Re: MSIISProbes.pm v1.03
On Friday, September 28, 2001, at 08:49 AM, Nick Tonkin wrote: > On Fri, 28 Sep 2001, Ask Bjoern Hansen wrote: > >> On Thu, 20 Sep 2001, Mike Schienle wrote: >> thanks to patches from Brice D. Ruth and others, a new version of MSIISProbes.pm is available at http://www.tonkinresolutions.com/MSIISProbes.pm.tar.gz >>> >>> Hi all - >>> >>> Can anyone provide a couple hints on getting this going with Tenon's >>> iTools on MacOS X? For Reuven's CodeRed, it was just a matter of >>> putting >>> CodeRed.pm in /Library/Perl and adding the following code to the >>> iTools.conf file (equivalent to httpd.conf). >> [...] >>> Any suggestions are greatly appreciated. >> >> check the code and your system configuration for the location of >> sendmail (or whatever the module uses to send mail). > > MSIISProbes.pm use Mail::Sendmail to send mail ... > > Cache::FileCache defaults to using /tmp for the location of its > cache; does the system have /tmp (not sure what Cache::FileCache does if > there's no /tmp, hafta look at the code). There is indeed a /tmp for MacOS X. Also, someone else on the list has been able to get it working without any problems, so it's probably something peculiar to my situation. I'm going to upgrade to version 10.1 of MacOS X and try again later today. Is there some kind of test file that can do a simple pass through and see if everything is in place? I've run apachectl configtest and it was happy. Also, any chance of adding MSIISProbes to CPAN? Mike Schienle Interactive Visuals, Inc. http://www.ivsoftware.com
Re: MSIISProbes.pm v1.03
On Fri, Sep 28, 2001 at 08:49:22AM -0700, Nick Tonkin wrote: > Cache::FileCache defaults to using /tmp for the location of its > cache; does the system have /tmp (not sure what Cache::FileCache does if > there's no /tmp, hafta look at the code). You can manually override the temp directory by setting the 'cache_root' option when instantiating the cache. If cache_root isn't set, then File::Spec's tmpdir( ) routine will be called, which seems to return a value on just about all the machines I've tested (judging by the lack of temp directory bug reports). Cheers, -DeWitt
Re: MSIISProbes.pm v1.03
On Fri, 28 Sep 2001, Ask Bjoern Hansen wrote: > On Thu, 20 Sep 2001, Mike Schienle wrote: > > > > thanks to patches from Brice D. Ruth and others, a new version of > > > MSIISProbes.pm is available at > > > http://www.tonkinresolutions.com/MSIISProbes.pm.tar.gz > > > > Hi all - > > > > Can anyone provide a couple hints on getting this going with Tenon's > > iTools on MacOS X? For Reuven's CodeRed, it was just a matter of putting > > CodeRed.pm in /Library/Perl and adding the following code to the > > iTools.conf file (equivalent to httpd.conf). > [...] > > Any suggestions are greatly appreciated. > > check the code and your system configuration for the location of > sendmail (or whatever the module uses to send mail). MSIISProbes.pm use Mail::Sendmail to send mail ... Cache::FileCache defaults to using /tmp for the location of its cache; does the system have /tmp (not sure what Cache::FileCache does if there's no /tmp, hafta look at the code). - Nick
Re: MSIISProbes.pm v1.03
On Thu, 20 Sep 2001, Mike Schienle wrote: > > thanks to patches from Brice D. Ruth and others, a new version of > > MSIISProbes.pm is available at > > http://www.tonkinresolutions.com/MSIISProbes.pm.tar.gz > > Hi all - > > Can anyone provide a couple hints on getting this going with Tenon's > iTools on MacOS X? For Reuven's CodeRed, it was just a matter of putting > CodeRed.pm in /Library/Perl and adding the following code to the > iTools.conf file (equivalent to httpd.conf). [...] > Any suggestions are greatly appreciated. check the code and your system configuration for the location of sendmail (or whatever the module uses to send mail). - ask -- ask bjoern hansen, http://ask.netcetera.dk/ !try; do(); more than a billion impressions per week, http://valueclick.com
