IRIX 6.5 Applications 2002 November

home *** CD-ROM | disk | FTP | other *** search

/ IRIX 6.5 Applications 2002 November / SGI IRIX 6.5 Applications 2002 November.iso / dist / gateway.idb / usr / WebFace / Tasks / Tasks.security-start.cgi.z / Tasks.security-start.cgi

Wrap

Text File | 2002-06-12 | 6.8 KB | 230 lines

#!/usr/bin/perl5 # # Tasks.security-start.cgi # # Copyright 1988-1996 Silicon Graphics, Inc. # All rights reserved. # # This is UNPUBLISHED PROPRIETARY SOURCE CODE of Silicon Graphics, Inc.; # the contents of this file may not be disclosed to third parties, copied or # duplicated in any form, in whole or in part, without the prior written # permission of Silicon Graphics, Inc. # # RESTRICTED RIGHTS LEGEND: # Use, duplication or disclosure by the Government is subject to restrictions # as set forth in subdivision (c)(1)(ii) of the Rights in Technical Data # and Computer Software clause at DFARS 252.227-7013, and/or in similar or # successor clauses in the FAR, DOD or NASA FAR Supplement. Unpublished - # rights reserved under the Copyright Laws of the United States. # # $Id: Tasks.security-start.cgi,v 1.10 1998/02/21 03:40:52 jrw Exp $ require "/usr/OnRamp/lib/OnRamp.pm"; $inet_conf = "/etc/inetd.conf"; $temp = "task.tmp"; $temp2 = "task.tmp2"; $temp3 = "task.tmp3"; $temp4 = "task.tmp4"; $action = "Tasks.security-start.cgi?loop"; $go = "/tasks/security-second.cgi?st"; $it = "<td><font size=5><i>"; $ni = "</i></font></td>"; @find_vals = ('telnet','login','shell','ftp','finger'); &get_fields; # clear temporary files for initial call if (!$ARGV[0]) { open(OUT,"> $temp"); close(OUT); open(OUT,"> $temp2"); close(OUT); open(OUT,"> $temp3"); close(OUT); open(OUT,"> $temp4"); close(OUT); # &initValues; } elsif ($ARGV[0] eq 'loop') { %vals = %fld; } else { &readValues; } if ($ARGV[0] eq loop) { &errorCheck; &writeFile; print "Content-type: text/html\n\n"; # printf("Location: %s%c%c",$go,10,10); print "<HTML><HEAD>"; print "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=$go\">"; print "</HEAD><BODY></BODY></HTML>"; exit 0; } &setBoxes; &generic; sub initValues { open(IN,"< $inet_conf"); while(<IN>) { $line = $_; if ($line eq "\n") { next; } $line =~ /^\s*(\S.*)/; @items = split(/\s+/,$1); if ($items[0] !~ "#") { $terms{$items[0]} = 1; } else { $terms{$items[0]} = 0; } } close(IN); foreach $arg (@find_vals) { if ($arg =~ $_) { $vals{$arg} = $terms{$arg}; } else { $vals{$arg} = 0; } } } sub readValues { open(IN,"< $temp"); while(<IN>) { chop; $terms{$_} = 1; } close(IN); foreach $arg (@find_vals) { if ($terms{$arg}) { $vals{$arg} = 1; } else { $vals{$arg} = 0; } } if ($terms{"all_inetd"}) { $vals{"all_inetd"} = 1; } else { $vals{"all_inetd"} = 0; } } sub writeFile { undef %terms; open(IN,"< $temp"); while(<IN>) { chop; $terms{$_} = 1; } close(IN); if ($fld{'all_inetd'} == 1) { $terms{'all_inetd'} = 1; foreach $arg (@find_vals) { $terms{$arg} = $fld{$arg}; } } else { $terms{'all_inetd'} = 0; foreach $arg (@find_vals) { $terms{$arg} = 0; } } open(OUT,"> $temp"); foreach $arg (keys(%terms)) { print OUT "$arg\n" if ($terms{$arg} == 1); } close(OUT); } sub errorCheck { } sub error { $error = $_[0]; &generic; exit 0; } sub generic { print "Content-type: text/html\n\n"; print "<html><head><title>Security Setup </title>\n"; print "<script language=\"JavaScript\">\n\n"; print "</script></head>\n\n"; print "<body bgcolor=\'a7b4ce\' background=/tasks/security-task.bg.gif>\n"; if ($error) { print "<font size=4 color=ff0000><b>Error: </b>$error<br></font>"; } print "<i>$message</i>"; print "<table width=100%>", "<tr><th align=left><h1>Security Setup for Services</h1></th>\n", "<th align=right><a href=\"/newsplash.shtml\">", "<img height=55 width=57 border=0 src=/tasks/home.gif></a>\n", " <a href=\"Tasks.shtml\">", "<img height=55 width=57 border=0 src=/tasks/back.gif></a>", "</tr></table>\n"; printf("\n<form name=\"page1\" action=\"%s\" method=post>\n", $action); print "<center><table width=620>\n"; print "<tr><td colspan=2 align=left> Many services on the Internet Gateway are started by a master server, inetd, which invokes a network service when it receives a request for it. These services, which are listed in the configuration file <I>/etc/inetd.conf</I>, can pose security risks. The Security Setup for Services form allows you to disable these services. <P> You can use this page to disable services such as talk, time, and echo (for a complete list, consult your copy of <I>/etc/inetd.conf</I>). If you do not make any selections on this page, all services that inetd manages will remain enabled. If you choose to disable network services started out of inetd by checking the box below, you can still leave up to five services enabled by checking the appropriate boxes in the list. </td></tr></table>\n"; print "<table width=520>\n"; print "<tr><td colspan=2><input type=checkbox name=all_inetd value=1 $chall> ", " <strong>Disable network services started out of inetd</strong><br></td>", "</tr><tr><td><br><br></td></tr></table>\n\n"; print "<table width=620>\n"; print "<tr><td colspan=2>Leave enabled the following services:</td></tr>"; print "</table><table width=520>\n"; print "<tr><td><input type=checkbox name=ftp value=1 $chftp> " ."ftp (File Transfer Protocol.)</td></tr>"; print "<tr><td><input type=checkbox name=telnet value=1 $chtelnet> telnet" ." (Internet standard for remote login.)</td></tr>\n"; print "<tr><td><input type=checkbox name=shell value=1 $chshell> shell" ." (remote execution of shell commands.)</td></tr>\n"; print "<tr><td><input type=checkbox name=login value=1 $chlogin> " ."login (UNIX standard for remote login.)</td></tr>\n"; print "<tr><td><input type=checkbox name=finger value=1 $chfinger> " ."finger (remote query of user account information.)</td></tr>\n"; print "</table></center>\n\n"; print '<MAP NAME="js_map">', '<AREA SHAPE="rect" COORDS="0,0,59,52" HREF="javascript:Next()">', '</MAP>'; print "\n"; print '<IMG SRC="/tasks/rightarrow.gif" BORDER=0 USEMAP="#js_map" align="right">'; print "\n</form></body></html>"; } sub setBoxes { $chall = $vals{'all_inetd'} ? "checked" : ""; $chtelnet = $vals{'telnet'} ? "checked" : ""; $chlogin = $vals{'login'} ? "checked" : ""; $chshell = $vals{'shell'} ? "checked" : ""; $chftp = $vals{'ftp'} ? "checked" : ""; $chfinger = $vals{'finger'} ? "checked" : ""; }