Minor improvements to Shellshock test

include/tests_shells

@@ -209,8 +209,8 @@
 #################################################################################
 #
     # Test        : SHLL-6290
-    # Description : Check shellshock vulnerability
-    Register --test-no SHLL-6290 --weight H --network NO --description "Check shellshock vulnerability (CVE-2014-6271)"
+    # Description : Check for Shellshock vulnerability
+    Register --test-no SHLL-6290 --weight H --network NO --description "Perform Shellshock vulnerability tests"
     if [ ${SKIPTEST} -eq 0 ]; then
         FOUND=0
         #Display --indent 2 --text "- Testing for Shellshock vulnerability"
@@ -224,9 +224,9 @@
         fi
 
         logtext "Result: command revealed ${FIND} as output"
-        if [ ! "${FIND}" = "" -a -x ${FIND} -a ! -L ${FIND} ]; then
+        if [ ! "${FIND}" = "" ]; then
+            if [ -x "${FIND}" -a ! -L "${FIND}" ]; then
                 logtext "Result: found ${FIND} as a valid shell"
-
                 SHELLSHOCK_TMP=`mktemp /tmp/lynis-shellshock-test.XXXXXXXXXX` || exit 1
 
                 # CVE-2014-6271
@@ -334,7 +334,9 @@
                     logtext "Result: Not vulnerable to exploit #3 on shellshocker.net (no CVE)"
                     #Display --indent 4 --text "- Exploit#3 on shellshocker.net (no CVE)" --result "OK" --color GREEN
                 fi
-
+              else
+                logtext "Result: bash binary found, but not executable, or it is symlinked"
+            fi
           else
             logtext "Result: could not find bash to be a valid shell"
         fi
@@ -357,4 +359,4 @@ wait_for_keypress
 
 #
 #================================================================================
-# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
+# Lynis - Copyright 2007-2014, CISOfy & Michael Boelen - http://cisofy.com - The Netherlands