IRIX 6.5 Applications 2002 November

home *** CD-ROM | disk | FTP | other *** search

/ IRIX 6.5 Applications 2002 November / SGI IRIX 6.5 Applications 2002 November.iso / dist / gateway.idb / usr / WebFace / Tasks / security-end.cgi.z / security-end.cgi

Wrap

Text File | 2002-06-12 | 11.3 KB | 407 lines

#!/usr/bin/perl5 # # security-end.cgi # # Copyright 1988-1996 Silicon Graphics, Inc. # All rights reserved. # # This is UNPUBLISHED PROPRIETARY SOURCE CODE of Silicon Graphics, Inc.; # the contents of this file may not be disclosed to third parties, copied or # duplicated in any form, in whole or in part, without the prior written # permission of Silicon Graphics, Inc. # # RESTRICTED RIGHTS LEGEND: # Use, duplication or disclosure by the Government is subject to restrictions # as set forth in subdivision (c)(1)(ii) of the Rights in Technical Data # and Computer Software clause at DFARS 252.227-7013, and/or in similar or # successor clauses in the FAR, DOD or NASA FAR Supplement. Unpublished - # rights reserved under the Copyright Laws of the United States. # # $Id: security-end.cgi,v 1.16 1998/06/17 18:16:13 shotes Exp $ require "/usr/OnRamp/lib/OnRamp.pm"; if (!$ARGV[0]) { printf("Location: %s%c%c","/tasks/Tasks.security-start.cgi",10,10); exit; } $myname = "security-end.cgi?" . $ARGV[0]; $inet_conf = "/etc/inetd.conf"; $snmp_auth = "/etc/snmpd.auth"; $passwd = "/etc/passwd"; $temp = "task.tmp"; $pwtemp = "task.tmp2"; $rltemp = "task.tmp3"; $nmtemp = "task.tmp4"; $dummy = "task.dummy"; $it = "<td colspan=60>"; $ni = "</td>"; $bo = "<td colspan=150><font size=5><i>"; $nb = "</i></font></td>"; @daemons = ('telnet','login','shell','ftp','finger'); &get_fields; &readValues; if ($fld{'cancel'}) { $message = "Security changes cancelled"; } elsif ($fld{'accept'}) { $done = 1; system ("rm", "-f", $temp) if (-e "$temp"); system ("rm", "-f", $pwtemp) if (-e "$pwtemp"); system ("rm", "-f", $rltemp) if (-e "$rltemp"); system ("rm", "-f", $nmtemp) if (-e "$nmtemp"); &generic; &configure; exit 0; } &generic; sub configure { if ($all_inetd) { &comment_all_inetd; uncomment($inet_conf,*enable); } foreach $arg (keys %accounts) { if ($accounts{$arg} eq "close") { push(@toclose,$arg); delete $accounts{$arg}; } } if ($#toclose >= 0) { &star(*toclose); } &addPasswords; system("/etc/killall", "-HUP", "inetd"); &configure_rlogin; &configure_snmp; } sub star { local(*names) = $_[0]; open(IN, "< $passwd"); open(OUT, "> $temp"); while(<IN>) { $print = 1; $line = $_; @items = split(/:/, $line); foreach (@names) { if ($items[0] eq $_) { $items[1] = "*"; print OUT join(":", @items); $print = 0; } } if ($print) { print OUT $line; } } close(IN); close(OUT); rename($temp, $passwd); } sub configure_rlogin { open(IN, "< $rltemp"); while(<IN>) { ($a, $b) = split(/:/); chop $b; $rlog{$a} = $b; } close(IN); if ($rlog{'rlogin'} eq "yes") { if (-e "/etc/hosts.equiv") { rename("/etc/hosts.equiv", "/etc/hosts.equiv.gsav"); } opendir(DIR, "/usr/people"); @accts = grep(!/^\.\.?