netpass-devel Mailing List for NetPass (Page 6)
Brought to you by:
jeffmurphy
Menu
▾
▴
netpass-devel — Developer Discussion
You can subscribe to this list here.
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
(39) |
May
(103) |
Jun
(89) |
Jul
(22) |
Aug
(100) |
Sep
(21) |
Oct
(5) |
Nov
|
Dec
(7) |
| 2006 |
Jan
(25) |
Feb
(8) |
Mar
(12) |
Apr
(2) |
May
|
Jun
(1) |
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(4) |
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(3) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
|
From: jeff m. <jef...@us...> - 2005-08-16 19:38:43
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14679/bin Modified Files: npsvc.pl Log Message: bug fixe, lvs addition Index: npsvc.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/npsvc.pl,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- npsvc.pl 10 Aug 2005 20:03:57 -0000 1.5 +++ npsvc.pl 16 Aug 2005 19:38:33 -0000 1.6 @@ -40,6 +40,7 @@ use POSIX; use lib qw(/opt/netpass/lib); +use NetPass::LOG qw(_log _cont); use RUNONCE; $RUNONCE::SANITY = 0; @@ -49,7 +50,15 @@ my $WAITPERIOD = 300; my $EMAILTIMEOUT = 300; -$SIG{'HUP'} = \&handler; +sub REAPER { + my $child; + while (($child = waitpid(-1,WNOHANG)) > 0) { + } + $SIG{'CHLD'} = \&REAPER; +} + +$SIG{'HUP'} = \&handler; +$SIG{'CHLD'} = \&REAPER; # just incase they fail to disassociate my %opts; getopts('s:c:m:w:hD', \%opts); @@ -60,6 +69,12 @@ my $D = (exists $opts{'D'}) ? 1 : 0; my $ST = (exists $opts{'s'}) ? $opts{'s'} : 30; +if (exists $opts{'D'}) { + NetPass::LOG::init *STDOUT; +} else { + NetPass::LOG::init [ 'npsvc', 'local0' ]; +} + die "File $config does not exist!" unless -e $config; my $mailserver = (exists $opts{'m'}) ? $opts{'m'} : ""; @@ -93,7 +108,7 @@ Email("npsvc", $proctowatch->{$svc}{'email'}, "$svc down $action", - "$svc down $action", + "Service $svc is down. Performing action: $action", $mailserver); $proctowatch->{$svc}{'lastemailed'} = time(); } @@ -116,12 +131,15 @@ warn("There was a problem sending email..."); } + use Sys::Hostname; + my $shn = (split(/\./, hostname))[0]; + $shn ||= hostname; $smtp->mail($from); $smtp->to($to); $smtp->data(); - $smtp->datasend("Subject: $subject"); + $smtp->datasend("Subject: $shn: $subject"); $smtp->datasend("\n\n\n"); - $smtp->datasend($mesg); + $smtp->datasend($shn.":\n\n".$mesg); $smtp->quit; return (1); @@ -184,8 +202,6 @@ my $child = fork; return if (defined($child) && ($child > 0)); # parent - #open STDIN, '/dev/null'; - #open STDOUT, '>/dev/null'; setsid or _log("WARN", "$$ child failed to setsid $!\n"); _log("DEBUG", "$$ inchild change to uid=$uid gid=$gid\n"); @@ -203,8 +219,11 @@ } { _log("DEBUG", qq{$$ in child. calling exec\n}) if $D; + open STDIN, '/dev/null'; + open STDOUT, '>/dev/null'; exec($cmd); } _log("ERROR", "child $$ failed to exec($cmd) $!\n"); exit 0; } + |
|
From: jeff m. <jef...@us...> - 2005-08-16 19:38:43
|
Update of /cvsroot/netpass/NetPass/install.d/init.d In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14679/install.d/init.d Modified Files: netpass Log Message: bug fixe, lvs addition Index: netpass =================================================================== RCS file: /cvsroot/netpass/NetPass/install.d/init.d/netpass,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- netpass 10 Aug 2005 19:52:15 -0000 1.6 +++ netpass 16 Aug 2005 19:38:33 -0000 1.7 @@ -49,21 +49,21 @@ } echo -n $"Starting resetport: " - daemon ${B}/bin/resetport.pl ${B}/log/snmptraps.log + daemon --user=netpass ${B}/bin/resetport.pl ${B}/log/snmptraps.log echo #[ $RETVAL -eq 0 ] && exit $RETVAL echo -n $"Starting portmover: " - daemon ${B}/bin/portmover.pl + daemon --user=netpass ${B}/bin/portmover.pl echo #[ $RETVAL -eq 0 ] && exit $RETVAL echo -n $"Starting macscan: " - daemon ${B}/bin/macscan.pl + daemon --user=netpass ${B}/bin/macscan.pl echo echo -n $"Starting npapid: " - daemon ${B}/bin/npapid.pl + daemon --user=netpass ${B}/bin/npapid.pl echo #[ $RETVAL -eq 0 ] && exit $RETVAL |
|
From: jeff m. <jef...@us...> - 2005-08-16 19:38:43
|
Update of /cvsroot/netpass/NetPass/www/htdocs In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14679/www/htdocs Added Files: npapid-netpass-check.cgi Log Message: bug fixe, lvs addition --- NEW FILE: npapid-netpass-check.cgi --- #!/opt/perl/bin/perl -w # # we dont use mhtml because we dont want the Apache::Session # cookie files created since they are difficult to delete. use strict; use Proc::ProcessTable; my $pt = new Proc::ProcessTable(); print "Content-type: text/plain\n\n"; foreach my $p (@{$pt->table}) { if ($p->cmndline =~ /npapid/) { print "NPAPID-OK\n"; exit 0; } } print "NPAPID-NOK\n"; exit 0; |
|
From: jeff m. <jef...@us...> - 2005-08-16 19:38:43
|
Update of /cvsroot/netpass/NetPass/install.d In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14679/install.d Modified Files: ldirectord.cf Log Message: bug fixe, lvs addition Index: ldirectord.cf =================================================================== RCS file: /cvsroot/netpass/NetPass/install.d/ldirectord.cf,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- ldirectord.cf 20 Apr 2005 13:17:01 -0000 1.2 +++ ldirectord.cf 16 Aug 2005 19:38:33 -0000 1.3 @@ -29,6 +29,19 @@ protocol=tcp checktype=negotiate +# Virtual Server for NPAPI +virtual=%VIP%:20003 + real=%RS1%:20003 gate + real=%RS2%:20003 gate + checkport=80 + service=http + request="/npapid-netpass-check.cgi" + receive="NPAPID-OK" + scheduler=rr + persistent=360 + protocol=tcp + checktype=negotiate + # Virtual Server for gw virtual=1 real=%RS1%:0 gate |
|
From: jeff m. <jef...@us...> - 2005-08-16 16:31:40
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30364/www/htdocs/Admin Modified Files: mr.mhtml Log Message: bug fixes Index: mr.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/mr.mhtml,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- mr.mhtml 6 May 2005 03:09:33 -0000 1.10 +++ mr.mhtml 16 Aug 2005 16:31:33 -0000 1.11 @@ -71,8 +71,7 @@ -name => "ip", -value => $ip, -filter => '/^\d+\.\d+\.\d+\.\d+$/', - -error => 'Please format the IP Address in the format - specified.' + -error => 'Please format the IP Address in the format specified.' ). $q->small(' e.g. '.$np->cfg->policy(-key => 'EXAMPLE_IPADDR', -network => $ENV{'REMOTE_ADDR'})) ) @@ -84,8 +83,7 @@ -name => "mac", -value => $mac, -filter => '/^\w{2}:{0,1}\w{2}:{0,1}\w{2}:{0,1}\w{2}:{0,1}\w{2}:{0,1}\w{2}$/', - -error => 'Please format the MAC Address in the forma -t specified.' + -error => 'Please format the MAC Address in the format specified.' ). $q->small(' e.g. AABBCCDDEEFF') ) @@ -129,7 +127,7 @@ if ( ! $isRoot ) { my $netgroup = $np->cfg->getNetgroup(-network => $nw); - if ( !grep(/^$nw$/, @$rwGroups) && !grep(/^$netgroup$/, @$rwGroups) ) { + if ( !grep(/^default$/, @$rwGroups) && !grep(/^$nw$/, @$rwGroups) && !grep(/^$netgroup$/, @$rwGroups) ) { $err = "You don't have permission to register an IP address on the $nw network."; } } |
|
From: jeff m. <jef...@us...> - 2005-08-16 16:31:40
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30364 Modified Files: CHANGES Log Message: bug fixes Index: CHANGES =================================================================== RCS file: /cvsroot/netpass/NetPass/CHANGES,v retrieving revision 1.14 retrieving revision 1.15 diff -u -d -r1.14 -r1.15 --- CHANGES 16 Aug 2005 15:50:08 -0000 1.14 +++ CHANGES 16 Aug 2005 16:31:32 -0000 1.15 @@ -197,3 +197,5 @@ jcm bug fix to install - didnt install logrotate.d/apache logrotate.d/netpass jcm bug fix to Config.pm - altering network switches would cause bsw setting to be lost + jcm bug fix to mr.mhtml - permissions problem if in both + Reports and ScanAdmin acl |
|
From: jeff m. <jef...@us...> - 2005-08-16 15:50:23
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18199 Modified Files: CHANGES Log Message: bug fixes Index: CHANGES =================================================================== RCS file: /cvsroot/netpass/NetPass/CHANGES,v retrieving revision 1.13 retrieving revision 1.14 diff -u -d -r1.13 -r1.14 --- CHANGES 16 Aug 2005 14:04:31 -0000 1.13 +++ CHANGES 16 Aug 2005 15:50:08 -0000 1.14 @@ -195,4 +195,5 @@ jcm bug fix to ShowResults - didnt correctly display nessus scan results jcm bug fix to install - didnt install logrotate.d/apache logrotate.d/netpass - + jcm bug fix to Config.pm - altering network switches would cause + bsw setting to be lost |
|
From: jeff m. <jef...@us...> - 2005-08-16 15:50:23
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18199/lib/NetPass Modified Files: Config.pm DB.pm Log Message: bug fixes Index: Config.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/Config.pm,v retrieving revision 1.51 retrieving revision 1.52 diff -u -d -r1.51 -r1.52 --- Config.pm 23 Jun 2005 20:21:07 -0000 1.51 +++ Config.pm 16 Aug 2005 15:50:09 -0000 1.52 @@ -1282,12 +1282,6 @@ $self->{'cfg'}->obj('network')->obj($network)->switches({}); } - if ($bsw) { - $self->{'cfg'}->obj('network')->obj($network)->obj('switches')->bsw($bsw); - } else { - $self->{'cfg'}->obj('network')->obj($network)->obj('switches')->bsw($bsw); - } - my $sa = []; if (ref($switches) eq "ARRAY") { $sa = $switches; @@ -1300,6 +1294,12 @@ } $self->{'cfg'}->obj('network')->obj($network)->switches(\%s); + if ($bsw) { + $self->{'cfg'}->obj('network')->obj($network)->obj('switches')->bsw($bsw); + } else { + $self->{'cfg'}->obj('network')->obj($network)->obj('switches')->delete('bsw'); + } + return 0; } Index: DB.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/DB.pm,v retrieving revision 1.52 retrieving revision 1.53 diff -u -d -r1.52 -r1.53 --- DB.pm 10 Aug 2005 19:52:15 -0000 1.52 +++ DB.pm 16 Aug 2005 15:50:09 -0000 1.53 @@ -770,7 +770,7 @@ my $sth = $self->{'dbh'}->do($sql); if ( !defined($sth) ) { - _log "ERROR", "failed to 'do': ".$self->{'dbh'}->errstr."\n"; + _log "ERROR", "failed to 'do' ($sql): ".$self->{'dbh'}->errstr."\n"; return 0; } return 1; @@ -2807,7 +2807,7 @@ =head2 clearRegister( ) -Delete all data from the register data. +Delete all data from the register and results tables. RETURNS @@ -2822,8 +2822,14 @@ my $rv = $self->{'dbh'}->do('DELETE FROM register'); if (!defined($rv)) { - _log("ERROR", "db failure ".$self->{'dbh'}->errstr); - return "db failure ".$self->{'dbh'}->errstr; + _log("ERROR", "db failure (register) ".$self->{'dbh'}->errstr); + return "db failure (register) ".$self->{'dbh'}->errstr; + } + + $rv = $self->{'dbh'}->do('DELETE FROM results'); + if (!defined($rv)) { + _log("ERROR", "db failure (results) ".$self->{'dbh'}->errstr); + return "db failure (results) ".$self->{'dbh'}->errstr; } return 1; } |
