Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Linux Shell Scripting

You're reading from   Mastering Linux Shell Scripting Master the complexities of Bash shell scripting and unlock the power of shell for your enterprise

Arrow left icon
Product type Paperback
Published in Dec 2015
Publisher
ISBN-13 9781784396978
Length 198 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Andrew Mallett Andrew Mallett
Author Profile Icon Andrew Mallett
Andrew Mallett
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Preface 1. What and Why of Scripting with Bash FREE CHAPTER 2. Creating Interactive Scripts 3. Conditions Attached 4. Creating Code Snippets 5. Alternative Syntax 6. Iterating with Loops 7. Creating Building Blocks with Functions 8. Introducing sed 9. Automating Apache Virtual Hosts 10. Awk Fundamentals 11. Summarizing Logs with Awk 12. A Better lastlog with Awk 13. Using Perl as a Bash Scripting Alternative 14. Using Python as a Bash Scripting Alternative Index

Bash vulnerabilities

For this book, I will be working entirely on a Raspberry Pi 2 running Raspbian, a Linux distribution similar to Debian, and Ubuntu; although for you, the operating system you choose to work with is immaterial, in reality, as is the version of bash. The bash version I am using is 4.2.37(1). If you are using the OS X operating system, the default command line environment is bash.

To return the operating system being used, type the following command if it is installed:

$ lsb_release -a

The output from my system is shown in the following screenshot:

Bash vulnerabilities

The easiest way to determine the version of bash that you are using is to print the value of a variable. The following command will display your bash version:

$ echo $BASH_VERSION

The following screenshot displays the output from my system:

Bash vulnerabilities

In 2014, there was a well-publicized bug within bash that had been there for many years—the shell-shock bug. If your system is kept up-to-date, then it is not likely to be an issue but it is worth checking. The bug allows malicious code to be executed from within a malformed function. As a standard user, you can run the following code to test for the vulnerabilities on your system. This code comes from Red Hat and is not malicious but if you are unsure then please seek advice.

The following is the code from Red Hat to test for the vulnerability:

$ env 'x=() { :;}; echo vulnerable''BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"

If your system is free from this first vulnerability the output should be as shown in the following screenshot:

Bash vulnerabilities

To test for the last vulnerability from this bug, we can use the following test, which is again from Red Hat:

cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo

The output from a patched version of bash should look like the following screenshot:

Bash vulnerabilities

If the output from either of these command lines is different, then your system may be vulnerable to shell-shock and I would update bash or at least take further advice from a security professional.

You have been reading a chapter from
Mastering Linux Shell Scripting
Published in: Dec 2015
Publisher:
ISBN-13: 9781784396978
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime