[0001]
[0002]
[0003]
[0004]
[0005]
[0006]
[0007]
[0008]
[0009]
[0010]
[0011]
[0012]
[0013]
[0014]
[0015]
[0016]
[0017]
[0018]
[0019]
[0020]
[0021]
[0022]
[0023]
[0024]
[0025]
[0026]
[0027]
[0028]
[0029]
[0030]
[0031]
[0032]
[0033]
[0034]
[0035]
[0036]
[0037]
[0038]
[0039]
[0040]
[0041]
[0042]
[0043]
[0044]
[0045]
[0046]
[0047]
[0048]
[0049]
[0050]
[0051]
[0052]
[0053]
[0054]
[0055]
[0056]
[0057]
[0058]
[0059]
[0060]
[0061]
[0062]
[0063]
[0064]
[0065]
[0066]
[0067]
[0068]
[0069]
[0070]
[0071]
[0072]
[0073]
[0074]
[0075]
[0076]
[0077]
[0078]
[0079]
[0080]
[0081]
[0082]
[0083]
[0084]
[0085]
[0086]
[0087]
[0088]
[0089]
[0090]
[0091]
[0092]
[0093]
[0094]
[0095]
[0096]
[0097]
[0098]
[0099]
[0100]
[0101]
[0102]
[0103]
[0104]
[0105]
[0106]
[0107]
[0108]
[0109]
[0110]
[0111]
[0112]
[0113]
[0114]
[0115]
[0116]
[0117]
[0118]
[0119]
[0120]
[0121]
[0122]
[0123]
[0124]
[0125]
[0126]
[0127]
[0128]
[0129]
[0130]
[0131]
[0132]
[0133]
[0134]
[0135]
[0136]
[0137]
[0138]
[0139]
[0140]
[0141]
[0142]
[0143]
[0144]
[0145]
[0146]
[0147]
[0148]
[0149]
[0150]
[0151]
[0152]
[0153]
[0154]
[0155]
[0156]
[0157]
[0158]
[0159]
[0160]
[0161]
[0162]
[0163]
[0164]
[0165]
[0166]
[0167]
[0168]
[0169]
[0170]
[0171]
[0172]
[0173]
[0174]
[0175]
[0176]
[0177]
[0178]
[0179]
[0180]
[0181]
[0182]
[0183]
[0184]
[0185]
[0186]
[0187]
[0188]
[0189]
[0190]
[0191]
[0192]
[0193]
[0194]
[0195]
[0196]
[0197]
[0198]
[0199]
[0200]
[0201]
[0202]
[0203]
[0204]
[0205]
[0206]
[0207]
[0208]
[0209]
[0210]
[0211]
[0212]
[0213]
[0214]
[0215]
[0216]
[0217]
[0218]
[0219]
[0220]
[0221]
[0222]
[0223]
[0224]
[0225]
[0226]
[0227]
[0228]
[0229]
[0230]
[0231]
[0232]
[0233]
[0234]
[0235]
[0236]
[0237]
[0238]
[0239]
[0240]
[0241]
[0242]
[0243]
[0244]
[0245]
[0246]
[0247]
[0248]
[0249]
[0250]
[0251]
[0252]
[0253]
[0254]
[0255]
[0256]
[0257]
[0258]
[0259]
[0260]
[0261]
[0262]
[0263]
$!-----------------------------------------------------------------'f$verify(0)
$! SCRIPTS_ALL.COM
$!
$! Move (almost) all script executables and procedures from [SCRIPT],
$! [SCRIPT_LOCAL] and [AXP]/[VAX] into [CGI-BIN] and [CGI-AXP]/[CGI-VAX].
$! Replace all references to HT_EXE: (which is now inaccessable to the
$! server/scripting account) to CGI_EXE:.
$!
$! This procedure is really only intended for updating pre-v8.1 sites as
$! part of the mandatory security advisory date 22-SEP-2002.
$!
$! (also change modified_by_version symbol below)
$! 07-NOV-2009 MGD disable for WASD v10
$! 23-DEC-2003 MGD as this is really only intended for pre-8.1 migration
$! no IA64 support is necessary
$! 01-NOV-2002 MGD v1.0, moved from INSTALL_SCRIPTS.COM
$!-----------------------------------------------------------------------------
$!
$ type sys$input
*****************************************
* NOT INTENDED FOR WASD V10 OR LATER *
*****************************************
If "upgrading" from pre-v8.1 then start from scratch and perform a completely
fresh installation!
$ exit 44
$!
$ if f$trnlnm("INSTALL$DBUG") .nes. "" then set verify
$ modified_by = "SCRIPTS_ALL.COM"
$ modified_by_version = "v1.0"
$ ss$_abort = 44
$ ss$_bugcheck = 676
$ say = "write sys$output"
$ vms_version = f$integer(f$extract(1,1,f$getsyi("version"))) * 10 +-
f$integer(f$extract(3,1,f$getsyi("version")))
$ if vms_version .ge. 72 then set process /parse=traditional
$ set control=Y
$ on controly then exit ss$_abort
$!
