Help finding CGI files on Unix server

[bassintro]

Help!
I need a way to find all the cgi files on my server and simply list
their name and dir.

I have been using the find command...
find . -type f -name '*.*htm*' -exec grep cgi {} \;

However, I need a better way to do this and be more specific. I also
don't want to have to go into each vhost html dir and run this command
everytime.

Anyone have any suggestions and/or comments?

Thanks!

 

[bassintro]

Post the Perl code that you've tried. Have you looked at File::Find?

--keith

--
(e-mail address removed)-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information

No I haven't tried to write a script or anything, just used the find
command along with grep so far.

 

[J. Gleixner]

No I haven't tried to write a script or anything, just used the find
command along with grep so far.

What doesn't that do that you want it to do?

Using File::Find will do essentially the same thing.

You could index all the files and use a search engine, like ht://Dig,
but there's nothing wrong with find and grep.

 

[bassintro]

What doesn't that do that you want it to do?

Using File::Find will do essentially the same thing.

You could index all the files and use a search engine, like ht://Dig,
but there's nothing wrong with find and grep.- Hide quoted text -

- Show quoted text -

I was actually looking for an alternative to running...
find . -type f -name '*.*htm*' -exec grep cgi {} \;

it spits out the results of the cgi. I just want it to list the file
and state what dir it's in, that's all...

 

[Jürgen Exner]

I need a way to find all the cgi files on my server and simply list
their name and dir.

It might help if you explain what you mean by "cgi files".

I can imagine a number of different definitions of this term, none of which
seems to be a very good one:

CGI is defined by a standard. However I think it's unlikely that you are
refering to the files that are defining this standard.

The term "a foobar file" is often used to describe a file with the extension
"foobar". If this is what you mean then a trivial find would solve your
problem.

The term "a foobar file" is also used very often to describe a file that
contains source code in the foobar programming language. However CGI is not
a programming language, therefore AFAICS this definition is not applicable
in this case.

CGI of course defines an interface. Maybe you mean a program that adheres to
the CGI interface when talking about CGI files? However that is a question
about the behaviour of a program and as we all know the behaviour of a
program cannot be decided because it is of the same complexity as the
halting problem.

Therefore I am a bit baffled as to what do you mean when talking about CGI
files.

jue

 

[Tim Southerwood]

bassintro coughed up some electrons that declared:

I was actually looking for an alternative to running...
find . -type f -name '*.*htm*' -exec grep cgi {} \;

it spits out the results of the cgi. I just want it to list the file
and state what dir it's in, that's all...

slocate (also called locate) is more efficient in that you pre-index the
filesystem and then search on the index with regexes if you wish.

However, a CGI file does not necessarily end with ".cgi" nor is it always
written in perl, though both statements are common truths.

The definition of a CGI file might be:

a) Wrong, but practical: a file that lives in a path and whose name matches
a pattern that a webserver is configured to serve up as CGI (eg mod_cgi or
mod_fastcgi in Apache).

b) Also dodgey, but more accurate: An executable file (including scripts
with #! notation on line 1, assuming *nix) that emits some sort of output
likely to be of interest to a web server (usually (X)HTML but could be
JPEG, or in fact anything), possibly preceded by some HTTP headers (Apache
assumption probably) and may interact with some environment variables for
obtaining input data (Apache assumed again).

Feck knows what the equivalent "definition" on IIS would be...

Proving (b) is very hard.

OTOH if you *know* your web server only treats files ending in .cgi as CGI
then your find solution, and slocate is valid.

If you like find, then as others suggest, File::Find is the perl native way
to do it, but it's possibly less efficient than find.

Cheers

Tim

 

[J. Gleixner]

I was actually looking for an alternative to running...
find . -type f -name '*.*htm*' -exec grep cgi {} \;
Why?

it spits out the results of the cgi.

No, it prints the results of the grep for the string 'cgi' from the files.

I just want it to list the file
and state what dir it's in, that's all...

Maybe "grep -l" is what you're after?

 

[bassintro]

It might help if you explain what you mean by "cgi files".

I can imagine a number of different definitions of this term, none of which
seems to be a very good one:

CGI is defined by a standard. However I think it's unlikely that you are
refering to the files that are defining this standard.

The term "a foobar file" is often used to describe a file with the extension
"foobar". If this is what you mean then a trivial find would solve your
problem.

The term "a foobar file" is also used very often to describe a file that
contains source code in the foobar programming language. However CGI is not
a programming language, therefore AFAICS this definition is not applicable
in this case.

CGI of course defines an interface. Maybe you mean a program that adheresto
the CGI interface when talking about CGI files? However that is a question
about the behaviour of a program and as we all know the behaviour of a
program cannot be decided because it is of the same complexity as the
halting problem.

Therefore I am a bit baffled as to what do you mean when talking about CGI
files.

jue

What I mean is I am trying to find executable files that are run on
the server side of a www connection. The extension is partly
irrelevant to my search. The files could be *.pl *.cgi *.htm *.html
etc... However what I am trying to go is find any dynamic type file in
a specific dir like /home/* which has cgi content and output the name
of the file and directory.
It is mostly for security purposes. I am migrating servers and want to
put all cgi content on one server and all basic html static content on
another.
Sorry for the miscommunication...

- Paul

 

[bassintro]

bassintro coughed up some electrons that declared:





slocate (also called locate) is more efficient in that you pre-index the
filesystem and then search on the index with regexes if you wish.

