Improved Shellshock test by searching for bash via which if /etc/shell is not present

This commit is contained in:
mboelen 2014-10-19 12:39:37 +02:00
parent 47b2a7df33
commit 8bf76a9a0f

View File

@ -213,10 +213,18 @@
Register --test-no SHLL-6290 --weight H --network NO --description "Check shellshock vulnerability (CVE-2014-6271)" Register --test-no SHLL-6290 --weight H --network NO --description "Check shellshock vulnerability (CVE-2014-6271)"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FOUND=0 FOUND=0
Display --indent 2 --text "- Testing for Shellshock vulnerability" #Display --indent 2 --text "- Testing for Shellshock vulnerability"
logtext "Test: Check if bash is in the list of shells." logtext "Test: Check if bash is in the list of shells."
FIND=`egrep '(/usr)?(/local)?/bin/bash' /etc/shells | grep -v "^#" | head -1` if [ -f /etc/shells ]; then
if [ ! "${FIND}" = "" -a ! -L ${FIND} ]; then logtext "Test: checking for bash shell in /etc/shells"
FIND=`egrep '(/usr)?(/local)?/bin/bash' /etc/shells | grep -v "^#" | head -1`
else
logtext "Test: checking if bash is available via which command"
FIND=`which bash 2> /dev/null | head -1`
fi
logtext "Result: command revealed ${FIND} as output"
if [ ! "${FIND}" = "" -a -x ${FIND} -a ! -L ${FIND} ]; then
logtext "Result: found ${FIND} as a valid shell" logtext "Result: found ${FIND} as a valid shell"
SHELLSHOCK_TMP=`mktemp /tmp/lynis-shellshock-test.XXXXXXXXXX` || exit 1 SHELLSHOCK_TMP=`mktemp /tmp/lynis-shellshock-test.XXXXXXXXXX` || exit 1
@ -229,11 +237,11 @@
if [ ! "${VULNERABLE}" = "" ]; then if [ ! "${VULNERABLE}" = "" ]; then
logtext "Output: ${VULNERABLE}" logtext "Output: ${VULNERABLE}"
logtext "Result: Vulnerable to original shellshock (CVE-2014-6271)" logtext "Result: Vulnerable to original shellshock (CVE-2014-6271)"
Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "WARNING" --color RED Display --indent 2 --text "- Shellshock: CVE-2014-6271 (original shellshocker)" --result "WARNING" --color RED
FOUND=1 FOUND=1
else else
logtext "Result: Not vulnerable to original shellshock (CVE-2014-6271)" logtext "Result: Not vulnerable to original shellshock (CVE-2014-6271)"
Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "OK" --color GREEN #Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "OK" --color GREEN
fi fi
# CVE-2014-6277 # CVE-2014-6277
@ -244,11 +252,11 @@
if [ ! "${VULNERABLE}" = "" ]; then if [ ! "${VULNERABLE}" = "" ]; then
logtext "Output: ${VULNERABLE}" logtext "Output: ${VULNERABLE}"
logtext "Result: Vulnerable to original shellshock (CVE-2014-6277)" logtext "Result: Vulnerable to original shellshock (CVE-2014-6277)"
Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "WARNING" --color RED Display --indent 2 --text "- Shellshock: CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "WARNING" --color RED
FOUND=1 FOUND=1
else else
logtext "Result: Not vulnerable to original shellshock (CVE-2014-6277)" logtext "Result: Not vulnerable to original shellshock (CVE-2014-6277)"
Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "OK" --color GREEN #Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "OK" --color GREEN
fi fi
# CVE-2014-6278 # CVE-2014-6278
@ -259,11 +267,11 @@
if [ ! "${VULNERABLE}" = "" ]; then if [ ! "${VULNERABLE}" = "" ]; then
logtext "Output: ${VULNERABLE}" logtext "Output: ${VULNERABLE}"
logtext "Result: Vulnerable to CVE-2014-6278" logtext "Result: Vulnerable to CVE-2014-6278"
Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "WARNING" --color RED Display --indent 2 --text "- Shellshock: CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "WARNING" --color RED
FOUND=1 FOUND=1
else else