|
From: jeff m. <jef...@us...> - 2005-08-16 14:04:49
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25260 Modified Files: CHANGES install Log Message: bug fixes Index: CHANGES =================================================================== RCS file: /cvsroot/netpass/NetPass/CHANGES,v retrieving revision 1.12 retrieving revision 1.13 diff -u -d -r1.12 -r1.13 --- CHANGES 11 Aug 2005 00:04:45 -0000 1.12 +++ CHANGES 16 Aug 2005 14:04:31 -0000 1.13 @@ -176,7 +176,7 @@ mtb lots of bugs created jcm lots of bugs fixed -2005-08-10 2.0 released +2005-08-10 jcm bug fixes to appstarter. 'drop table appStarter' and re-create it according to the install.d/tables.sql definition jcm perms adjustments to ids cfg @@ -187,3 +187,12 @@ jcm installer changes: add NPAPI port to iptables.sh jcm npsvc: replace system() with fork/exec jcm bug in qc.mhtml related to someone with default:QuarAdmin perms being denied + +2005-08-16 + jcm bug fix to NetPass.pm - invalid call to setMessage() + jcm bug fix to Scan/index.mhtml - permissions problem if in both + Reports and ScanAdmin acl + jcm bug fix to ShowResults - didnt correctly display nessus scan + results + jcm bug fix to install - didnt install logrotate.d/apache logrotate.d/netpass + Index: install =================================================================== RCS file: /cvsroot/netpass/NetPass/install,v retrieving revision 1.25 retrieving revision 1.26 diff -u -d -r1.25 -r1.26 --- install 10 Aug 2005 19:52:15 -0000 1.25 +++ install 16 Aug 2005 14:04:31 -0000 1.26 @@ -1199,12 +1199,12 @@ sub installLogrotate { # apache if ($APACHE_PB_INSTALLED) { - lsystem("cp $PKGDIR/install.d/apache /etc/logrotate.d/"); + lsystem("cp $PKGDIR/install.d/logrotate.d/apache /etc/logrotate.d/"); } # netpass - lsystem("cp $PKGDIR/install.d/netpass /etc/logrotate.d/"); + lsystem("cp $PKGDIR/install.d/logrotate.d/netpass /etc/logrotate.d/"); } sub searchReplace { |
|
From: jeff m. <jef...@us...> - 2005-08-16 14:04:49
|
Update of /cvsroot/netpass/NetPass/lib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25260/lib Modified Files: NetPass.pm Log Message: bug fixes Index: NetPass.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass.pm,v retrieving revision 1.20 retrieving revision 1.21 diff -u -d -r1.20 -r1.21 --- NetPass.pm 5 Aug 2005 15:33:59 -0000 1.20 +++ NetPass.pm 16 Aug 2005 14:04:32 -0000 1.21 @@ -460,11 +460,15 @@ $self->db->audit(-mac => $mac, -ip => $ip, -msg => [ "multi-mac: at least one neighbor is BAD. we will receive msg:multi_mac" ]); - $self->db->setMessage($mac, 'msg:multi_mac'); + $self->db->addResult(-type => 'manual', + -mac => $mac, + -id => 'msg:multi_mac'); + # we return permQuar because there's really no way for # them to unquarantine themselves - there's no remediation # steps, results, etc. + return ("PQUAR", $sw, $po); } |
|
From: jeff m. <jef...@us...> - 2005-08-16 14:04:48
|
Update of /cvsroot/netpass/NetPass/www/components/Client In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25260/www/components/Client Modified Files: ShowResults Log Message: bug fixes Index: ShowResults =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/Client/ShowResults,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- ShowResults 18 May 2005 15:23:43 -0000 1.7 +++ ShowResults 16 Aug 2005 14:04:33 -0000 1.8 @@ -111,15 +111,21 @@ # if no custom message is configured, we'll print the default that # is supplied by nessus or snort. - if($info =~ /^(nessus:|snort:)$/) { - $description =~ s/\\n/\n/g; - print $q->pre($description); + if($info =~ /^(nessus:|snort:)/) { + my $msg = $np->db->getPage(-name => $info, -nohtml => 1, -npcfg => $np->cfg, + -ip => $ip); + if (!defined($msg)) { + $description =~ s/\\n/\n/g; + print $q->pre($description); + } else { + print $msg; + } } elsif($info =~ /^msg:/) { print $np->db->getPage(-name => $info, -nohtml => 1, -npcfg => $np->cfg, -ip => $ip); } - print qq{</td></tr>}; + print qq{</ul></td></tr>}; } else { my $autoexpand = ($nres <= ($np->cfg->policy(-key => 'RESULTS_EXPAND', -network =>$ip)-1)); @@ -171,15 +177,21 @@ # if no custom message is configured, we'll print the default that # is supplied by nessus or snort. - if($info =~ /^(nessus:|snort:)$/) { - $description =~ s/\\n/\n/g; - print $q->pre($description); + if($info =~ /^(nessus:|snort:)/) { + my $msg = $np->db->getPage(-name => $info, -nohtml => 1, -npcfg => $np->cfg, + -ip => $ip); + if (!defined($msg)) { + $description =~ s/\\n/\n/g; + print $q->pre($description); + } else { + print $msg; + } } elsif($info =~ /^msg:/) { print $np->db->getPage(-name => $info, -nohtml => 1, -npcfg => $np->cfg, -ip => $ip); } - print qq{</td></tr>}; + print qq{</ul></td></tr>}; } } } else { |
|
From: jeff m. <jef...@us...> - 2005-08-16 14:04:48
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin/Scan In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25260/www/htdocs/Admin/Scan Modified Files: index.mhtml Log Message: bug fixes Index: index.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/Scan/index.mhtml,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- index.mhtml 3 Aug 2005 02:44:40 -0000 1.6 +++ index.mhtml 16 Aug 2005 14:04:34 -0000 1.7 @@ -30,9 +30,10 @@ my @reqGroups = ('Admin', 'ScanAdmin', 'Reports'); my ($isReadOnly, $aclROGroups) = $m->comp('/Admin/MemberOf', 'acl' => 'Reports'); -my $readOnly = $isReadOnly ? "disabled" : ""; my ($isAdmin, $aclRWGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @reqGroups ]); +my $readOnly = (!$isAdmin && $isReadOnly) ? "disabled" : ""; + if (! $isAdmin ) { print $q->p({-class=>'error'}, "Sorry, you don't have access to this form."); |
|
From: jeff m. <jef...@us...> - 2005-08-11 00:09:14
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26580/www/htdocs/Admin Modified Files: qc.mhtml Log Message: removed debugging stuff Index: qc.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/qc.mhtml,v retrieving revision 1.24 retrieving revision 1.25 diff -u -d -r1.24 -r1.25 --- qc.mhtml 11 Aug 2005 00:04:45 -0000 1.24 +++ qc.mhtml 11 Aug 2005 00:09:06 -0000 1.25 @@ -609,8 +609,7 @@ } if ( !$isRoot && !grep(/^default$/, @$rwGroups) && !grep(/^$nw$/, @$rwGroups) && !grep(/^$netgroup$/, @$rwGroups) ) { - my $jjj = join(',', @$rwGroups); - print qq{<P class='error'>Update failed for $mac because you don't have the proper permissions for it's network ($nw, $jjj, $netgroup)</P>}; + print qq{<P class='error'>Update failed for $mac because you don't have the proper permissions for it's network ($nw or $netgroup)</P>}; next; } |
|
From: jeff m. <jef...@us...> - 2005-08-11 00:05:38
|
Update of /cvsroot/netpass/NetPass/install.d In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26092/install.d Added Files: inittab Log Message: missing file --- NEW FILE: inittab --- ## BEGIN-NETPASS # Run npsvc in runlevel 3 npsv:3:respawn:/opt/netpass/bin/npsvc.pl -m %SMTPHOST% ## END-NETPASS |
|
From: jeff m. <jef...@us...> - 2005-08-11 00:04:54
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25923 Modified Files: CHANGES Log Message: bug fix Index: CHANGES =================================================================== RCS file: /cvsroot/netpass/NetPass/CHANGES,v retrieving revision 1.11 retrieving revision 1.12 diff -u -d -r1.11 -r1.12 --- CHANGES 10 Aug 2005 19:57:27 -0000 1.11 +++ CHANGES 11 Aug 2005 00:04:45 -0000 1.12 @@ -186,3 +186,4 @@ jcm installer changes: install npsvc into inittab, configure conf file jcm installer changes: add NPAPI port to iptables.sh jcm npsvc: replace system() with fork/exec + jcm bug in qc.mhtml related to someone with default:QuarAdmin perms being denied |
|
From: jeff m. <jef...@us...> - 2005-08-11 00:04:54
|
Update of /cvsroot/netpass/NetPass/www/components/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25923/www/components/Admin Modified Files: MemberOf Log Message: bug fix Index: MemberOf =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/Admin/MemberOf,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- MemberOf 20 Apr 2005 20:57:19 -0000 1.3 +++ MemberOf 11 Aug 2005 00:04:45 -0000 1.4 @@ -26,7 +26,7 @@ <%perl> my $D = 0; - if (0) { + if (0) { #$m->session->{'username'} eq "jefftest") { $D = 1; use Data::Dumper; |
|
From: jeff m. <jef...@us...> - 2005-08-11 00:04:54