However, a CGI file does not necessarily end with ".cgi" nor is it always
written in perl, though both statements are common truths.

The definition of a CGI file might be:

a) Wrong, but practical: a file that lives in a path and whose name matches
a pattern that a webserver is configured to serve up as CGI (eg mod_cgi or
mod_fastcgi in Apache).

b) Also dodgey, but more accurate: An executable file (including scripts
with #! notation on line 1, assuming *nix) that emits some sort of output
likely to be of interest to a web server (usually (X)HTML but could be
JPEG, or in fact anything), possibly preceded by some HTTP headers (Apache
assumption probably) and may interact with some environment variables for
obtaining input data (Apache assumed again).

Feck knows what the equivalent "definition" on IIS would be...

Proving (b) is very hard.

OTOH if you *know* your web server only treats files ending in .cgi as CGI
then your find solution, and slocate is valid.

If you like find, then as others suggest, File::Find is the perl native way
to do it, but it's possibly less efficient than find.

Cheers

Tim

Im on an HP-UX box and dont have locate or slocate, just basic unix

 

[Tim Southerwood]

bassintro coughed up some electrons that declared:

Im on an HP-UX box and dont have locate or slocate, just basic unix

I don't know HP-UX, but are you sure there isn't a package for it?

Or I guess you could install the GNU version from source, but only if you
decide it's worth it. There's nothing special about it that would stop it
working in HP-UX.

Usually, one sets up a cron job to re-index overnight and then enjoy the
convenience of "locate somepattern" in record fast time.

HTH

Tim

 

[Lambik]

Help!
I need a way to find all the cgi files on my server and simply list
their name and dir.

I have been using the find command...
find . -type f -name '*.*htm*' -exec grep cgi {} \;

However, I need a better way to do this and be more specific. I also
don't want to have to go into each vhost html dir and run this command
everytime.

Maybe something like (untested):

#!/usr/bin/perl
use strict;
use warnings;

use File::Find;
my @exec_files;
find sub {
push @exec_files, $File::Find::name if (-x && -T);
}, "/"; # or dir with vhosts

foreach (@exec_files) {
print $_,"\n";
}

 

[anno4000]

I was actually looking for an alternative to running...
find . -type f -name '*.*htm*' -exec grep cgi {} \;

it spits out the results of the cgi. I just want it to list the file
and state what dir it's in, that's all...

find . -type f -name '*.*htm*' | xargs grep -l cgi

Anno

 

[bassintro]

find . -type f -name '*.*htm*' | xargs grep -l cgi

Anno

thank's a lot!

 

[Jürgen Exner]

What I mean is I am trying to find executable files that are run on
the server side of a www connection.

Well, strictly speaking that could be any file on the file system where the
'execute' bit is set.

The extension is partly
irrelevant to my search. The files could be *.pl *.cgi *.htm *.html
etc... However what I am trying to go is find any dynamic type file in
a specific dir like /home/* which has cgi content and output the name
of the file and directory.

I don't think your approach is feasible because literaly any executable on
the web server could be involved in generating an HTTP response.

jue

 

[Jürgen Exner]

Not true. The web server severely limits which files it provides
access to. For Apache, files that are not under DocumentRoot or
ScriptAlias cannot be accessed.


Anyone who configures a web server so that it allows access to EVERY
SINGLE FILE ON THE SERVER should be shot on site. (On sight? No, on
site!)

True. Let me rephrase:
"that could be any file that is accessible via the web server system and
where the 'execute' bit is set".

Maybe that is actually even a useful search criteria.

jue

 

[bassintro]

CGI files are whatever the web server's configuration says is a CGI.

On one web server I used, only the ScriptAlias defined the directories
where CGI programs lived, and any file in that directory was considered
to be a CGI program whether it was executable or not.

ls `awk '/^ScriptAlias/{print $3}' /etc/httpd/conf/httpd.conf`

Another web server accepted any file with a .cgi extension as a
CGI program. It did not matter whether the contents of the file was
Perl, Bourne shell, or compiled binary.

find /var/www/html /home/*/public_html -name '*.cgi' -print

Looking inside of HTML files is a pretty poor method for locating these.

-Joe

Would a server be exploitable if the ScriptAlias variable was defined
but the dir did not exist?

On one server I want to run cgi scripts and the other one I don't at
all. Server A has the script alias variable defined in httpd.conf but
the dir doesn't exist. Server B has the script alias variable defined
and the dir does exist with strict permissions.
Does it really matter or should I just comment the Alias out?

 

[Tad McClellan]

Would a server be exploitable if the ScriptAlias variable was defined
but the dir did not exist?

On one server I want to run cgi scripts and the other one I don't at
all. Server A has the script alias variable defined in httpd.conf but
the dir doesn't exist. Server B has the script alias variable defined
and the dir does exist with strict permissions.
Does it really matter or should I just comment the Alias out?

There is no Perl content in your questions above.

Please ask web server questions in a newsgroup about web servers.

 

[bassintro]

Not true. The web server severely limits which files it provides access
to. For Apache, files that are not under DocumentRoot or ScriptAlias
cannot be accessed.


Anyone who configures a web server so that it allows access to EVERY SINGLE
FILE ON THE SERVER should be shot on site. (On sight? No, on site!)

-Joe

So then, this would work?

find `awk '/^ScriptAlias/ {print $3}' /etc/httpd/conf/httpd.conf | tr -
d \"` -type f -perm +111