Re: MSIISProbes.pm v1.03
On Thursday, September 20, 2001, at 09:41 AM, Nick Tonkin wrote: > > Hello, > > thanks to patches from Brice D. Ruth and others, a new version of > MSIISProbes.pm is available at > http://www.tonkinresolutions.com/MSIISProbes.pm.tar.gz Hi all - Can anyone provide a couple hints on getting this going with Tenon's iTools on MacOS X? For Reuven's CodeRed, it was just a matter of putting CodeRed.pm in /Library/Perl and adding the following code to the iTools.conf file (equivalent to httpd.conf). # added 08/06/01 PerlModule CodeRed SetHandler perl-script PerlHandler CodeRed I've since commented out the above lines. I've added MSIISProbes.pm to /Library/Perl and also tried it at /Library/Perl/Apache, with no effect. I restarted Apache after each change of code and/or location. There doesn't appear to be any output (nothing relevant in the logs and no email). # added 09/20/01 SetHandler perl-script PerlHandler Apache::MSIISProbes PerlSetVar worm_name CodeRed PerlSetVar worm_url http://www.microsoft.com/technet/itsolutions/security/topics/codealrt.asp RewriteCond %{REQUEST_URI} !nimda RewriteCond %{QUERY_STRING} /c.dir RewriteRule .* /nimda? [R,L] SetHandler perl-script PerlHandler NPT::MSIISProbes PerlSetVar worm_name Nimda PerlSetVar worm_url http://www.microsoft.com/technet/security/topics/Nimda.asp Any suggestions are greatly appreciated. Mike Schienle Interactive Visuals, Inc. http://www.ivsoftware.com
Re: [Announce] MSIISProbes.pm v1.03
Hi Jan, I'm afraid that might just gum up the bandwidth even more than these idiots (and our flame mail to them :) ... thanks for the support, though! ~~~ Nick Tonkin On Thu, 20 Sep 2001, Jan Jungnickel wrote: > Hallo, > > >> thanks to patches from Brice D. Ruth and others, a new version of > >> MSIISProbes.pm is available at > >> http://www.tonkinresolutions.com/MSIISProbes.pm.tar.gz > >> > >> Changes: > >> v1.03Added code to get e-mail for the SOA of the host > >> (Brice D. Ruth) > >>Cut the DNS Resolver's timeout to 20 seconds > >> > >> v1.02Moved the URL for info for each worm into PerlSetVar > >> in httpd.conf > > If you like, you you add code to report infected Hosts to our > Nimda-Database? You can find further informations on > http://worm.jungnickel.com > -- > Greetings, Jan Jungnickel >
Re: [Announce] MSIISProbes.pm v1.03
Hallo, >> thanks to patches from Brice D. Ruth and others, a new version of >> MSIISProbes.pm is available at >> http://www.tonkinresolutions.com/MSIISProbes.pm.tar.gz >> >> Changes: >> v1.03 Added code to get e-mail for the SOA of the host >> (Brice D. Ruth) >> Cut the DNS Resolver's timeout to 20 seconds >> >> v1.02 Moved the URL for info for each worm into PerlSetVar >> in httpd.conf If you like, you you add code to report infected Hosts to our Nimda-Database? You can find further informations on http://worm.jungnickel.com -- Greetings, Jan Jungnickel
Re: [Announce] MSIISProbes.pm v1.03
>Hello, > >thanks to patches from Brice D. Ruth and others, a new version of >MSIISProbes.pm is available at >http://www.tonkinresolutions.com/MSIISProbes.pm.tar.gz > >Changes: > v1.03 Added code to get e-mail for the SOA of the host >(Brice D. Ruth) > Cut the DNS Resolver's timeout to 20 seconds > > v1.02 Moved the URL for info for each worm into PerlSetVar >in httpd.conf > > >comments/flames welcome No flames, I like it. Is there a way to send a request to the module to have it generate a report on the contents of the cache? > >--nick > > >~~~ >Nick Tonkin
[Announce] MSIISProbes.pm v1.03
Hello, thanks to patches from Brice D. Ruth and others, a new version of MSIISProbes.pm is available at http://www.tonkinresolutions.com/MSIISProbes.pm.tar.gz Changes: v1.03 Added code to get e-mail for the SOA of the host (Brice D. Ruth) Cut the DNS Resolver's timeout to 20 seconds v1.02 Moved the URL for info for each worm into PerlSetVar in httpd.conf comments/flames welcome --nick ~~~ Nick Tonkin