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25923/www/htdocs/Admin Modified Files: qc.mhtml Log Message: bug fix Index: qc.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/qc.mhtml,v retrieving revision 1.23 retrieving revision 1.24 diff -u -d -r1.23 -r1.24 --- qc.mhtml 3 Jun 2005 15:13:20 -0000 1.23 +++ qc.mhtml 11 Aug 2005 00:04:45 -0000 1.24 @@ -608,8 +608,9 @@ next; } - if ( !$isRoot && !grep(/^$nw$/, @$rwGroups) && !grep(/^$netgroup$/, @$rwGroups) ) { - print qq{<P class='error'>Update failed for $mac because you don't have the proper permissions for it's network ($nw)</P>}; + if ( !$isRoot && !grep(/^default$/, @$rwGroups) && !grep(/^$nw$/, @$rwGroups) && !grep(/^$netgroup$/, @$rwGroups) ) { + my $jjj = join(',', @$rwGroups); + print qq{<P class='error'>Update failed for $mac because you don't have the proper permissions for it's network ($nw, $jjj, $netgroup)</P>}; next; } |
|
From: jeff m. <jef...@us...> - 2005-08-10 20:25:39
|
Update of /cvsroot/netpass/NetPass-Snort/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15456/lib/NetPass Modified Files: Snort.pm Log Message: sync version to netpass core version Index: Snort.pm =================================================================== RCS file: /cvsroot/netpass/NetPass-Snort/lib/NetPass/Snort.pm,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -d -r1.1.1.1 -r1.2 --- Snort.pm 10 Aug 2005 20:14:50 -0000 1.1.1.1 +++ Snort.pm 10 Aug 2005 20:25:31 -0000 1.2 @@ -28,7 +28,7 @@ use File::Copy "move"; use vars qw($VERSION); -$VERSION = '0.01'; +$VERSION = '2.00'; my $DEFAULTSNORTRULES = "/opt/snort/etc/snort.rules"; my $DEFAULTSNORTBPF = "/opt/snort/etc/pcaprules.txt"; |
|
From: jeff m. <jef...@us...> - 2005-08-10 20:04:08
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv10835/bin Modified Files: npsvc.pl Log Message: bug fixes Index: npsvc.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/npsvc.pl,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- npsvc.pl 10 Aug 2005 19:57:27 -0000 1.4 +++ npsvc.pl 10 Aug 2005 20:03:57 -0000 1.5 @@ -37,6 +37,7 @@ use FileHandle; use Net::SMTP; use Data::Dumper; +use POSIX; use lib qw(/opt/netpass/lib); use RUNONCE; |
|
From: jeff m. <jef...@us...> - 2005-08-10 19:57:35
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv9643 Modified Files: CHANGES Log Message: bug fixes Index: CHANGES =================================================================== RCS file: /cvsroot/netpass/NetPass/CHANGES,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- CHANGES 10 Aug 2005 19:52:15 -0000 1.10 +++ CHANGES 10 Aug 2005 19:57:27 -0000 1.11 @@ -177,6 +177,12 @@ jcm lots of bugs fixed 2005-08-10 2.0 released - jcm bug fixes to appstarter + jcm bug fixes to appstarter. 'drop table appStarter' and re-create it according + to the install.d/tables.sql definition jcm perms adjustments to ids cfg jcm bug fix in netpass.pm validate code + jcm auth methods bug fix + jcm netpass startup script changes + jcm installer changes: install npsvc into inittab, configure conf file + jcm installer changes: add NPAPI port to iptables.sh + jcm npsvc: replace system() with fork/exec |
|
From: jeff m. <jef...@us...> - 2005-08-10 19:57:35
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv9643/bin Modified Files: npsvc.pl Log Message: bug fixes Index: npsvc.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/npsvc.pl,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- npsvc.pl 10 Aug 2005 19:52:15 -0000 1.3 +++ npsvc.pl 10 Aug 2005 19:57:27 -0000 1.4 @@ -179,23 +179,31 @@ return; } - _log("DEBUG", qq{exec'ing as $as cmd "$cmd"\n}) if $D; + _log("DEBUG", qq{forking to exec as $as cmd "$cmd"\n}) if $D; my $child = fork; - return if ($child); # parent + return if (defined($child) && ($child > 0)); # parent - open STDIN, '/dev/null'; - open STDOUT, '>/dev/null'; - setsid; + #open STDIN, '/dev/null'; + #open STDOUT, '>/dev/null'; + setsid or _log("WARN", "$$ child failed to setsid $!\n"); - if (setgid($gid)) { - _log("ERROR", "child $$ failed to setgid($gid) $!\n"); + _log("DEBUG", "$$ inchild change to uid=$uid gid=$gid\n"); + + my $rv = setgid($gid); + + unless ($rv) { + _log("ERROR", "$$ child failed to setgid($gid) rv=$rv err=$!\n"); exit 0; } - if (setuid($uid)) { - _log("ERROR", "child $$ failed to setuid($uid) $!\n"); + $rv = setuid($uid); + unless ($rv) { + _log("ERROR", "$$ child failed to setuid($uid) rv=$rv err=$!\n"); exit 0; } - exec($cmd); + { + _log("DEBUG", qq{$$ in child. calling exec\n}) if $D; + exec($cmd); + } _log("ERROR", "child $$ failed to exec($cmd) $!\n"); exit 0; } |
|
From: jeff m. <jef...@us...> - 2005-08-10 19:52:27
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin/Scan In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8611/www/htdocs/Admin/Scan Modified Files: ids.mhtml Log Message: bug fixes Index: ids.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/Scan/ids.mhtml,v retrieving revision 1.10 retrieving revision 1.11 diff -u -d -r1.10 -r1.11 --- ids.mhtml 3 Aug 2005 20:37:36 -0000 1.10 +++ ids.mhtml 10 Aug 2005 19:52:16 -0000 1.11 @@ -100,7 +100,7 @@ <%perl> -my @rwGroups = ('Admin', 'QuarAdmin'); +my @rwGroups = ('Admin', 'ScanAdmin'); my @roGroups = ('Reports'); my $readOnly = "disabled"; my @aclGroups = (); |
|
From: jeff m. <jef...@us...> - 2005-08-10 19:52:24
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8611/www/htdocs/Admin Modified Files: auth.mhtml greset.mhtml Log Message: bug fixes Index: auth.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/auth.mhtml,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- auth.mhtml 3 Aug 2005 02:44:39 -0000 1.7 +++ auth.mhtml 10 Aug 2005 19:52:16 -0000 1.8 @@ -41,11 +41,12 @@ $m->comp('/Admin/LockConfig', 'enableWhenLocked' => [ 'submitButton' ], 'init' => 0); my $lstat = $np->db->isConfigLocked(); - +</%perl> Radius and LDAP servers are shared. If you select Radius for both Client and Admin authentication, you will see two "Radius Server" configuration areas, but they both refer to the same information. So if you add a Radius server to one, it will -appear in both. +appear in both.<P> +<%perl> if ($submitButton eq "Commit Changes") { _log("DEBUG", "$whoami is changing system auth settings\n"); Index: greset.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/greset.mhtml,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- greset.mhtml 3 Aug 2005 02:44:39 -0000 1.4 +++ greset.mhtml 10 Aug 2005 19:52:16 -0000 1.5 @@ -39,9 +39,11 @@ <%perl> -my ($isRoot, $junk) = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); +my ($isRoot, $junk) = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); +my $isRW; +($isRW, $junk) = $m->comp('/Admin/MemberOf', 'acl' => [ 'QuarAdmin' ], 'group' => 'default'); -if (! $isRoot ) { +if (! $isRoot && ! $isRW ) { print $q->p({-class=>'error'}, "Sorry, you don't have access to this form.<P>"); return; } |
|
From: jeff m. <jef...@us...> - 2005-08-10 19:52:24
|
Update of /cvsroot/netpass/NetPass/install.d In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8611/install.d Modified Files: install-ipvs.sh iptables.sh pages.sql tables.sql Added Files: sysctl.conf Log Message: bug fixes Index: iptables.sh =================================================================== RCS file: /cvsroot/netpass/NetPass/install.d/iptables.sh,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- iptables.sh 17 Mar 2005 17:38:38 -0000 1.3 +++ iptables.sh 10 Aug 2005 19:52:15 -0000 1.4 @@ -93,6 +93,9 @@ #TRAP iptables -t nat -A PREROUTING -j ACCEPT -s $i -p udp --dport 162 #TRAP done +#API for i in %APICLIENTS% %NETPASSSERVERS% ; do +#API iptables -t nat -A PREROUTING -j ACCEPT -s $i -p tcp --dport 20003 +#API done # allow the netpass servers to talk to each other via mysql # 1186 = mysql cluster manager @@ -109,7 +112,7 @@ #### PUT CUSTOM RULES HERE #### #### SEE BELOW ALSO #### #### you'll also need to -#### add to the INPUT rules +#### add to the INPUT rules (further below) # allow adsm iptables -t nat -A PREROUTING -p tcp --dport 1500:1505 -s 128.205.7.80/32 -j ACCEPT @@ -163,6 +166,7 @@ iptables -A INPUT -p tcp --dport 1186 -j ACCEPT # MYSQL MGT iptables -A INPUT -p tcp --dport 2202 -j ACCEPT # MYSQL NDB iptables -A INPUT -p tcp --dport 3306 -j ACCEPT # MYSQL SRV +iptables -A INPUT -p tcp --dport 20003 -j ACCEPT # NPAPI #iptables -A INPUT -d 224.0.0.0/4 -j ACCEPT --- NEW FILE: sysctl.conf --- ## BEGIN-NETPASS # these settings allow for the netpass server to # handle up to 16384 clients net.ipv4.neigh.default.gc_thresh3 = 16384 net.ipv4.neigh.default.gc_thresh2 = 8192 net.ipv4.neigh.default.gc_thresh1 = 4096 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 3 ## END-NETPASS Index: tables.sql =================================================================== RCS file: /cvsroot/netpass/NetPass/install.d/tables.sql,v retrieving revision 1.17 retrieving revision 1.18 diff -u -d -r1.17 -r1.18 --- tables.sql 18 Jul 2005 13:23:31 -0000 1.17 +++ tables.sql 10 Aug 2005 19:52:15 -0000 1.18 @@ -193,6 +193,7 @@ action ENUM('start', 'stop', 'restart'), actionAs VARCHAR(16), status ENUM('pending', 'completed'), + serverid VARCHAR(128), PRIMARY KEY (rowid) ) ENGINE=NDBCLUSTER; Index: install-ipvs.sh =================================================================== RCS file: /cvsroot/netpass/NetPass/install.d/install-ipvs.sh,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- install-ipvs.sh 4 Aug 2005 06:45:24 -0000 1.4 +++ install-ipvs.sh 10 Aug 2005 19:52:15 -0000 1.5 @@ -50,9 +50,12 @@ EOF cat <<EOF >>/etc/modprobe.conf -options ip_conntrack hashsize=1048576 # 512 MB RAM -#options ip_conntrack hashsize=2097152 # 1024 MB RAM -#options ip_conntrack hashsize=4194304 # 2048 MB RAM +# 512 MB RAM +options ip_conntrack hashsize=1048576 +# 1024 MB RAM +#options ip_conntrack hashsize=2097152 +# 2048 MB RAM +#options ip_conntrack hashsize=4194304 EOF /sbin/ipvsadm-save > /etc/sysconfig/ipvsadm @@ -62,4 +65,19 @@ up2date --nox -i perl-Digest-HMAC +cat <<EOF + +Edit /etc/modprobe.conf and adjust the hashsize