Improved Shellshock test by searching for bash via which if /etc/shell is not present

2014-10-19 12:39:37 +02:00 · 2014-10-19 12:39:37 +02:00 · 8bf76a9a0f
parent 47b2a7df33
commit 8bf76a9a0f
1 changed files with 26 additions and 19 deletions
--- a/include/tests_shells
+++ b/include/tests_shells
@ -213,10 +213,18 @@
    Register --test-no SHLL-6290 --weight H --network NO --description "Check shellshock vulnerability (CVE-2014-6271)"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
-        Display --indent 2 --text "- Testing for Shellshock vulnerability"
+        #Display --indent 2 --text "- Testing for Shellshock vulnerability"
        logtext "Test: Check if bash is in the list of shells."
-        FIND=`egrep '(/usr)?(/local)?/bin/bash' /etc/shells | grep -v "^#" | head -1`
-        if [ ! "${FIND}" = "" -a ! -L ${FIND} ]; then
+        if [ -f /etc/shells ]; then
+            logtext "Test: checking for bash shell in /etc/shells"
+            FIND=`egrep '(/usr)?(/local)?/bin/bash' /etc/shells | grep -v "^#" | head -1`
+          else
+            logtext "Test: checking if bash is available via which command"
+            FIND=`which bash 2> /dev/null | head -1`
+        fi
+
+        logtext "Result: command revealed ${FIND} as output"
+        if [ ! "${FIND}" = "" -a -x ${FIND} -a ! -L ${FIND} ]; then
            logtext "Result: found ${FIND} as a valid shell"

            SHELLSHOCK_TMP=`mktemp /tmp/lynis-shellshock-test.XXXXXXXXXX` || exit 1
@ -229,11 +237,11 @@
            if [ ! "${VULNERABLE}" = "" ]; then
                logtext "Output: ${VULNERABLE}"
                logtext "Result: Vulnerable to original shellshock (CVE-2014-6271)"
-                Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: CVE-2014-6271 (original shellshocker)" --result "WARNING" --color RED
                FOUND=1
              else
                logtext "Result: Not vulnerable to original shellshock (CVE-2014-6271)"
-                Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "OK" --color GREEN
+                #Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "OK" --color GREEN
            fi

            # CVE-2014-6277
@ -244,11 +252,11 @@
            if [ ! "${VULNERABLE}" = "" ]; then
                logtext "Output: ${VULNERABLE}"
                logtext "Result: Vulnerable to original shellshock (CVE-2014-6277)"
-                Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "WARNING" --color RED
                FOUND=1
              else
                logtext "Result: Not vulnerable to original shellshock (CVE-2014-6277)"
-                Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "OK" --color GREEN
+                #Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "OK" --color GREEN
            fi

            # CVE-2014-6278
@ -259,11 +267,11 @@
            if [ ! "${VULNERABLE}" = "" ]; then
                logtext "Output: ${VULNERABLE}"
                logtext "Result: Vulnerable to CVE-2014-6278"
-                Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "WARNING" --color RED
                FOUND=1
              else
                logtext "Result: Not vulnerable to CVE-2014-6278"
-                Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "OK" --color GREEN
+                #Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "OK" --color GREEN
            fi

            # CVE-2014-7169
@ -274,11 +282,11 @@
            if [ ! "${VULNERABLE}" = "" ]; then
                logtext "Output: ${VULNERABLE}"
                logtext "Result: Vulnerable to taviso bug (CVE-2014-7169)"
-                Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: CVE-2014-7169 (taviso bug)" --result "WARNING" --color RED
                FOUND=1
              else
                logtext "Result: Not vulnerable to taviso bug (CVE-2014-7169)"
-                Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "OK" --color GREEN
+                #Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "OK" --color GREEN
            fi

            # CVE-2014-7186
@ -289,11 +297,11 @@
            if [ ! "${VULNERABLE}" = "" ]; then
                logtext "Output: ${VULNERABLE}"
                logtext "Result: Vulnerable to CVE-2014-7186"
-                Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: CVE-2014-7186 redir_stack bug" --result "WARNING" --color RED
                FOUND=1
              else
                logtext "Result: Not vulnerable to CVE-2014-7186"
-                Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "OK" --color GREEN
+                #Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "OK" --color GREEN
            fi

            # CVE-2014-7187
@ -304,11 +312,11 @@
            if [ ! "${VULNERABLE}" = "" ]; then
                logtext "Output: ${VULNERABLE}"
                logtext "Result: Vulnerable to CVE-2014-7187"
-                Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: CVE-2014-7187 nested loops off by one bug" --result "WARNING" --color RED
                FOUND=1
              else
                logtext "Result: Not vulnerable to CVE-2014-7187"
-                Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "OK" --color GREEN
+                #Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "OK" --color GREEN
            fi

            # CVE-2014-////
@ -319,16 +327,15 @@
            if [ ! "${VULNERABLE}" = "" ]; then
                logtext "Output: ${VULNERABLE}"
                logtext "Result: Vulnerable to CVE-2014-//// (exploit #3 on shellshocker.net)"
-                Display --indent 4 --text "- Exploit #3 on shellshocker.net (no CVE)" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: Exploit #3 on shellshocker.net (no CVE)" --result "WARNING" --color RED
                FOUND=1
              else
                logtext "Result: Not vulnerable to exploit #3 on shellshocker.net (no CVE)"
-                Display --indent 4 --text "- Exploit#3 on shellshocker.net (no CVE)" --result "OK" --color GREEN
+                #Display --indent 4 --text "- Exploit#3 on shellshocker.net (no CVE)" --result "OK" --color GREEN
            fi

          else
-            logtext "Result: could not find bash in /etc/shells"
-            Display --indent 4 --text "Result: bash not in the list of valid shells (tests skipped)."
+            logtext "Result: could not find bash to be a valid shell"
        fi

        if [ ${FOUND} -eq 1 ]; then