worm found</h3>\r\n<h3>Description</h3>\r\n<p>Bugbear is capable of allowing remote access to certain resources, disabling\r\n firewall and antivirus software, performing key logging operations, as well as\r\n other malicious actions.\r\n</p>\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:PQUAR-resnetaction-1st','\r\n<html><head></head><body><h3>Your ResNet connection has been disabled</h3><p>We have received and investigated a report of potentially damaging network activity originating from your computer. </p><p>Your ResNet connection has been disabled to prevent further adverse effects from this incident. Because we believe this is a technology problem and not intentional, your UBITName will remain active and you will still be able to use University resources via CIT Public Site computers.</p><p>We recommend that you have your computer repaired professionally. UBMicro offers a service, for a fee, to remediate these problems and help you prevent further similar problems in the future.</p><p>Since this is your first incident, we will place trust in your ability to ensure that your computer has been properly repaired. <a href=\"https://wings.buffalo.edu/computing/dce/resnet\">Notify us</a> when your computer has been repaired so we may restore your network connection. </p><p>Subsequent incidents will require that your computer repair be certified by us at your cost. Please do not move your computer to another network port or attempt to connect via UBWireless or the dial-up modem services. Changing your connection will be considered a second incident and you will face sanctions.</p><p>We have intentionally send you multiple copies of this message to be certain we reach you. If you have any questions or believe you have received this notice in error, please contact the ResNet Team Leader at (716)-645-5070. For any other problems, please contact the CIT Help Desk or UBMicro.</p><p>\r\n<table cellspacing=\"1\" cellpadding=\"1\" border=\"0\"><tbody><tr><td>CIT Help Desk</td><td>UB Micro</td></tr><tr><td>255 Fronczak Hall</td><td>109 The Commons</td></tr><tr><td>(716) 645-3542</td><td>(716) 645-3554</td></tr><tr><td>cit...@bu...</td><td>ub...@bu...</td></tr><tr><td><a href=\"http://helpdesk.buffalo.edu/\">helpdesk.buffalo.edu</a></td><td><a href=\"http://helpdesk.buffalo.edu/\">www.ubmicro.buffalo.edu</a></td></tr></tbody></table>\r\n</p></body></html>'),('msg:11819','\r\n<html><head></head><body><h3>Problem: TFTPd server was found</h3>\r\n<h3>Description</h3>\r\nImproperly configuring the TFTPd server could result in your computer being compromised.\r\nIf it is not needed, it should be disabled.\r\n<h3>Solution</h3>\r\n\r\n<p>If you are running a UNIX machine (or variant of UNIX) and the TFTPd server is not required (i.e. by SunOS systems supporting diskless workstations), then disable it. This can be done by following these steps: </p>\r\n<ol><li>Use your preferred text editor to open /etc/inetd.conf. </li>\r\n <li>Locate the tftpd line. </li>\r\n<li>Place a hash/pound ("#") before the line to comment it out. </li><li>Save the inetd.conf file. </li><li>Locate the PIDs for any tftpd processes running by typing: <br />\r\n ps aux |grep tftpd </li><li>For all of the PIDs type: <br />kill 9 pid</li></ol>\r\n<p>If you are running Windows, the existence of a TFTPd server could be a symptom\r\n of a virus. </p>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:11855','\r\n<html><head></head><body><h3>Problem: RemoteNC was found</h3>\r\n<h3>Description</h3>\r\nRemoteNC <!-- #BeginLibraryItem \"/Library/is an app.lbi\" --> is an application\r\nthat is designed to give unauthorized users full control over your computer.\r\nIt is usually installed without the knowledge or permission of the computer\'s\r\nowner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:11880','\r\n<html><head></head><body>\r\n<h3>Problem: Fluxay Sensor found</h3>\r\n<h3>Description</h3>\r\nFluxay Sensor <!-- #BeginLibraryItem \"/Library/is an app.lbi\" --> is an application\r\nthat is designed to give unauthorized users full control over your computer.\r\nIt is usually installed without the knowledge or permission of the computer\'s\r\nowner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:12029','\r\n<html><head></head><body>\r\n<h3>Problem: MyDoom virus found</h3>\r\n<h3>Description</h3>This backdoor is capable of passing information stored on your computer to unauthorized users who are able to exploit and connect to the backdoor properly. This could also compromise your machine and/or the network to which it is connected. <h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instruct... [truncated message content] |