line according to +how much memory this system has. + +Edit /etc/iptables.sh and adjust the local system rules section +and then execute: + + # /etc/iptables.sh + # /etc/init.d/iptables save + +to make the rules active. + +EOF + exit 0 Index: pages.sql =================================================================== RCS file: /cvsroot/netpass/NetPass/install.d/pages.sql,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- pages.sql 17 May 2005 20:34:27 -0000 1.2 +++ pages.sql 10 Aug 2005 19:52:15 -0000 1.3 @@ -1,23 +1,48 @@ --- MySQL dump 8.23 +-- MySQL dump 10.9 -- -- Host: localhost Database: netpass ---------------------------------------------------------- --- Server version 4.0.21-log +-- ------------------------------------------------------ +-- Server version 4.1.13-max + +/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; +/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; +/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; +/*!40101 SET NAMES utf8 */; +/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; +/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; +/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; +/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; -- -- Table structure for table `pages` -- -CREATE TABLE pages ( - name varchar(128) NOT NULL default '', - content text, - PRIMARY KEY (name) -) TYPE=MyISAM; +DROP TABLE IF EXISTS `pages`; +CREATE TABLE `pages` ( + `rowid` int(10) unsigned NOT NULL auto_increment, + `network` varchar(128) NOT NULL default 'default', + `name` varchar(128) NOT NULL default '', + `content` text, + PRIMARY KEY (`rowid`), + UNIQUE KEY `pages_idx1` (`name`,`network`) +) ENGINE=ndbcluster DEFAULT CHARSET=latin1; -- -- Dumping data for table `pages` -- -INSERT INTO pages (name, content) VALUES ('msg:welcome','\r\n<html><head></head><body><p>UB NetPass is a safety inspection program for student computers in ResNet. UB NetPass scans your computer for viruses, worms, and other vulnerabilities. Like a vehicle inspection program, your computer must pass before you are granted access to UB\'s network and the Internet.</p><p>If your computer fails inspection, you will be presented with instructions to help you correct any problems. Once you have corrected the problems identified by UB NetPass, you can have your computer re-scanned.</p><p><strong>You must have cookies enabled to use UB NetPass.</strong></p><!-- #BeginLibraryItem \"/Library/contact info.lbi\" --><p>If you do not understand this message or are having difficulty using UB NetPass, assistance is available from the CIT Help Desk. Professional repair and vulnerability remediation services are available from UBMicro.</p><table cellpadding=\"2\" border=\"0\"><caption>Contact Information </caption><tbody><tr><th scope=\"col\">CIT Help Desk</th><th scope=\"col\">UBMicro</th></tr><tr><td align=\"center\">255 Fronczak Hall<br />716-645-3542</td><td align=\"center\">109 The Commons<br />716-645-3554</td></tr></tbody></table><!-- #EndLibraryItem --><p>Please read the acceptable use policy, enter your UBITName and password and click the button to start the scan. </p></body></html>'),('msg:eula','\r\n<html><head></head><body><h2>UB ResNet Acceptable Use Policy</h2><h3>Conditions of Use</h3><p>To provide the highest quality access to information technologies, University Residence Halls & Apartments (URHA) and Computing & Information Technology (CIT) maintain a computing network that can connect each resident\'s personal computer to the Internet. This computing network is called ResNet. <br /></p><p>ResNet users are responsible for all network traffic originating from their computers. This includes, but is not limited to: email, Internet browsing, file transfers, and connections to other machines. </p><p>ResNet users are required to follow all University, Computing & Information Technology (CIT) and University Residence Halls rules and policies.<br /></p><p>As a condition of use, to initially connect to ResNet residents must ensure that their computer(s) present no identifiable risk to the network, i.e. the computer has anti-virus software installed and up-to-date critical operating system updates applied.<br /></p><p>At any time that there is credible evidence that a ResNet attached computer has become a risk to the network, ResNet access will be denied and the resident will be required to re-certify the computer\'s safe operation at his/her expense.<br /></p><p>Additionally, ResNet users must be aware that: </p><ol><li>ResNet must be used in accordance with all Copyright laws. This includes, but is not limited to, refraining from using your computer in a way that would violate those laws such as operating pirated software or MP3 servers. </li><li>URHA communication services, wiring and other hardware may not be modified or tampered with in any way. This includes attempting to extended the network beyond the area of its intended use (for example: Installing a hub or Remote Access Server). </li><li>ResNet must be used in accordance with URHA policies on Business Activity. It can not be used to post advertisements for personal business, or for the sale of products or services for commercial gain. </li><li>Harassment of other users, by any method, will not be tolerated. </li><li>ResNet can not be used to misrepresent or hide your personal identity. (for example: email sent from a fake address, or from any address that is not yours) </li></ol><p>Violating any of these conditions may result in: Suspension or loss of ResNet usage privilege, expulsion from University Residence Halls, discipline from other university bodies such as the Student Judiciary, criminal charges. Damage or theft of ResNet wiring or hardware is the financial responsibility of the residence members. If responsibility is traced to any individual or particular group of individuals, then they will be held personally responsible for the theft or damage. </p><p>ResNet users are also expected to be responsible network citizens. ResNet is a shared resource and as such, users should refrain from using any application which may interfere with the use of the network by others.</p><p>Think of your personal computer as your computing home. It is advisable to "lock the front door" so that people can not use your machine without your supervision. Using a power-on password, or a screen saver password are good ways to control access to both the information on your computer, and your computer\'s access to ResNet.</p></body></html>'),('msg:10024','<html><head></head><body>\r\n<h3>Problem: BackOrifice was found</h3>\r\n<h3>Description</h3>\r\n<p>BackOrifice<!-- #BeginLibraryItem \"/Library/is an app.lbi\" -->\r\nis an application that is designed to give unauthorized users full control over your computer. It is usually installed without the knowledge or permission of the computer\'s owner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem --></p>\r\n<h3>Solution</h3><!-- #BeginLibraryItem \"/Library/reinstall.lbi\" -->\r\nExperts recommend a complete operating system reinstall. UB recommends you have this performed by a professional. Professional repair and vulnerability remediation services are available from UBMicro.<!-- #EndLibraryItem --></body></html>'),('msg:10036','\r\n<html><head></head><body>\r\n<h3>Problem: CDK Detect was found</h3>\r\n<h3>Description</h3>\r\nCDK Detect<!-- #BeginLibraryItem \"/Library/is an app.lbi\" -->\r\nis an application that is designed to give unauthorized users full control over your computer. It is usually installed without the knowledge or permission of the computer\'s owner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem --><h3>Solution</h3>\r\n<p><!-- #BeginLibraryItem \"/Library/reinstall.lbi\" -->\r\nExperts recommend a complete operating system reinstall. UB recommends you have this performed by a professional. Professional repair and vulnerability remediation services are available from UBMicro.<!-- #EndLibraryItem --></p>\r\n</body></html>'),('msg:10390','\r\n<html><head></head><body><h3>Problem: mstream agent was found</h3>\r\n<h3>Description</h3>\r\nThe mstream agent <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<p><!-- #BeginLibraryItem \"/Library/no known.lbi\" --> No known removal instructions\r\n are available. Please try scanning your computer using Symantec AntiVirus\r\nsoftware. <!-- #EndLibraryItem --></p>\r\n</body></html>'),('msg:10391','\r\n<html><head></head><body><h3>Problem: mstream handler was found</h3>\r\n<h3>Description</h3>\r\nThe mstream handler <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/no known.lbi\" -->No known removal instructions\r\nare available. Please try scanning your computer using your antivirus software. <!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10309','\r\n<html><head>\r\n</head><body><h3>Problem: Wingate was found</h3>\r\n<h3>Description</h3>\r\nWhen Wingate is installed and configured with a blank password,\r\nother computers can establish an Internet connection\r\nthrough the Wingate computer. This allows the second computer to hide its Internet\r\nconnection. Anything the second computer does on the Internet will look like\r\nit was done by the Wingate computer, possibly stealing your Internet "identity." \r\n\r\n<h3>Solution</h3>\r\n\r\n<p><strong>For Wingate 4.0:</strong></p>\r\n<ol>\r\n<li>Double-click the Wingate icon in the system tray (near the clock). </li>\r\n<li>Click "OK" to login without a password. </li>\r\n<li>The following screen should be a change password window. In it enter a new, strong password. </li>\r\n</ol>\r\n<p><strong>For Wingate 6.0:</strong></p>\r\n<ol>\r\n<li>Open the "Gatekeeper" module on the Wingate Server. </li>\r\n<li>Click the "Users" tab and configure individual users from there. </li>\r\n</ol></body></html>'),('msg:10307','\r\n<html><head></head><body><h3>Problem: An instance of the Trin00 for Windows "agent" was found to be running and accepting connections on your computer.