Edit D:\app\Administrator\product\11.2.0\dbhome_1\sysman\admin\scripts\webcache_esm.pl
#!/usr/local/bin/perl # # $Header: webcache_esm.pl 03-may-2005.04:27:15 rkuriako Exp $ # # webcache_esm.pl # # Copyright (c) 2003, 2005, Oracle. All rights reserved. # # NAME # webcache_esm.pl - <one-line expansion of the name> # # DESCRIPTION # ESM script for webcache security violations # # NOTES # <other useful comments, qualifications, etc.> # # MODIFIED (MM/DD/YY) # rkuriako 05/03/05 - bug-4188709 # kchander 12/16/03 - fix bug 3318453 # kchander 11/26/03 - kchander_esm_scripts_for_ias # kchander 11/06/03 - # kchander 10/28/03 - Creation # use File::Find; use Digest::MD5; use strict; my $oraHome = $ENV{ORACLE_HOME}; our $writeableFileCount = 0; my $sep = $^O =~ m/MSWin32/ ? "\\" : "\/"; my $webcache = $oraHome.$sep."webcache".$sep."webcache.xml"; if (open WEBCACHECONF, "<$webcache") { my @confarray = (); while (my $in = <WEBCACHECONF>) { chomp($in); $in =~ s/^\s+//; $in =~ s/\s+$//; push(@confarray, $in); } close WEBCACHECONF; #check whether access logging is enabled or not my @array = grep(/<ACCESSLOG /, @confarray); my @access; #weed out comments for (my $i=0; $i<=$#array; $i++) { $array[$i] =~ s/^\s+//; } @array = grep(!/^<!--/, @array); for (my $i=0; $i<=$#array; $i++) { my $ind = index($array[$i], "ENABLED="); if ( $ind != -1) { my $in = index($array[$i], "\"", $ind+9); my $en = substr($array[$i], $ind+9, $in - ($ind +9)); $en =~ s/^\s+//; $en =~ s/\s+$//; print "$en\n"; $access[$i]=$en; } else { $access[$i]="YES"; } } if ( $#access < 0) { print "em_result=WebCacheAccessLogging|disabled\n"; } else { for (my $i =0; $i<=$#access; $i++) { if ($access[$i] ne "YES") { print "em_result=WebCacheAccessLogging|disabled\n"; } } } my $webcacheexe = $oraHome.$sep."webcache".$sep."bin".$sep."webcached"; my @attr=stat($webcacheexe); #test whether webcached is owned by root and setuid bit is set if ( ($attr[4] == 0) and ($attr[2] & 04000)) { print "em_result=WebCacheProcess|root\n"; } else { print "em_result=WebCacheProcess|non_root\n"; } #test all files under the docs directory are read only my $docDir = $oraHome.$sep."webcache".$sep."docs"; find(\&checkFiles, $docDir); if ($writeableFileCount >= 0) { print "em_result=WebCacheWritableFile|$writeableFileCount\n"; } #check for usage of default wallet my @port = (); my @wallet = (); my $line; for (my $i =0; $i<$#confarray; $i++) { $line = $confarray[$i]; chomp($line); $line =~s/^\s+//; $line =~ s/\s+$//; if (!grep(/<!--/, $line) and grep(/<LISTEN/, $line) and grep(/SSLENABLED/, $line) and !grep(/SSLENABLED="NONE"/, $line)) { while (!grep(/<\/LISTEN>/, $line)) { my $l = $confarray[++$i]; chomp($l); $l =~s/^\s+//; $l =~ s/\s+$//; $line = $line.$l; } my $in1 = index($line, "<WALLET>"); my $in2 = index($line, "</WALLET>"); my $wal = substr($line, $in1+8, $in2 -($in1+8)); push(@wallet, $wal); $in1 = index($line, "PORT"); $in2 = index($line, "\"", $in1+6); my $p = substr($line, $in1+6, $in2 - ($in1+6)); push(@port, $p); } } #print " @port\n"; #print " @wallet\n"; my $defaultDigest = "drBm1T5EkXGE508cBGjXNw"; for (my $i = 0; $i<=$#wallet; $i++) { my $defaultCert = $wallet[$i].$sep."ewallet.p12"; if (open DEFCER ,$defaultCert) { binmode(DEFCER); my $md5 = Digest::MD5->new; while(<DEFCER>) { $md5->add($_); } close DEFCER; my $dig = $md5->b64digest; if ($dig eq $defaultDigest) { print "em_result=WebCacheDummyWallet|$port[$i]\n"; } } } } sub checkFiles { my $currentFile = $_; if (!( -d $currentFile)) { my @fileattr = stat($currentFile); # print "$currentFile\n"; if (($fileattr[2] & 020)or ($fileattr[2] & 2)) { $writeableFileCount++; } } }
Ms-Dos/Windows
Unix
Write backup
jsp File Browser version 1.2 by
www.vonloesch.de