Unless he's in a container, "find /" should be the root.
And I think you mean "pwd" instead of "ls" to print the current working directory.
________________________________
From: Kendall Kinnear <Kendall.Kinnear@xxxxxxxxxxx>
Sent: Monday, September 24, 2018 8:20 AM
To: Midrange Systems Technical Discussion
Subject: RE: Scanning IFS for the existance of a file.
Well one thing is that QSYS is actually a directory in the IFS instead of the IFS being contained in QSYS. Have you tried doing an LS in QSHELL to see what directory you are in? You probably need to change to the IFS root directory for your find.
I've usually had the best luck by mounting the root IFS directory on a PC and using Windows search to look for a file.
TAATOOLS has a CVTIFS tool that will write the directory of the IFS to a physical file.
You could also scan QAEZDISK if you do a RTVDSKINF. All the IFS files and directories are listed as well as the QSYS libraries and objects.
Respectfully,
Kendall Kinnear
System Analyst
Standard Motor Products, Inc.
Work: 972-316-8169
Mobile: 940-293-7541
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob Berendt
Sent: Monday, September 24, 2018 8:07 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Scanning IFS for the existance of a file.
I want to hunt down and find two files in the IFS. IDK if that IFS is a symbolic link into /qsys.lib or not, I just want to find these. These files are rguest.exe and wguest.exe. We're getting dinged on an audit because of the existence of these files. I'm beginning to question whether the audit is testing for the actual files, or the function they perform and then "assume" it's one of those two files. After all, .exe files aren't really an IBM i kind of thing.
My first foray was querying the output of RTVDIRINF. No luck.
Next I tried qsHell.
find / -name "*guest.*"
find: 001-0023 Error found opening file /QSYS.LIB/PMEDHUSR.LIB/EDH_H1.DTAQ. Resource busy.
find: 001-0023 Error found opening file /QSYS.LIB/PMEDHUSR.LIB/EDH_H2.DTAQ. Resource busy.
find: 001-0023 Error found opening file /QSYS.LIB/PMEDHUSR.LIB/EDH_H3.DTAQ. Resource busy.
find: 001-0023 Error found opening file /QSYS.LIB/PMEDHUSR.LIB/EDH_H4.DTAQ. Resource busy.
find: 001-0023 Error found opening file /QSYS.LIB/QQFENDSVR.PGM.
Resource busy.
$
Which makes me wonder if this stupid find command is searching contents, or if it can't figure out if these object types are a directory or not.
Original problem:
Webcom CGI Guestbook File Disclosure Vulnerability
CVE-1999-0467
THREAT:
The programs 'wguest.exe' and 'rguest.exe' are present on the server.
IMPACT:
Unauthorized users can read arbitrary files.
SOLUTION:
Install and use another Guestbook program.
EXPLOITABILITY:
The Exploit-DB
Reference: CVE-1999-0467
Description: WebCom datakommunikation Guestbook 0.1 - 'rguest.exe'
Arbitrary File Access - The Exploit-DB Ref : 20447
Link:
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.exploit-2Ddb.com_exploits_20447&d=DwICAg&c=CBjl-DmyMmSeXzqzAOY98w&r=pOvNBD1fQ8EIsnWxCJIvLGGO-zLgOpZ92efsKAWQMBM&m=cxuXw5IPN6r1vKhfQg6Daa5k9fd6nc5dFj9covwzC0g&s=UZ8kE0Jwgs1v4OdBgM_phH4nx6XRYKCwnu0mBKHhvhU&e=
Reference: CVE-1999-0467
Description: WebCom datakommunikation Guestbook
One big recent change was the addition of some Zend for a bolt on we're evaluating.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.dekko.com&d=DwICAg&c=CBjl-DmyMmSeXzqzAOY98w&r=pOvNBD1fQ8EIsnWxCJIvLGGO-zLgOpZ92efsKAWQMBM&m=cxuXw5IPN6r1vKhfQg6Daa5k9fd6nc5dFj9covwzC0g&s=j6nRoZoy0D1Z3y5rjiGLAloINVmHLxjnLBBGMwftIyM&e=
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.midrange.com_mailman_listinfo_midrange-2Dl&d=DwICAg&c=CBjl-DmyMmSeXzqzAOY98w&r=pOvNBD1fQ8EIsnWxCJIvLGGO-zLgOpZ92efsKAWQMBM&m=cxuXw5IPN6r1vKhfQg6Daa5k9fd6nc5dFj9covwzC0g&s=c5Qt-OicTTZimCySpq_17_TUf1kBVCyNRaaM56RcsZ8&e=
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
https://urldefense.proofpoint.com/v2/url?u=https-3A__archive.midrange.com_midrange-2Dl&d=DwICAg&c=CBjl-DmyMmSeXzqzAOY98w&r=pOvNBD1fQ8EIsnWxCJIvLGGO-zLgOpZ92efsKAWQMBM&m=cxuXw5IPN6r1vKhfQg6Daa5k9fd6nc5dFj9covwzC0g&s=QTlCO6Qb2mduAFFJ3rMzlotgnSSvhWjSKde62zsSG2g&e=.
Please contact support@xxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
https://urldefense.proofpoint.com/v2/url?u=http-3A__amzn.to_2dEadiD&d=DwICAg&c=CBjl-DmyMmSeXzqzAOY98w&r=pOvNBD1fQ8EIsnWxCJIvLGGO-zLgOpZ92efsKAWQMBM&m=cxuXw5IPN6r1vKhfQg6Daa5k9fd6nc5dFj9covwzC0g&s=FJnNv6_PU9IFpbbPHlMWgXMztgL0TRnxD9z4ttzpcUg&e=
________________________________
Please consider the environment before printing this email.
The content of this e-mail (including any attached files) is confidential and may be privileged and protected by law. It is intended solely for the purpose of the person to whom it is addressed. If you are not the intended recipient of this message, please notify the sender immediately and delete the message (inclusive of any attached files). In addition, if you are not the intended recipient of this message, any disclosure, copying, distribution or taking any action in reliance of the contents of this email is strictly prohibited.
midrange.com