</h3><h3>Description</h3>The Trin00 for Windows "agent" <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem --><!-- #BeginLibraryItem \"/Library/verify removal.lbi\" -->\r\n<p><strong>Verify Removal</strong></p>\r\n<p>If Symantec reports finding an infected file, take note of the filename and\r\n verify its deletion by checking the following registry key:<br />\r\n HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run </p>\r\n<ol>\r\n <li>Click on the "Start" menu. </li>\r\n <li>Click "Run." </li>\r\n <li>Type "regedit" and press ENTER. </li>\r\n <li>In the registry editor click on the "File" (or "Registry")\r\n menu. </li>\r\n <li>Click "Export." </li>\r\n <li>Click "All" underneath where it says "Export Range." </li>\r\n <li>Enter a filename into the filename field. (ex: "reg backup") </li>\r\n <li>Click "Save." </li>\r\n <li>Expand the "HKEY_LOCAL_MACHINE" folder. </li>\r\n <li>Expand the "SOFTWARE" folder, then the "Microsoft," "Windows," and "CurrentVersion" folders. </li>\r\n <li>Click on the "Run" folder. </li>\r\n <li>In the right-hand window, the name/data pair for the name of the infected\r\n file will appear under the Name and Data sections, respectively. (ex: Name: "infectedfile" Data: "infectedfile.exe") </li\r\n>\r\n <li>Highlight the name of the infected file by clicking on it and press the\r\n DELETE key. </li>\r\n <li>Click "Yes" to delete. </li>\r\n</ol>\r\n<p>If your computer appears to still be infected after the scan a full reformat\r\n may be necessary.<!-- #BeginLibraryItem \"/Library/reinstall.lbi\" --> Experts\r\n recommend a complete operating system reinstall. UB recommends you have this\r\n performed by a professional. Professional repair and vulnerability remediation\r\n services are available from UBMicro.<!-- #EndLibraryItem --></p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10288','\r\n<html><head></head><body><h3>Problem: Trin00 "agent" was found</h3>\r\n<h3>Description</h3>\r\nThe Trin00 "agent" <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10283','\r\n<html><head></head><body><h3>Problem: TFN "agent" was found</h3>\r\n<h3>Description</h3>The TFN "agent" <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\nare available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10270','\r\n<html><head></head><body><h3>Problem: Stacheldraht "agent" was found</h3>\r\n<h3>Description</h3>The Stacheldraht "agent" <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10203','\r\n<html><head></head><body><h3>Problem: rexecd server process was found</h3>\r\n<h3>Description</h3>Rexec is a daemon that allows code to be executed on the host computer by remote users, very often without requiring authentication. Because of this, the rexec server is thought to be highly insecure and unnecessary. It is also quite often the means by which intruders gain access to computers. <h3>Solution</h3>\r\n\r\n<p>It is generally recommended that users disable the rexec daemon, which will prevent from running in the future.</p>\r\n<ol><li>Use your preferred text editor to open /etc/inetd.conf. </li><li>Locate the rexecd line, which should look something like the following:<br />exec stream tcp nowait root /usr/lbin/rexecd rexecd </li><li>Place a hash/pound ("#") before the line to comment it out. </li><li>Save the inetd.conf file. </li><li>Locate the PIDs for any rexecd processes running by typing:<br />\r\nps aux | grep rexecd </li>\r\n <li>For all of the PIDs type:<br />kill HUP pid</li></ol></body></html>'),('msg:10166','\r\n<html><head></head><body>\r\n<h3>Problem: Anonymous FTP server</h3>\r\n<h3>Description</h3>\r\nAnonymous accounts are frequently targeted by hackers and viruses seeking to\r\nobtain unauthorized access to your computer. Your computer is running an FTP\r\nserver with an anonymous account and may be vulnerable to unauthorized remote\r\naccess.\r\n<h3>Solution</h3>You should disable all guest accounts that exist on your system, even if this disables the FTP service. </body></html>'),('msg:10147','\r\n<html><head></head><body>\r\n<h3>Problem: Nessus daemon ports were found</h3>\r\n<h3>Description</h3>The Nessus daemon allows remote users the ability to make the server scan other computers. The remote user must first have a valid username and password or valid public/private key. Howerver, should the Nessus server ever be found to be vulnerable, the Nessus server running on your computer would allow the vulnerability to be exploited. \r\n\r\n<h3>Solution</h3>\r\n\r\n<p>Removal/Remediation Steps: There are two means of resolving this vulnerability, both of which are recommended. Choose only one. </p><ol><li>Change the ports to which the that the Nessus daemon listens. </li><li>Block the ports to which you have Nessus listening. This can be done with ipchains (2.4x Linux kernel) or iptables (2.2x Linux kernel). </li></ol></body></html>'),('msg:10524','\r\n<html><head></head><body>\r\n<h3>Problem: Windows 95/98/ME SMB password verification vulnerability</h3>\r\n<h3>Description</h3>\r\nThis vulnerability will allow any unauthorized user to access the Windows 95/98/ME\r\nfile shared service with password protection. \r\n<h3>Solution</h3>\r\nDownload and update Windows with the appropriate patch: \r\n<ul>\r\n <li><a href=\"http://download.microsoft.com/download/win95/Update/11958/W95/EN-US/273991USA5.EXE\">Windows 95</a></li>\r\n <li><a href=\"http://download.microsoft.com/download/win98SE/Update/11958/W98/EN-US/273991USA8.EXE\">Windows\r\n 98</a></li>\r\n <li><a href=\"http://download.microsoft.com/download/winme/Update/11958/WinMe/EN-US/273991USAM.EXE\">Windows\r\n ME</a><br />\r\n </li>\r\n</ul>\r\n</body></html>'),('msg:10668','\r\n<html><head></head><body><h3>Problem: Windows Index Server vulnerability</h3><h3>Description</h3>\r\nYour computer is not patched for a Windows Index Server vulnerability. \r\n<p>There is a buffer overflow vulnerability in the Index Server 2.0 function\r\n to process a search request. Using this unchecked buffer, an attacker would\r\n be able to have the computer execute unauthorized and possibly malicious code\r\n in the Local System security context. This could compromise the machine and/or\r\n the network even further. </p>\r\n<h3>Solution</h3>\r\nDownload and install the following patch from Microsoft. \r\n<ol>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29660\">Index Server 2.0 Buffer overflow</a></li>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29631\">Index\r\n Server 2.0 "Malformed Hit-Highlighting" vulnerability</a></li>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29561\">Indexing Service for Windows 2000 Pro, Windows 2000 Server and Windows 2000 Advanced Server</a><br />\r\n </li>\r\n</ol>\r\n<h3> </h3>\r\n</body></html>'),('msg:10132','<html><head></head><body>\r\n<h3>Problem: Kuang2 virus was found.</h3>\r\n<h3>Description</h3>\r\n<p>The Kuang2 virus infects all .exe files on the computer.<!-- #BeginLibraryItem \"/Library/server unauth.lbi\" -->\r\nIt installs a server that is designed to give unauthorized users full control over your computer.<!-- #EndLibraryItem --></p>\r\n<h3>Solution</h3>\r\n\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem --><!-- #BeginLibraryItem \"/Library/verify removal.lbi\" -->\r\n<p><strong>Verify Removal</strong></p>\r\n<p>If Symantec reports finding an infected file, take note of the filename and\r\n verify its deletion by checking the following registry key:<br />\r\n HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run </p>\r\n<ol>\r\n <li>Click on the "Start" menu. </li>\r\n <li>Click "Run." </li>\r\n <li>Type "regedit" and press ENTER. </li>\r\n <li>In the registry editor click on the "File" (or "Registry")\r\n menu. </li>\r\n <li>Click "Export." </li>\r\n <li>Click "All" underneath where it says "Export Range." </li>\r\n <li>Enter a filename into the filename field. (ex: "reg backup") </li>\r\n <li>Click "Save." </li>\r\n <li>Expand the "HKEY_LOCAL_MACHINE" folder. </li>\r\n <li>Expand the "SOFTWARE" folder, then the "Microsoft," "Windows," and "CurrentVersion" folders. </li>\r\n <li>Click on the "Run" folder. </li>\r\n <li>In the right-hand window, the name/data pair for the name of the infected\r\n file will appear under the Name and Data sections, respectively. (ex: Name: "infectedfile" Data: "infectedfile.exe") </li\r\n>\r\n <li>Highlight the name of the infected file by clicking on it and press the\r\n DELETE key. </li>\r\n <li>Click "Yes" to delete. </li>\r\n</ol>\r\n<p>If your computer appears to still be infected after the scan a full reformat\r\n may be necessary.<!-- #BeginLibraryItem \"/Library/reinstall.lbi\" --> Experts\r\n recommend a complete operating system reinstall. UB recommends you have this\r\n performed by a professional. Professional repair and vulnerability remediation\r\n services are available from UBMicro.<!-- #EndLibraryItem --></p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10093','\r\n<html><head>\r\n</head><body>\r\n<h3>Problem: GateCrasher server found</h3>\r\n<h3>Description</h3>GateCrasher<!