Tag Archives: open source

Quick and Simple way to install Bash on IBMi w/ local files

UPDATE 6.27.2016: If you rather install from a PTF check 5733-OPS opt 7 PTF SI61062 else learn to install it from Perzl’s site

Follow the steps below to install Bash

1. Download and unzip download-2.01-PHPDave.tar.zip locally and upload download-2.01-PHPDave.tar.zip to /QOpenSys on the IBMi

2. Open a 5250 session and run CALL QP2TERM.  We’ll extract the tar.zip file and it will create a download directory that will store all our open source binaries (such as Bash).  In QP2Term shell run:
cd /QOpenSys
tar -xf download-2.01-PHPDave.tar.zip
cd download

3. We’ll execute setup2.sh which installs various utilities needed to run wwwperzl.sh.  In QP2TERM and in directory: /QOpenSys/download run

#give the user, execute permission on setup2.sh
chmod u+x setup2.sh
./setup2.sh

4. Download bash (bash-4.3-16.aix5.1.ppc.rpm) and upload it to /QOpenSys/download/www.oss4aix.org/rpmdb/db

5. Download bash dependencies (bash-4.3-16.aix5.1.ppc.deps) and upload it to /QOpenSys/download/www.oss4aix.org/rpmdb/deplists/aix61

6. We’ll now get bash installed. In QP2TERM and in directory: /QOpenSys/download run

./wwwperzl.sh aix61 rpm1 bash-4.3

7. Bash should now be available!!! at the following directory: /QOpenSys/opt/freeware/bin/bash .  SSH into your ibmi and run /QOpenSys/opt/freeware/bin/bash.   Tips on setting up SSH for IBMi

Notes:

1. view other bash versions here if you want a different version: ftp://www.oss4aix.org/RPMS/bash/

2. view other bash deps here if you want a different version: ftp://www.oss4aix.org/rpmdb/deplists/

3. View this image to determine which aixXX to use when running ./wwwperzl.sh aixXX rpm1 bash-4.3

4. You used to have to Download http://yips.idevcloud.com/wiki/uploads/PASE/setup2.sh and http://yips.idevcloud.com/wiki/uploads/PASE/wwwperzl.sh and upload setup2.sh and wwwperzl.sh to /QOpenSys/download but i’ve included that in the zip file

Reference

http://yips.idevcloud.com/wiki/index.php/PASE/OpenSourceBinaries#perzl

http://www.perzl.org/aix/

Whats in setup2.sh and wwwperzl.sh

Advertisements

PHP IBM i Toolkit – Security Awareness of HTTP transport – Sending UserId and Password in Clear Text

With many open source security exploits coming out (shellshock, Heartbleed and recently Ghost exploits) I decided to look into the open source PHP IBM i toolkit that many people are using to access the IBMi. The whole idea of open source is that by having many eyes looking at something that bugs and security issues would be figured out and new features can be contributed by anyone. The issue I found with the PHP toolkit is that there’s no warning about using the HTTP transport to connect to the iSeries. It’s actually sending your user id and password over the network to the web server in plain text. This is an issue with the XMLService as well. It really should not allow you to connect via HTTP and should force HTTPS connections. I looked into odbc_connect and it appears to me that its doing some type of encryption as I was not able to pick up my username with wireshark. Since IBM_DB2 is using SQLConnect in the php extension i’d assume the same goes for that transport method. Therefore, by default the toolkit appears safe, but if your project requires you to connect via HTTP make sure you refactor the transport to use HTTPS instead.  Also please don’t use the GET method as it puts the parameters (the userid and password) in the url string which is sometimes saved into access logs.

You can see this issue in the send method of httpsupp class

http

To see how to securely create a https request look at the comments from: jrubenstein at gmail dot com and louis dot huppenbauer at gmail dot com on php.net’s stream_context_create