$ if f$environment("depth") .eq. 1 then @wasd_root:[install]copyright.com
$!
$ if f$getsyi("arch_name") .eqs. "IA64"
$ then
$ type sys$input
******************************************
* NOT INTENDED FOR IA64 INSTALLATIONS *
******************************************
$ exit ss$_abort
$ endif
$!
$ @HT_ROOT:[INSTALL]SECHAN.COM
$!
$ if f$search("ht_root:[axp-bin]*.exe") .eqs. "" .and. -
f$search("ht_root:[cgi-bin]*.com") .eqs. "" .and. -
f$search("ht_root:[log_server]*.log") .eqs. "" .and. -
f$search("ht_root:[vax-bin]*.exe") .eqs. ""
$ then
$ type sys$input
***********************************
* UPDATE PRE-8.0.1 INSTALLATION *
***********************************
This looks like a pre-8.0.1 update (no files in [AXP-BIN], [CGI-BIN],
[LOG_SERVER] or [VAX-BIN]). If this is not the case then consider carefully
whether you should continue with this update.
There are major security related changes introduced with v8.1 requiring some
manual intervention on the part of site administration. Please consult the
WASD documentation for further information.
$ response = "NO"
$ read sys$command response /prompt="Read more? [NO]: "
$ say ""
$ if response .eqs. "" then response = "NO"
$ if .not. response then exit ss$_abort
$ endif
$!
$ type sys$input
***************************************
* INSTALL (ALMOST) ALL SCRIPT FILES *
***************************************
This procedure can optionally copy existing executables and other script files
from [AXP] into [AXP-BIN], [VAX] into [VAX-BIN], and from [SCRIPT] then
[SCRIPT_LOCAL] into [CGI-BIN]. In most situations this preserves the current
CGI/CGIplus scripting environment.
The disadvantage of this approach is it retains ALL the current scripting
environment. This is not best-practice in Web server security. It is better
to install only the script you require, not everything available.
When scripts have been moved into the new structure all DCL procedures that
contain "$HT_EXE:" when activating foreign commands must have this changed to
"$CGI-BIN:[000000]". Any scratch space formerly provided by
HT_ROOT:[LOG.SERVER] should now be moved to HT_SCRATCH:
$ response = "YES"
$ read sys$command response /prompt="Read more? [YES]: "
$ say ""
$ if response .eqs. "" then response = "YES"
$ if .not. response then exit
$!
$ type sys$input
**************************
* YOU HAVE TWO CHOICES *
**************************
1) Copy using this procedure, then at your "leisure" cull from
directories [AXP-BIN]/[VAX-BIN] and [CGI-BIN] the script files not required.
Advantage ....... preserves current scripting environment.
Disadvantage .... you may not get around to culling.
Note that some scripts are not reproduced in the new directory structure
because they just won't work in the new environment. Modified versions
suitable for the new structure will be available in future releases of WASD.
2) Decline this section of the procedure, and manually copy only what is
neeeded into the appropriate directories ([CGI-BIN] is intended for
architecture neutral files, e.g. DCL procedures).
Advantage ....... is immediately best-practice for Web server security.
Disadvantage .... requires much more manual intervention initially.
$ response = ""
$ read sys$command response /prompt="Copy scripts? [NO]: "
$ say ""
$ if .not. response then exit
$!
$ set noon
$ say "This may take a little while, please be patient ..."
$ say ""
$ set verify
$ copy /nolog ht_root:[axp]*.* ht_root:[axp-bin]
$ copy /nolog ht_root:[vax]*.* ht_root:[vax-bin]
$ copy /nolog ht_root:[script]*.* ht_root:[cgi-bin]
$ copy /nolog ht_root:[script_local]*.* ht_root:[cgi-bin]
$ copy /nolog ht_root:[java]*.* ht_root:[cgi-bin]
$!'f$verify(0)
$!
$ say ""
$ say "Removing files that don't need to be there ..."
$ say ""
$ if f$search("ht_root:[%%%-bin]ab.exe") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]ab.exe;*
$ if f$search("ht_root:[%%%-bin]glist.exe") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]glist.exe;*
$ if f$search("ht_root:[%%%-bin]hprints.exe") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]hprints.exe;*
$ if f$search("ht_root:[%%%-bin]httpd.exe") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]httpd.exe;*
$ if f$search("ht_root:[%%%-bin]httpd_ssl.exe") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]httpd_ssl.exe;*
$ if f$search("ht_root:[%%%-bin]httpdmon.exe") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]httpdmon.exe;*
$ if f$search("ht_root:[%%%-bin]hyperspi$agent.exe") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]hyperspi$agent.exe;*
$ if f$search("ht_root:[%%%-bin]md5digest.exe") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]md5digest.exe;*
$ if f$search("ht_root:[%%%-bin]randseed.exe") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]randseed.exe;*
$ if f$search("ht_root:[%%%-bin]sdm2htm.exe") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]sdm2htm.exe;*
$ if f$search("ht_root:[%%%-bin]sechan.exe") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]sechan.exe;*
$ if f$search("ht_root:[%%%-bin]wb.exe") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]wb.exe;*
$ if f$search("ht_root:[%%%-bin]wwwrkout.exe") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]wwwrkout.exe;*
$ if f$search("ht_root:[%%%-bin]cgi_process.com") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]cgi_process.com;*
$ if f$search("ht_root:[%%%-bin]dbiv.com") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]dbiv.com;*
$ if f$search("ht_root:[%%%-bin]print.com") .nes. "" -
then delete /noconfirm /log ht_root:[%%%-bin]print.com;*
$ set on
$!