-- #BeginLibraryItem \"/Library/is an app.lbi\" -->\r\nis an application that is designed to give unauthorized users full control over your computer. It is usually installed without the knowledge or permission of the computer\'s owner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem --><h3>Solution</h3>\r\n<p>Remove GateCrasher</p> \r\n<ol>\r\n<li>Click "Start." </li>\r\n<li>Click "Run." </li>\r\n<li>Type "cmd" and press ENTER. </li>\r\n<li>In the command window, type "telnet localhost 6969" and press ENTER. </li>\r\n<li>At the prompt, type "gatecrasher" and press ENTER. </li>\r\n<li>Type "uninstall" and press ENTER. </li>\r\n</ol>\r\n<p>Verify removal by checking the following registry key:<br />\r\n HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/"Explore" = "Explore.exe"</p>\r\n<p>Removal Verification</p>\r\n<ol>\r\n<li>Click on the "Start" menu. </li>\r\n<li>Click "Run." </li>\r\n<li>Type "regedit" and press ENTER. </li>\r\n<li>In the registry editor click on the "File" (or "Registry") menu. </li>\r\n<li>Click "Export." </li>\r\n<li>Click "All" underneath where it says "Export Range." </li>\r\n<li>Enter a filename into the filename field. (ex: "reg backup") </li>\r\n<li>Click "Save." </li>\r\n<li>Expand the "HKEY_LOCAL_MACHINE" folder. </li>\r\n<li>Expand the "SOFTWARE" folder, then the "Microsoft," "Windows," and "CurrentVersion" folders. </li>\r\n<li>Click on the "Run" folder. </li>\r\n<li>In the right-hand window, the name/data pair "Explore" and "Explore.exe" will appear under the Name and Data sections, respectively. </li>\r\n<li>Highlight "Explore" by clicking on it and press the DELETE key. </li>\r\n<li>Click "Yes" to delete. </li>\r\n</ol></body></html>\r\n'),('msg:10079','\r\n<html><head></head><body>\r\n<h3>Problem: Anonymous IIS FTP account</h3>\r\n<h3>Description</h3>\r\nAnonymous accounts are frequently targeted by hackers and viruses seeking to obtain unauthorized access to your computer. Your computer is running an FTP server with an anonymous account and may be vulnerable to unauthorized remote access.\r\n<h3>Solution</h3>\r\n<p>Disable the anonymous IIS FTP account:</p>\r\n<ol>\r\n<li>From within the IIS Manager, right-click the FTP site. Next, click on the directory, and then the virtual directory or file. \r\nClick "Properties." </li>\r\n<li>Click the "Security Accounts" tab. </li>\r\n<li>Uncheck the "Allow Anonymous Connections" checkbox. </li>\r\n</ol>\r\n\r\nWindows NT 4.0 Users: If the latest Windows Update Service Pack has not been installed on your computer, anonymous access \r\nmay be available even with the anonymous logon disabled. Download the latest Service Packs and all Critical \r\nUpdates from <a href=\"http://windowsupdate.microsoft.com/\">Microsoft Windows Update</a>. You may be instructed to restart \r\nyour computer several times in order to apply all Security Updates and Service Packs. For further help and instructions \r\non using windows update, go to: <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Windows Update \r\nDocumentation </a>\r\n</body></html>'),('msg:11835','\r\n<html><head></head>\r\n<body><h3>Problem: Windows RPC service vulnerability</h3><h3>Description</h3>RPC (Remote Procedure Call) allows commands to be executed on your computer remotely. This usually requires authentication by legitimate users. However, a vulnerability has been discovered that allows commands to be executed through a buffer overflow attack without any authentication. Please note that there have been several other vulnerabilities discovered in the Windows RPC service, and that this is not the one being exploited by the Blaster worm <h3>Solution</h3><ol><li>Click "Start." </li><li>Click "Control Panel."<br />If using the Classic View, click the "Switch to Category View" link on the left side. </li><li>Click "Network and Internet Connections." </li><li>Click "Network Connections." </li><li>Right-click "Local Area Connection", then click "properties."<br /> </li><li>Click the "Advanced" tab. </li><li>Click the checkbox labeled "Protect my computer and network by limiting or preventing access to this computer from the Internet." </li><li>Click "OK." </li></ol><p><!-- #BeginLibraryItem \"/Library/MS Update.lbi\" -->Please update Windows at <a href=\"http://windowsupdate.microsoft.com/\">Microsoft Windows Update</a> and apply all Critical Updates and Service Packs. You may be instructed to restart your computer several times in order to apply all Security Updates and Service Packs. For further help and instructions on using windows update, go to the <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Microsoft Windows Update documentation page</a> <!-- #EndLibraryItem --></p><!-- #BeginLibraryItem \"/Library/antivirus.lbi\" --><p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available on your TechTools CD or via download from the TechTools Software Download site for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>. The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p><h3>Attention WinXP SP2 Users</h3><p>If you have installed Windows XP Service Pack 2 please enable Windows Firewall:</p><ol><li>Click "Start." </li><li>Click "Control Panel." </li><li>Click the "Security Center." </li><li>Under "Manage security settings for" click "Windows Firewall." </li><li>Click the radio button labeled "On (Recommended)." </li><li>Click "OK."</li></ol><!-- #EndLibraryItem -->\r\n</body></html>'),('msg:12114','\r\n<html><head></head><body><h3>Problem: Outdated ISS BlackICE</h3><h3>Description</h3>\r\n<p>An outdated version of ISS BlackICE was found on your computer. Vulnerabilities\r\n are found for security products on a regular basis. It is \r\n recommended that outdated software be updated as soon as new versions are available.\r\n Continuing to run outdated versions of security products can expose your computer\r\n to \r\n intruders and viruses that are capable of exploiting the vulnerabilities that\r\n the new \r\n versions may correct.\r\n</p>\r\n<h3>Solution</h3>\r\n<p><a href=\"http://blackice.iss.net/update_center/\">Download and install</a> the\r\n latest update for the version of ISS BlackICE on your computer. \r\n</p>\r\n</body></html>'),('msg:test','\r\n<html><head></head>\r\n<body>test<br />\r\n</body></html>'),('msg:multi_mac','\r\n<html><head></head>\r\n<body style=\"visibility: visible;\"><p>This computer has successfully completed UB NetPass registration, but UB NetPass has determined that there is an unregistered or quarantined device sharing this port.</p><p>You may have received this message if:</p><ul><li>you have <strong>a switch or hub and another computer</strong> plugged into the switch or hub has not successfully registered or is quarantined. Scan all computers attached to your network port to successfully complete UB NetPass registration.</li><li>you have a <strong>Playstation</strong> or <strong>Microsoft X-Box</strong> plugged into your switch or hub. Please contact the <a href=\"http://helpdesk.buffalo.edu\">CIT Help Desk</a>.</li><li>you have a <strong>wireless network</strong> connection on your computer and it is bridged. Please <a href=\"http://wings.buffalo.edu/computing/documentation/win/XPBridges.htm\">disable the bridge</a>.</li><li>you have a <strong>Firewire port</strong> and Windows XP has bridged the connection. Please <a href=\"http://wings.buffalo.edu/computing/documentation/win/XPBridges.htm\">disable the bridge</a>.</li></ul><p>If you unplug the network cable of the quarantined or not registered computer it may take up to 5 minutes until your access is restored.</p><p>If you do not understand this message or are having difficulty using UB NetPass, assistance is available from the CIT Help Desk. Professional repair and vulnerability remediation services are available from UBMicro.</p><table cellpadding=\"2\" border=\"0\"><caption>Contact Information </caption><tbody><tr><th scope=\"col\">CIT Help Desk</th><th scope=\"col\">UBMicro</th></tr><tr><td align=\"center\">225 Fronczak Hall<br />716-645-3542</td><td align=\"center\">109 The Commons<br />716-645-3554</td></tr></tbody></table><!-- #EndLibraryItem --><p> </p>\r\n</body></html>'),('msg:scan_completed','\r\n<html><head></head><body><h2><p>Click Continue to view scan results.</p></h2></body></html>'),('msg:you_passed','\r\n<html><head></head><body><h2>This computer has successfully completed UB NetPass registration.</h2><p>We have not detected any vulnerabilities on your computer. You will be able to connect to the Internet in a few moments.</p><p><strong>Important note:</strong> UB NetPass cannot detect vulnerabilities if you have a firewall enabled.</p><p>You will be prompted for your UBITName and password by the UB ResNet firewall before you can connect to the Internet.</p><p><a href=\"$original_destination\">Click here to proceed to $original_destination</a> </p></body></html>'),('msg:being_scanned','\r\n<html><head></head><body><h2>Scanning</h2><p>UB NetPass is scanning your computer for vulnerabilities. The scan may take several minutes.</p></body></html>'),('msg:10409','\r\n<html><head></head><body><h3>Problem: SubSeven was found</h3>\r\n<h3>Description</h3>\r\nSubSeven <!-- #BeginLibraryItem \"/Library/is an app.lbi\" --> is an application\r\nthat is designed to give unauthorized users full control over your computer.