If you write—or need to maintain—Perl scripts, it can be incredibly helpful to have a way to print out all your environmental variables, installed modules, and the like, much like PHP's phpinfo().
Up until 2006, a site called ScriptSolutions.com—no longer in service—offered a free program you could install called Perl Diver. Version 2 of the script offered a lot of extra functionality. The last version of the script to be released was 2.33, which fixed an exploitable hole in the module parameter for versions 2.x prior to this release.
The bottom line is that Perl Diver is still an excellent tool, and it's a shame to see the fixed version leave the public realm with no place to download.
Download, Basic Installation:
After searching everywhere for a copy, I finally secured one, and am again offering the script to the public.If you have git access, obtaining a copy from GitHub is as simple as:
# as ssh git clone git://github.com/mrrena/perldiver # as https git clone https://github.com/mrrena/perldiverOtherwise, download a copy of the perldiver zip. Installation should be a matter of unzipping the contents of this file wherever you keep your Perl scripts.
If you do not have git access (file permissions are automatically retained in git), you will also need to give the script execution permission, either using the following command:
chmod +x perldiver.plOr via an FTP program like FileZilla, setting perldiver.pl to "755": refer to this blog post if you don't know how to do that.
If you need to change the extension to .cgi, you will also need to change the file name in perldiver.conf:
# only if you change the file extension to "cgi" 'script_name' => 'perldiver.cgi',
Hide From Search Engines:
To keep the search engines from indexing the page in their results—you probably don't want to broadcast your server's environmental variables to the entire world—you should also create an entry in your robots.txt file.If you don't have one already, create a plain text file and enter the following lines (assuming that the directory in which you're including Perl Diver is cgi-bin):
User-agent: * Disallow: cgi-bin/perldiverSave your file with the name robots.txt, and then upload this file to your web server's root directory.
All paths specified in the file are relative to root; you can check your file at this link or, if you have a free account, you can use Google's Webmaster Tools for the same. For more info on robots.txt files, see Google's Block or remove pages using a robots.txt file.
Password Protecting:
It's also a really good idea that you keep the script from hackers manually fishing for info. Perl Diver is used on a lot of websites, and hackers have learned to look for unprotected copies. You can avoid this type of hack by password protecting the perldiver directory. Assuming that you use Apache, directions follow.You will need to replace Apache's example username rbowen below with the username used when you access scripts from your site via http / https. Here is the relevant excerpt from Apache's Authentication, Authorization and Access Control page:
Getting it working
Here's the basics of password protecting a directory on your server.
You'll need to create a password file. This file should be placed somewhere not accessible from the web. This is so that folks cannot download the password file. For example, if your documents are served out of /usr/local/apache/htdocs you might want to put the password file(s) in /usr/local/apache/passwd.
To create the file, use the htpasswd utility that came with Apache. This will be located in the bin directory of wherever you installed Apache. To create the file, type:
htpasswd -c /usr/local/apache/passwd/passwords rbowenhtpasswd will ask you for the password, and then ask you to type it again to confirm it:
$ htpasswd -c /usr/local/apache/passwd/passwords rbowen New password: mypassword Re-type new password: mypassword Adding password for user rbowenIf htpasswd is not in your path, of course you'll have to type the full path to the file to get it to run. On my server, it's located at /usr/local/apache/bin/htpasswd
Next, you'll need to configure the server to request a password and tell the server which users are allowed access. You can do this either by editing the httpd.conf file or using an .htaccess file. For example, if you wish to protect the directory /usr/local/apache/htdocs/secret, you can use the following directives, either placed in the file /usr/local/apache/htdocs/secret/.htaccess, or placed in httpd.conf inside a <Directory /usr/local/apache/apache/htdocs/secret> section.
AuthType Basic AuthName "Restricted Files" AuthUserFile /usr/local/apache/passwd/passwords Require user rbowenFor additional details, see the full Apache manual page.

 
 

 
No comments:
Post a Comment