logtext "Result: Not vulnerable to CVE-2014-6278" logtext "Result: Not vulnerable to CVE-2014-6278"
Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "OK" --color GREEN #Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "OK" --color GREEN
fi fi
# CVE-2014-7169 # CVE-2014-7169
@ -274,11 +282,11 @@
if [ ! "${VULNERABLE}" = "" ]; then if [ ! "${VULNERABLE}" = "" ]; then
logtext "Output: ${VULNERABLE}" logtext "Output: ${VULNERABLE}"
logtext "Result: Vulnerable to taviso bug (CVE-2014-7169)" logtext "Result: Vulnerable to taviso bug (CVE-2014-7169)"
Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "WARNING" --color RED Display --indent 2 --text "- Shellshock: CVE-2014-7169 (taviso bug)" --result "WARNING" --color RED
FOUND=1 FOUND=1
else else
logtext "Result: Not vulnerable to taviso bug (CVE-2014-7169)" logtext "Result: Not vulnerable to taviso bug (CVE-2014-7169)"
Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "OK" --color GREEN #Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "OK" --color GREEN
fi fi
# CVE-2014-7186 # CVE-2014-7186
@ -289,11 +297,11 @@
if [ ! "${VULNERABLE}" = "" ]; then if [ ! "${VULNERABLE}" = "" ]; then
logtext "Output: ${VULNERABLE}" logtext "Output: ${VULNERABLE}"
logtext "Result: Vulnerable to CVE-2014-7186" logtext "Result: Vulnerable to CVE-2014-7186"
Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "WARNING" --color RED Display --indent 2 --text "- Shellshock: CVE-2014-7186 redir_stack bug" --result "WARNING" --color RED
FOUND=1 FOUND=1
else else
logtext "Result: Not vulnerable to CVE-2014-7186" logtext "Result: Not vulnerable to CVE-2014-7186"
Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "OK" --color GREEN #Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "OK" --color GREEN
fi fi
# CVE-2014-7187 # CVE-2014-7187
@ -304,11 +312,11 @@
if [ ! "${VULNERABLE}" = "" ]; then if [ ! "${VULNERABLE}" = "" ]; then
logtext "Output: ${VULNERABLE}" logtext "Output: ${VULNERABLE}"
logtext "Result: Vulnerable to CVE-2014-7187" logtext "Result: Vulnerable to CVE-2014-7187"
Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "WARNING" --color RED Display --indent 2 --text "- Shellshock: CVE-2014-7187 nested loops off by one bug" --result "WARNING" --color RED
FOUND=1 FOUND=1
else else
logtext "Result: Not vulnerable to CVE-2014-7187" logtext "Result: Not vulnerable to CVE-2014-7187"
Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "OK" --color GREEN #Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "OK" --color GREEN
fi fi
# CVE-2014-//// # CVE-2014-////
@ -319,16 +327,15 @@
if [ ! "${VULNERABLE}" = "" ]; then if [ ! "${VULNERABLE}" = "" ]; then
logtext "Output: ${VULNERABLE}" logtext "Output: ${VULNERABLE}"
logtext "Result: Vulnerable to CVE-2014-//// (exploit #3 on shellshocker.net)" logtext "Result: Vulnerable to CVE-2014-//// (exploit #3 on shellshocker.net)"
Display --indent 4 --text "- Exploit #3 on shellshocker.net (no CVE)" --result "WARNING" --color RED Display --indent 2 --text "- Shellshock: Exploit #3 on shellshocker.net (no CVE)" --result "WARNING" --color RED
FOUND=1 FOUND=1
else else
logtext "Result: Not vulnerable to exploit #3 on shellshocker.net (no CVE)" logtext "Result: Not vulnerable to exploit #3 on shellshocker.net (no CVE)"
Display --indent 4 --text "- Exploit#3 on shellshocker.net (no CVE)" --result "OK" --color GREEN #Display --indent 4 --text "- Exploit#3 on shellshocker.net (no CVE)" --result "OK" --color GREEN
fi fi
else else
logtext "Result: could not find bash in /etc/shells" logtext "Result: could not find bash to be a valid shell"
Display --indent 4 --text "Result: bash not in the list of valid shells (tests skipped)."
fi fi
if [ ${FOUND} -eq 1 ]; then if [ ${FOUND} -eq 1 ]; then