$/, readdir(DIR)); closedir(DIR); foreach $acct (@accts) { $fname = "/usr/people/" . $acct . "/.rhosts"; $nfname = $fname . ".gsav"; if (-e $fname) { rename($fname, $nfname); } } } if ($rlog{'xhost'} eq "yes") { $ENV{'DISPLAY'} = ":0"; system("/usr/bin/X11/xhost - > /dev/null"); } } sub configure_snmp { open(IN, "< $nmtemp"); while(<IN>) { ($a, $b) = split(/:/); chop $b; $snmp{$a} = $b; } close(IN); if ($snmp{'get'} eq "yes" || $snmp{'set'} eq "yes") { open(OUT, "> $dummy"); open(IN, "< $snmp_auth"); while(<IN>) { $line = $_; if (($line eq "\n") || ($line =~ /^\#/)) { print OUT $line; next; } else { print OUT "# $line"; } } close(IN); print OUT "reject *:*/set\n" if ($snmp{'set'} eq "yes"); print OUT "reject *:*/get\n" if ($snmp{'get'} eq "yes"); close(OUT); rename($dummy,$snmp_auth); } if ($snmp{'daemon'} eq "yes") { system("/etc/chkconfig", "snmpd", "off"); system("/etc/killall", "snmpd"); } else { system("/etc/killall", "-HUP", "snmpd"); } } sub readValues { open(IN,"< $temp"); while(<IN>) { chop; $on{$_} = 1; } close(IN); if ($on{"all_inetd"}) { $all_inetd = 1; } else { $all_inetd = 0; } if ($all_inetd) { foreach $arg (@daemons) { if ($on{$arg}) { push(@enable, $arg); } } } open(IN,"< $pwtemp"); while(<IN>) { @items = split(/=/); chop $items[1]; $items[0] =~ s/DASH/-/g; $accounts{$items[0]} = $items[1]; } close(IN); open(IN, "< $rltemp"); while(<IN>) { ($a, $b) = split(/:/); chop $b; $rlog{$a} = $b; } close(IN); open(IN, "< $nmtemp"); while(<IN>) { ($a, $b) = split(/:/); chop $b; $snmp{$a} = $b; } close(IN); } sub generic { print "Content-type: text/html\n\n"; print "<html><head><title>Summary</title>\n"; print "<script language=\"JavaScript\">\n\n"; print "</script></head>\n\n"; print "<body bgcolor='a7b4ce' background=/tasks/security-task.bg.gif>\n"; print "<i>$message</i>"; print "<table width=100%>", "<tr><th align=left><h1>Summary</h1></th>\n", "<th align=right><a href=\"/newsplash.shtml\">", "<img height=55 width=57 border=0 src=/tasks/home.gif></a>\n", " <a href=\"/tasks/Tasks.shtml\">", "<img height=55 width=57 border=0 src=/tasks/back.gif></a>", "</tr></table>\n"; if ($done) { print qq|<center><br><br><br><br><font size=5>\n|; print qq|<i>Your security setup has been reconfigured.</i>\n|; print qq|</font></center></body></html>\n|; return 0; } print "<br> Review the information that you entered in the Security configuration forms:<br><br>\n\n"; print "<center><table width=500>\n"; print "<tr valign=top><td><b>Disabled services:</b></td><td colspan=2><tt>"; if ($all_inetd) { if ($#enable > -1) { print "all except: "; foreach $arg (@enable) { print "$arg "; } } else { print "all"; } } else { print "none"; } print "</tt></td></tr><tr><td></td></tr>\n"; print "<tr><td><b>Open accounts:</b></td><td><tt>\n"; foreach $arg (keys %accounts) { $printed = 1; if ($accounts{$arg} eq "close") { print "$arg</tt></td><td><tt>will be closed\n"; } else { print "$arg</tt></td><td><tt>will be password protected\n"; } print "</td></tr><tr><td></td><td><tt>\n"; } if (! $printed) {print "<no changes>\n";} print "</tt></td></tr>\n"; print "<tr valign=top><td><b>Remote access: </b></td><td colspan=2><tt>"; if ($rlog{'rlogin'} eq "yes") { print "Remote logins will be restricted.<br>"; } else { print "Remote logins will not be restricted.