\r\nIt is usually installed without the knowledge or permission of the computer\'s\r\nowner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:10646','\r\n<html><head></head><body>\r\n<h3>Problem: Lion worm may have infected your computer</h3>\r\n<h3>Description</h3>\r\nSSH is running on port 33568, which is an indication of this virus. The Lion\r\nworm infects Linux machines via a vulnerability in BIND. It then emails out the\r\npassword and shadow files to the attacker. The versions of BIND that are vulnerable\r\nare 8.2, 8.2-P1, 8.2.1, 8.2.2-Px. \r\n<h3>Solution</h3>\r\nNo known removal instructions are available for the Lion worm. Please see any available antivirus packages for possible remediation. Patches for the BIND vulnerability are available at the <a href=\"http://www.sans.org/y2k/lion.htm\">SANS website</a>. \r\n</body></html>'),('msg:10673','\r\n<html><head></head><body><h3>Problem: Microsoft SQL Server with a blank "sa" password.</h3>\r\n<h3>Description</h3>\r\nBy default, the "sa" login has full rights to the SQL server. When\r\nit is blank (NULL), it allows unlimited access to anyone. The Slammer worm exploits\r\nthis by connecting to SQL servers with blank passwords for the "sa" account\r\nand installs itself in an attempt to spread even further. \r\n<h3>Solution</h3><ol><li>Click "Start." </li><li>Click "Run." </li><li>Type "cmd" and press ENTER. </li><li>Type "osql U sa" to connect to the local, default instance of the Microsoft SQL Server Desktop Engine. Otherwise, if you are running a named instance, type "osql U sa S SERVERNAME/INSTANCENAME," where SERVERNAME and INSTANCENAME get replaced with the name of the server and instance, respectively. Then press ENTER. </li><li>At the "Password:" prompt, press ENTER. </li><li>Type " sp_password @old = null, @new = "complexpwd", @loginame ="sa" " where "complexpwd" is replaced with your new password. </li><li>Type "go." </li><li>Type "exit." </li></ol>\r\n</body></html>'),('msg:10685','\r\n<html><head></head><body>\r\n<h3>Problem: Several IIS vulnerabilities found</h3>\r\n<h3>Description</h3>\r\nUsing these vulnerabilities, an attacker could cause your computer to execute\r\nmalicious code remotely. \r\n<h3>Solution</h3>\r\n<p>Download and install the appropriate patch from Microsoft: </p>\r\n<ul>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32061\">Microsoft IIS 4.0</a> </li>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32011\">Microsoft IIS 5.0</a> </li>\r\n</ul>\r\n</body></html>'),('msg:10713','\r\n<html><head></head><body>\r\n<h3>Problem: CodeRed Worm found </h3>\r\n<h3>Description</h3>\r\nThe "Code Red" worm is a malicious self-propagating worm that exploits\r\nMicrosoft Internet Information Server (IIS)-enabled systems that are susceptible\r\nto a buffer overflow vulnerability.\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n<p>Download and install the appropriate Microsoft patch:</p>\r\n <ul>\r\n <li><a href=\"http://www.microsoft.com/ntserver/nts/downloads/critical/q269862/default.asp\">Microsoft IIS\r\n 4.0</a> \r\n </li>\r\n <li><a href=\"http://www.microsoft.com/windows2000/downloads/critical/q269862/default.asp\">Microsoft\r\n IIS 5.0</a>\r\n </li>\r\n </ul>\r\n</body></html>'),('msg:10798','\r\n<html><head></head><body>\r\n<h3>Problem: PC Anywhere was found with a blank password</h3>\r\n<h3>Description</h3>\r\nA blank PC Anywhere password allows anyone to connect to your computer and \r\noperate it with complete control. \r\n<h3>Solution</h3><ol><li>Open the PC Anywhere application as an administrator. </li><li>Right-click on the Host object you are using and click "Properties." </li><li>Click the "Caller Access Tab." </li><li>Switch the authentication type to "Windows" or "PC Anywhere." </li><li>If you are using the "PC Anywhere" authentication, set a strong password. </li></ol>\r\n</body></html>'),('msg:10935','\r\n<html><head>\r\n</head><body>\r\n<h3>Problem: IIS ASP ISAPI filter buffer overflow vulnerability</h3>\r\n<h3>Description</h3>\r\nThis vulnerability allows an attacker the ability to execute code on your computer\r\nfrom a remote location. This could allow your machine to be compromised, granting\r\nfull access to the attacker. \r\n<h3>Solution</h3>\r\n<p>Download and install the appropriate patches.</p>\r\n<p><strong>Microsoft IIS 4.0: </strong></p>\r\n <ul>\r\n <li><a href=\"http://www.microsoft.com/ntserver/nts/downloads/security/q319733/default.asp\">Windows\r\n NT 4.0 Workstation, Windows NT 4.0 Server, or Windows NT 4.0 Server,\r\n Enterprise Edition</a> </li>\r\n <li> <a href=\"http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q317636/default.asp\">Windows\r\n NT 4.0 Server, Terminal Server Edition (Included in the Windows NT Server\r\n 4.0, Terminal Server Edition Security Rollup Package)</a> <br />\r\n \r\n </li>\r\n </ul>\r\n<p><strong>Microsoft IIS 5.0: </strong></p>\r\n\r\n<ul>\r\n <li><!-- #BeginLibraryItem \"/Library/MS Update.lbi\" -->Please update Windows at <a href=\"http://windowsupdate.microsoft.com/\">Microsoft\r\n Windows Update</a> and apply all Critical Updates and Service Packs. You\r\n may be instructed to restart your computer several times in order to apply\r\n all Security Updates and Service Packs. For further help and instructions\r\n on using windows update, go to the <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Microsoft\r\n Windows Update documentation page</a> <!-- #EndLibraryItem --></li>\r\n <li> <a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37857\">Microsoft IIS 5.1</a></li>\r\n</ul>\r\n</body></html>'),('msg:11000','\r\n<html><head></head><body>\r\n<h3>Problem: FTP server with well known account names with blank passwords</h3>\r\n<h3>Description</h3>\r\n<p>Usernames with blank passwords exposes whatever system resources\r\n accessible to that username to the outside world. This is even more serious when\r\n the usernames are well known and standardized. \r\n</p>\r\n<h3>Solution</h3>\r\n\r\n<p>Apply complex passwords to all user accounts on the FTP server. In Windows NT/2000/XP,\r\n this may require editing operating system users. \r\n</p>\r\n</body></html>'),('msg:11028','\r\n<html><head></head><body>\r\n<h3>Problem: .HTR filter buffer overflow vulnerability</h3>\r\n<h3>Description</h3>\r\n<p>An attacker can use this vulnerability to execute code on your computer from a remote location. This could allow your machine to be compromised, granting full access to the attacker. </p>\r\n<h3>Solution</h3>\r\n<p>Download and install the appropriate patches.</p>\r\n\r\n<ul>\r\n <li> <a href=\"http://www.microsoft.com/ntserver/nts/downloads/security/q321599/default.asp\">Microsoft\r\n IIS 4.0</a> </li>\r\n <li> Microsoft IIS 5.0: <!-- #BeginLibraryItem \"/Library/MS Update.lbi\" -->Please\r\n update Windows at <a href=\"http://windowsupdate.microsoft.com/\">Microsoft\r\n Windows Update</a> and apply all Critical Updates and Service Packs. You\r\n may be instructed to restart your computer several times in order to apply\r\n all Security Updates and Service Packs. For further help and instructions\r\n on using windows update, go to the <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Microsoft\r\n Windows Update documentation page</a> <!-- #EndLibraryItem --></li>\r\n</ul>\r\n</body></html>'),('msg:11123','\r\n<html><head></head><body><h3>Problem: Radmin was found running on your machine.</h3><h3>Description</h3>\r\n\r\n<p>Radmin is a remote control program, much like Windows XPs Remote\r\n Desktop. If an insecure password is set for this service, it could grant an\r\n unauthorized user complete access to your computer. </p>\r\n<h3>Solution</h3>\r\n \r\n <p>Please make sure that you have a strong password set for any accounts with login access to radmin. If it is not needed, disable radmin so that it will not run in the future. </p>\r\n</body></html>'),('msg:11135','\r\n<html><head></head><body><h3>Problem: Bugbear Worm was found</h3>\r\n<h3>Description</h3>\r\nBugbear is a worm that propagates through Windows file shares and email. Bugbear\r\ntakes advantage of a flaw in Internet Explorer 5.01 and IE 5.5 which causes\r\nIE to automatically execute an attachment without the user\'s knowledge or intervention. <br />\r\n<br />\r\nBugbear is capable of allowing remote access to certain resources, disabling\r\nfirewall and antivirus software, and performing key logging operations. \r\n<h3>Solution</h3><ol><li>Disable/close all Windows file shares. </li><li><!-- #BeginLibraryItem \"/Library/MS Update.lbi\" -->Please\r\n update Windows at <a href=\"http://windowsupdate.microsoft.com/\">Microsoft\r\n Windows Update</a> and apply all Critical Updates and Service Packs. You\r\n may be instructed to restart your computer several times in order to apply\r\n all Security Updates and Service Packs. For further help and instructions\r\n on using windows update, go to the <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Microsoft\r\n Windows Update documentation page</a> <!-- #EndLibraryItem --></li>\r\n <li>Download and run Symantec\'s <a href=\"http://securityresponse.symantec.com/avcenter/venc/data/w32...@mm...ml\">BugBear\r\n removal utility</a>. It will scan\r\n for the BugBear virus and remove it.<br /><br /></li></ol>\r\n</body></html>'),('msg:11160','\r\n<html><head></head><body>\r\n<h3>Problem: FTP server with blank Administrator password</h3>\r\n<h3>Description</h3>\r\n<p>Because the Administrator account usually has full access to the file system,\r\n running an FTP server with a blank Administrator password\r\n allows anyone who attempts to login using that configuration the same access\r\n permissions as an authorized Administrator. </p>\r\n<h3>Solution</h3>\r\n<p>Set the password for the Administrator within the FTP server. This may require changing the password for the Windows Administrator, depending on the FTP server and the version of Windows. Please make sure to create a strong password. </p>\r\n</body></html>'),('msg:11187','\r\n<html><head></head><body><h3>Problem: Parasite Mothership was found</h3>\r\n<h3>Description</h3>\r\n<p>The Parasite Mothership listens for incoming connections; it can be\r\n used to grant an unauthorized user access to your computer. </p>\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/reinstall.lbi\" --> Experts recommend a complete\r\noperating system reinstall. UB recommends you have this performed by a professional.