$ say ""
$ say "Resetting scripting directory security ..."
$ say ""
$ sechan /progress /package ht_root:[cgi-bin]*.*;*
$ sechan /progress /package ht_root:[axp-bin]*.*;*
$ sechan /progress /package ht_root:[vax-bin]*.*;*
$!
$ say ""
$ say "Changing ""HT_EXE:"" to ""CGI-BIN:[000000]"" in script DCL procedures"
$ say ""
$ if f$trnlnm("tmpf","lnm$process") .nes. "" then close tmpf
$ edt_cmd = "sys$scratch:install_scripts_all.tmp"
$ open /write tmpf 'edt_cmd'
$ write tmpf "SUBS \HT_EXE:\CGI-BIN:[000000]\ WH"
$ write tmpf "INSERT ;$!(MODIFIED BY ''modified_by' ''modified_by_version' ''F$TIME()')"
$ write tmpf "INSERT ;$!(changed ""HT_EXE:"" to ""CGI-BIN:[000000]"")"
$ write tmpf "EX"
$ close tmpf
$ call edt_files "ht_root:[cgi-bin]*.com" "ht_exe:" 'edt_cmd'
$ call edt_files "ht_root:[axp-bin]*.com" "ht_exe:" 'edt_cmd'
$ call edt_files "ht_root:[vax-bin]*.com" "ht_exe:" 'edt_cmd'
$ delete /nolog /noconfirm sys$scratch:install_scripts_all.tmp;*
$!
$ say ""
$ say "Changing ""HT_ROOT:[SERVER.LOGS]"" to ""HT_SCRATCH:"" in script DCL procedures"
$ say ""
$ if f$trnlnm("TMPF","LNM$PROCESS") .nes. "" then close tmpf
$ edt_cmd = "sys$scratch:install_scripts_all.tmp"
$ open /write tmpf 'edt_cmd'
$ write tmpf "SUBS \HT_ROOT:[LOG.SERVER]\HT_SCRATCH:\ WH"
$ write tmpf "INSERT ;$!(MODIFIED BY ''modified_by' ''modified_by_version' ''F$TIME()')"
$ write tmpf "INSERT ;$!(changed ""HT_ROOT:[LOG.SERVER]"" to ""HT_SCRATCH:"")"
$ write tmpf "EX"
$ close tmpf
$ call edt_files "ht_root:[cgi-bin]*.com" "ht_root:[log.server]" 'edt_cmd'
$ call edt_files "ht_root:[axp-bin]*.com" "ht_root:[log.server]" 'edt_cmd'
$ call edt_files "ht_root:[vax-bin]*.com" "ht_root:[log.server]" 'edt_cmd'
$ delete /nolog /noconfirm sys$scratch:install_scripts_all.tmp;*
$ say ""
$!
$ type sys$input
*******************************************
* INSTALL ALL SCRIPTS C O M P L E T E *
*******************************************
$ exit
$!
$!-----------------------------------------------------------------------------
$!
$ EDT_FILES: SUBROUTINE
$!
$! invoke EDIT/EDT to modify the specified file
$! P1 should contain a wildcard file specification
$! P2 the string used to identify the file as requiring editing
$! P3 the file containing the EDT editing commands
$!
$ on controly then exit ss$_abort
$ if p1 .eqs. "" then exit ss$_bugcheck
$ if p2 .eqs. "" then exit ss$_bugcheck
$ if p3 .eqs. "" then exit ss$_bugcheck
$ p1 = f$edit(p1,"upcase")
$ p2 = f$edit(p2,"upcase")
$ p3 = f$edit(p3,"upcase")
$ edit = "edit"
$ edt_files_loop:
$ file = f$search(p1)
$ if file .eqs. "" then goto end_edt_files_loop
$ define /user sys$error nl:
$ define /user sys$output nl:
$ search 'file' "''p2'"
$ if $severity .eq. 1
$ then
$ set noon
$ edit/edt/nojournal/command='p3' 'file'
$ set on
$ endif
$ goto edt_files_loop
$ end_edt_files_loop:
$!
$ exit
$ endsubroutine
$!
$!-----------------------------------------------------------------------------