<br>"; } if ($rlog{'xhost'} eq "yes") { print "Remote access to X server will be restricted."; } else { print "Remote access to X server will not be restricted."; } print "</tt></td></tr><tr><td></td></tr>\n"; print "<tr valign=top><td><b>Network management: </b></td><td colspan=2><tt>"; if ($snmp{'set'} eq "yes") { print "SNMP write access will be restricted.<br>"; } else { print "SNMP write access will not be restricted.<br>"; } if ($snmp{'get'} eq "yes") { print "SNMP write access will be restricted.<br>"; } else { print "SNMP write access will not be restricted.<br>"; } if ($snmp{'daemon'} eq "yes") { print "SNMP daemon will be disabled."; } else { print "SNMP daemon will not be disabled."; } print "</tt></td></tr><tr><td></td></tr>\n"; print "</table></center><br><br>\n\n"; printf("<form name=\"end\" action=\"%s\" method=post onSubmit=\"return runSubmit()\">\n", $myname); print "<center><table><tr><td width=80%>"; print "If your entries are correct, select <var>Accept</var> to configure the Internet Gateway server with the information shown above."; print "</td><td valign=top align=right>"; print "<font size=5><i>\n"; print qq|<input type=submit name="accept" value="Accept" onClick="markAccept()">\n|; print "</i></font>\n\n"; print "</td></tr><tr><td width=80%>"; print "If you see an error in your entries, select <var>Cancel</var> to delay the configuration and return to the beginning of the security forms to correct your entries. If you prefer, you can select <var>Previous</var> to return to the previous form."; print "</td><td valign=top align=right>"; print qq|<font size=5><i><input type=submit name="cancel" value="Cancel" onClick="markCancel()">\n|; print "</i></font>\n\n"; print "</td></tr></table></center><br>"; print '<MAP NAME="js_map1">', ' <AREA SHAPE="rect" COORDS="0,0,59,52" HREF="javascript:Previous()">', '</MAP>', '<IMG SRC="/tasks/leftarrow.gif" BORDER=0 USEMAP="#js_map1" ALIGN="right">'; print "\n</form></body></html>"; } # this will only uncomment the first instance of each daemon sub uncomment { local($file) = $_[0]; local(*values) = @_[1]; open(IN,"< $file"); open(OUT,"> $dummy"); while(<IN>) { $line = $_; if (($line eq "\n") || ($line !~ /^\s*\#/)) { print OUT $line; next; } $line =~ /^\s*\#\s*(\S.*)/; $line1 = $1; @items = split(/\s+/,$line1); $found = 0; for ($ii=0;$ii<=$#values;$ii++) { if ($items[0] eq $values[$ii]) { if (! $done{$items[0]}) { $found = 1; $done{$items[0]} = 1; last; } } } if ($found) { print OUT "$line1\n"; } else { print OUT $line; } } close(OUT); close(IN); rename($dummy,$file); } sub comment_all_inetd { local($file) = $inet_conf; open(IN,"< $file"); open(OUT,"> $dummy"); while(<IN>) { $line = $_; if (($line eq "\n") || ($line =~ /^\#/)) { print OUT $line; next; } else { print OUT "# $line"; } } close(OUT); close(IN); rename($dummy,$file); } sub addPasswords { foreach $arg (keys %accounts) { $salt = mksalt(); $passwords{$arg} = crypt($accounts{$arg}, $salt); } open(PSWD, "< $passwd"); open(TMP, "> $dummy"); while (<PSWD>) { $line = $_; @ents = split(/:/, $line); if ($passwords{$ents[0]}) { $ents[1] = $passwords{$ents[0]}; print TMP join(':', @ents); next; } print TMP $line; } close(TMP); close(PSWD); rename($dummy, $passwd); }