\r\nProfessional repair and vulnerability remediation services are available from\r\nUBMicro.<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:11214','\r\n<html><head></head><body>\r\n<h3>Problem: Microsoft SQL buffer overflow vulnerability </h3><h3>Description</h3>\r\n<p>These vulnerabilities allow remote code to be executed on your computer, which could grant SYSTEM level access to unauthorized users if exploited. This vulnerability is also being exploited by the Sapphire worm. </p>\r\n<h3>Solution</h3>\r\n\r\n<p>Download and install the appropriate Microsoft patch:</p>\r\n<ul>\r\n <li> <a href=\"http://support.microsoft.com/default.aspx?scid=kb;en-us;327068&sd=tech\">Microsoft\r\n SQL Server 7.0</a> (Must be running SQL Server Service Pack 4)</li>\r\n <li><a href=\"http://support.microsoft.com/default.aspx?scid=kb;en-us;316333&sd=tech\">Microsoft\r\n SQL Server 2000</a> (Must be running SQL Server Service Pack 2)</li>\r\n</ul>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:11412','\r\n<html><head></head><body>\r\n<h3>Problem: IIS WebDAV vulnerability</h3>\r\n<h3>Description</h3>\r\n<p>There is a buffer overflow vulnerability in the WebDAV server, which can be used to execute code remotely within the LocalSystem security context. This could compromise the system and grant access to unauthorized users. </p>\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/MS Update.lbi\" -->Please update Windows at <a href=\"http://windowsupdate.microsoft.com/\">Microsoft\r\nWindows Update</a> and apply all Critical Updates and Service Packs. You may\r\nbe instructed to restart your computer several times in order to apply all Security\r\nUpdates and Service Packs. For further help and instructions on using windows\r\nupdate, go to the <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Microsoft\r\nWindows Update documentation page</a> <!-- #EndLibraryItem -->\r\n</body></html>'),('msg:11633','\r\n<html><head></head><body><h3>Problem: Lovgate virus was found</h3>\r\n<h3>Description</h3>\r\n<p>The Lovgate virus propagates through email and listens on certain ports. </p>\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:11707','\r\n<html><head></head><body><h3>Problem: BugBear.B worm found</h3>\r\n<h3>Description</h3>\r\n<p>Bugbear is capable of allowing remote access to certain resources, disabling\r\n firewall and antivirus software, performing key logging operations, as well as\r\n other malicious actions.\r\n</p>\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),('msg:PQUAR-resnetaction-1st','\r\n<html><head></head><body><h3>Your ResNet connection has been disabled</h3><p>We have received and investigated a report of potentially damaging network activity originating from your computer. </p><p>Your ResNet connection has been disabled to prevent further adverse effects from this incident. Because we believe this is a technology problem and not intentional, your UBITName will remain active and you will still be able to use University resources via CIT Public Site computers.</p><p>We recommend that you have your computer repaired professionally. UBMicro offers a service, for a fee, to remediate these problems and help you prevent further similar problems in the future.</p><p>Since this is your first incident, we will place trust in your ability to ensure that your computer has been properly repaired. <a href=\"https://wings.buffalo.edu/computing/dce/resnet\">Notify us</a> when your computer has been repaired so we may restore your network connection. </p><p>Subsequent incidents will require that your computer repair be certified by us at your cost. Please do not move your computer to another network port or attempt to connect via UBWireless or the dial-up modem services. Changing your connection will be considered a second incident and you will face sanctions.</p><p>We have intentionally send you multiple copies of this message to be certain we reach you. If you have any questions or believe you have received this notice in error, please contact the ResNet Team Leader at (716)-645-5070. For any other problems, please contact the CIT Help Desk or UBMicro.</p><p>\r\n<table cellspacing=\"1\" cellpadding=\"1\" border=\"0\"><tbody><tr><td>CIT Help Desk</td><td>UB Micro</td></tr><tr><td>255 Fronczak Hall</td><td>109 The Commons</td></tr><tr><td>(716) 645-3542</td><td>(716) 645-3554</td></tr><tr><td>cit...@bu...</td><td>ub...@bu...</td></tr><tr><td><a href=\"http://helpdesk.buffalo.edu/\">helpdesk.buffalo.edu</a></td><td><a href=\"http://helpdesk.buffalo.edu/\">www.ubmicro.buffalo.edu</a></td></tr></tbody></table>\r\n</p></body></html>'),('msg:11819','\r\n<html><head></head><body><h3>Problem: TFTPd server was found</h3>\r\n<h3>Description</h3>\r\nImproperly configuring the TFTPd server could result in your computer being compromised.\r\nIf it is not needed, it should be disabled.\r\n<h3>Solution</h3>\r\n\r\n<p>If you are running a UNIX machine (or variant of UNIX) and the TFTPd server is not required (i.e. by SunOS systems supporting diskless workstations), then disable it. This can be done by following these steps: </p>\r\n<ol><li>Use your preferred text editor to open /etc/inetd.conf. </li>\r\n <li>Locate the tftpd line. </li>\r\n<li>Place a hash/pound ("#")... [truncated message content] |
|
From: jeff m. <jef...@us...> - 2005-08-10 19:52:24
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8611/lib/NetPass Modified Files: DB.pm Log Message: bug fixes Index: DB.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/DB.pm,v retrieving revision 1.51 retrieving revision 1.52 diff -u -d -r1.51 -r1.52 --- DB.pm 3 Aug 2005 20:22:40 -0000 1.51 +++ DB.pm 10 Aug 2005 19:52:15 -0000 1.52 @@ -1629,15 +1629,18 @@ return 0; } -=head2 getAppAction( ) +=head2 getAppAction(myself = 0|1) -Fetch the current list of pending tasks for appStarter to perform. +Fetch the current list of pending tasks for appStarter to perform. If myself +is "0" then we will fetch any pending appAction regardless of what server +it's specified for. If myself is "1" we will only fetch appActions for ourself. +You can also set mysql to a specific hostname. RETURNS a reference to an array of array references on success - [ [ rowid, application, action, actionAs] , [ rowid, application, ... ] , ... ] + [ [ rowid, application, action, actionAs, serverid] , [ rowid, application, ... ] , ... ] "db failure" on failure @@ -1645,13 +1648,26 @@ sub getAppAction { my $self = shift; + my $ms = shift; $self->reconnect() || return "db failure: disconnected"; - my $aref = $self->{'dbh'}->selectall_arrayref(qq{SELECT rowid, application, action, actionAs FROM appStarter WHERE status = 'pending'}); + my $sql = "SELECT rowid, application, action, actionAs, serverid FROM appStarter WHERE status = 'pending'"; + + if ($ms =~ /^1$/) { + $sql .= " AND serverid = '".hostname."'"; + } + elsif ($ms !~ /^0$/) { + $sql .= " AND serverid = ".$self->dbh->quote($ms); + } + + + my $aref = $self->{'dbh'}->selectall_arrayref($sql); + if (!defined($aref)) { return "db failure: ".$self->{'dbh'}->errstr; } + return $aref; } @@ -1669,22 +1685,30 @@ my $self = shift; my $rowid = shift; + $self->reconnect || return "db failure: disconnected"; + my $sql = "UPDATE appStarter SET status = 'completed' WHERE rowid = ".$self->{'dbh'}->quote($rowid); my $rv = $self->{'dbh'}->do($sql); + if (!defined($rv)) { return "db failure: ". $self->{'dbh'}->errstr; } return 1; } -=head2 reqAppAction ($proc, $action, $actionas) +=head2 reqAppAction ($proc, $action, $actionas, $serverid) Request a particular action be preformed on the specified process. +If you specify serverid (a FQ hostname) it will only run on that +particular server. If you leave it empty (undef) it will run +on all servers. + Returns 0 on failure, 1 on success. Example $dbh->reqAppAction('netpass', 'restart', ''); + $dbh->reqAppAction('netpass', 'restart', '', 'npw2-d.cit.buffalo.edu'); =cut @@ -1693,6 +1717,9 @@ my $proc = shift; my $action = shift; my $actionas = shift; + my $serverid = shift; + + $serverid ||= hostname; if (!defined($proc) || ($proc eq "")) { _log "ERROR", "no process name given\n"; @@ -1707,11 +1734,11 @@ $self->reconnect() || return 0; my $sql = qq{SELECT status FROM appStarter WHERE application = '$proc' - AND status = 'pending' AND action = '$action'}; + AND status = 'pending' AND action = '$action' AND serverid = '$serverid'}; my $ins = qq{INSERT INTO appStarter (requested, application, - action, actionas, status) - VALUES(FROM_UNIXTIME(?), ?, ?, ?, ?)}; + action, actionas, status, serverid) + VALUES(FROM_UNIXTIME(?), ?, ?, ?, ?, ?)}; _log "DEBUG", "sql=$sql\n"; my $sth = $self->{'dbh'}->prepare($sql); @@ -1722,7 +1749,7 @@ } if ($sth->rows() > 0) { - _log "DEBUG", "Process $proc is already registered for $action\n"; + _log "DEBUG", "Process $proc is already registered for $action on $serverid\n"; return 1; } $sth->finish; @@ -1730,7 +1757,7 @@ _log "DEBUG", "sql=$ins\n"; $sth = $self->{'dbh'}->prepare($ins); - if (!$sth->execute(time(), $proc, $action, $actionas, 'pending')) { + if (!$sth->execute(time(), $proc, $action, $actionas, 'pending', $serverid)) { _log "ERROR", "Failed to insert $proc into appStarter ".$self->{'dbh'}->errstr."\n"; return 0; } |
