In the world wide hurly-burly of personal network system and server security risk of these days due to Bash Shell-shock vulnerability CVE-2014-6271, so what should we do i suggest ...
On RedHat 6 (and CentOS 6), I had the following bash version before the fix:
run- # rpm -qa | grep bash
Keep Calm And Patch
so lets begin to check if you system is vulnerability to bash shell-shock vulnerability
type command - env x='() { :;}; echo vulnerable' bash -c 'echo hello'
in your terminal.
if your system is vulnerable then above command will return output like above
vulnerable hello
all the Debian /Ubuntu user to patch it kindly update your bash to latest version
run bash --version command to know your currently installed version
run- sudo apt-get update && sudo apt-get install –only-upgrade bash
run- sudo apt-get update && sudo apt-get install –only-upgrade bash
if your system is alread updated then just simply upgrade your bash version by running this command
sudo apt-get install --only-upgrade bash
again check your bash version after upgrading your bash version my previous version was version 3.2
----------------------------------------------------------------
update the bash using yum on all RedHat/CentOS
run- yum update bash
run- # rpm -qa | grep bash
bash-3.2-33.el5_11.4
bash: x: line 1: syntax error near unexpected token `='
now again check your system if vulnerable or not by using this command
run- cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
if you are not vulnerable then out put will be like
no content will be displayed and if it is still vulnerable then it will show content of file like
bash: x: line 1: `' bash: error importing function definition for `x'
Fri Sep 26 16:15:09 PDT 2014
------------------------------------------------------------------------------------------------------------------------------
if you have more than one server to update use this script to do all at once
#!/bin/bash
# This script will log into each of your servers and execute the command below
servers=(
# Put your list of servers here
111.222.333.444
123.123.123.123
10.10.10.10
15.22.22.22
)
for server in ${servers[@]}
do
# Here's the command you're going to run on each
ssh $server 'yum -y update bash'
done
No comments:
Post a Comment