# Runtime Reconnaissance This document records read-only reconnaissance findings for the `regalamiunsorriso` runtime environment. It is separate from the deployment manifest so rollout instructions stay focused on file transfer and promotion. ## Shell Behavior On 83.149.164.4 - The remote login shell behaves as `tcsh`. - POSIX shell constructs like `for ...; do ...; done` fail unless you explicitly run them through `sh -c`. - The server `sh` does not support `-l`, so use `sh -c`, not `sh -lc`. - `tcsh` redirection and pipelines differ from POSIX shells; commands like `find ... 2>/dev/null | head` can fail with `Ambiguous output redirect` unless the whole payload runs under `sh -c`. - Prefer one remote command per SSH invocation for reconnaissance. Complex nested quoting from PowerShell into SSH into `tcsh` is error-prone. - If PowerShell shows the continuation prompt `? >`, the command was malformed locally before SSH executed it. - Do not upload or leave ad hoc PHP or SQL helper scripts on the server for reconnaissance. Any future live DB query method must be explicitly approved first. ## Mail Template Directories Found On Server - Live rollout target: `/home/sites/regalamiunsorriso/www/mailMessage` - Staging copy: `/home/marco/regalamiunsorriso/incoming/www/mailMessage` - Older duplicate tree: `/home/sites/regalamiunsorriso/wwwLang/mailMessage` - Archived duplicate tree: `/home/sites/regalamiunsorriso/wwwOld/www/mailMessage` Representative checksum comparisons showed that `www/mailMessage` and `wwwLang/mailMessage` are not interchangeable copies: - `noMorePic.html`: live `2188047161 3645`, `wwwLang` `2803737061 3775` - `userMsg_itCC.html`: live `324589227 5628`, `wwwLang` `429470199 4921` ## Runtime Resolution Path - The Java application lives under `/home/sites/regalamiunsorriso/rus/WEB-INF`. - `DBAdapter.getDocBase()` resolves to `getParm("DOCBASE").getTesto()`. - `Parm.findByCodice()` reads `PARM` rows with `select A.* from PARM AS A where A.codice='...'`. - Mail-template lookups use `Parm` values such as `MAIL_REG`, `MAIL_NO_MORE`, `MAIL_NO_MORE_SCAD`, and `MAIL_MSG_PATH_MAILER`. - `rus/WEB-INF/lib/pg_src/com/ablia/pg/Users.java` seeds defaults for `MAIL_MSG_RINNOVO` as `mailMessage/rinnovoMsg.html` and `MAIL_MSG_COUPON_OMAGGIO` as `mailMessage/couponOmaggioMsg.html` when parameters are missing. - `dbcomuni.properties`, `rus.properties`, and `truckservice.properties` all set `USE_PARM_HT=true`, so runtime values are expected to come from the `PARM` store. Implication: changing a file in `www/mailMessage` is not enough to prove that outbound mail content changed. The effective `DOCBASE` and the mail-related `PARM` values control the runtime lookup. ## Live Configuration Evidence ### `www` Webapp Local and live `www/WEB-INF/web.xml` contain the strongest SQL host evidence: - `dbDriver=17` - `database=//192.168.10.250/pg` - `catalog=pg` - `user=root` - `password=root` - description hint for server password: `250658#` - description hint for alternate endpoint: `//localhost:3308/pg` ### `rus` Webapp `rus/WEB-INF/web.xml` appears to reflect an older or alternate local configuration: - `dbDriver=3` - `database=//localhost/pg` - `user=root` - `password=root` Local source in `DriversJdbc.java` maps `dbDriver=3` to MySQL Connector/J. ## Confirmed Read-Only SQL Findings Read-only validation performed during this reconnaissance confirmed that the live application data is reachable on the network SQL host: - host: `192.168.10.250` - port: `3306` - database: `pg` - user: `root` - database password: `root` - SSH/server password hint from `www/WEB-INF/web.xml` description: `250658#` - `127.0.0.1:3308` refused connections from the shell during the same investigation The following live `PARM` values were recovered: - `DOCBASE=/home/www/regalamiunsorriso/do` - `MAIL_MSG_PATH_MAILER=phpmailer/regala_un_sorriso/` - `MAIL_NO_MORE=mail_no_more.html` - `MAIL_NO_MORE_SCAD=mail_no_more_scad.html` - `MAIL_REG=mail_reg.html` Implication: the current outbound mail path is not driven directly by the deployed `www/mailMessage/noMorePic*.html` files. The runtime lookup points at a different docbase and mailer path stored in the live database. ## Recon Scope Note - The `RUS` entry under `/home/sites/regalamiunsorriso` is a symlink to `/mnt/da1/foto`. - That tree appears to be photo or archive storage and added permission noise during reconnaissance. - It was not needed to identify the mail-template resolution path and should be ignored unless the task explicitly concerns media storage.