Greetings List lurkers,
Unable to stop obcessing about sh (dash), here is the solution to testing
under "sh". This script is tested and alleges to work.
<snip>
#!/bin/sh
# 2014-09-25 10:35:11 pflint
#
SOURCE:http://blogs.splunk.com/2014/09/24/finding-shellshock-cve-2014-6271-with-splunk-forwarders/
#
HOSTNAME=$(/bin/hostname)
RUNNING=$(/bin/date)
THECHECK=$(env='() { :;}; echo status=VULNERABLE' bash -c "ls -al
/bin/bash" 2>&1 /dev/null)
if [ "$THECHECK" = "*VULNERABLE*" ] ; then echo "$RUNNING
hostname=$HOSTNAME cve=2014-6271 status=VULNERABLE"; else echo "$RUNNING
hostname=$HOSTNAME cve=2014-6271 status=NOTVULNERABLE"; fi
<snap>
Again, for proper spacing use:
http://docbox.flint.com:8081/visual.bash#ssschk.sh
Kindest Regards,
Paul Flint
(802) 479-2360 Home
(802) 595-9365 Cell
/************************************
Based upon email reliability concerns,
please send an acknowledgement in response to this note.
Paul Flint
17 Averill Street
Barre, VT
05641
