diff options
author | mboelen <michael@cisofy.com> | 2014-10-19 14:39:37 +0400 |
---|---|---|
committer | mboelen <michael@cisofy.com> | 2014-10-19 14:39:37 +0400 |
commit | 8bf76a9a0fffa7d2af5cd7b0402586ac09dc616e (patch) | |
tree | 2a94848cc355cef5d20c47acf7557a75f548ed6b /include/tests_shells | |
parent | 47b2a7df33d878acf4059f614b74e28557d3ca02 (diff) |
Improved Shellshock test by searching for bash via which if /etc/shell is not present
Diffstat (limited to 'include/tests_shells')
-rw-r--r-- | include/tests_shells | 45 |
1 files changed, 26 insertions, 19 deletions
diff --git a/include/tests_shells b/include/tests_shells index c0a5336f..e9a74ddc 100644 --- a/include/tests_shells +++ b/include/tests_shells @@ -213,10 +213,18 @@ Register --test-no SHLL-6290 --weight H --network NO --description "Check shellshock vulnerability (CVE-2014-6271)" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 - Display --indent 2 --text "- Testing for Shellshock vulnerability" + #Display --indent 2 --text "- Testing for Shellshock vulnerability" logtext "Test: Check if bash is in the list of shells." - FIND=`egrep '(/usr)?(/local)?/bin/bash' /etc/shells | grep -v "^#" | head -1` - if [ ! "${FIND}" = "" -a ! -L ${FIND} ]; then + if [ -f /etc/shells ]; then + logtext "Test: checking for bash shell in /etc/shells" + FIND=`egrep '(/usr)?(/local)?/bin/bash' /etc/shells | grep -v "^#" | head -1` + else + logtext "Test: checking if bash is available via which command" + FIND=`which bash 2> /dev/null | head -1` + fi + + logtext "Result: command revealed ${FIND} as output" + if [ ! "${FIND}" = "" -a -x ${FIND} -a ! -L ${FIND} ]; then logtext "Result: found ${FIND} as a valid shell" SHELLSHOCK_TMP=`mktemp /tmp/lynis-shellshock-test.XXXXXXXXXX` || exit 1 @@ -229,11 +237,11 @@ if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" logtext "Result: Vulnerable to original shellshock (CVE-2014-6271)" - Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "WARNING" --color RED + Display --indent 2 --text "- Shellshock: CVE-2014-6271 (original shellshocker)" --result "WARNING" --color RED FOUND=1 else logtext "Result: Not vulnerable to original shellshock (CVE-2014-6271)" - Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "OK" --color GREEN + #Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "OK" --color GREEN fi # CVE-2014-6277 @@ -244,11 +252,11 @@ if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" logtext "Result: Vulnerable to original shellshock (CVE-2014-6277)" - Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "WARNING" --color RED + Display --indent 2 --text "- Shellshock: CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "WARNING" --color RED FOUND=1 else logtext "Result: Not vulnerable to original shellshock (CVE-2014-6277)" - Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "OK" --color GREEN + #Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "OK" --color GREEN fi # CVE-2014-6278 @@ -259,11 +267,11 @@ if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" logtext "Result: Vulnerable to CVE-2014-6278" - Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "WARNING" --color RED + Display --indent 2 --text "- Shellshock: CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "WARNING" --color RED FOUND=1 else logtext "Result: Not vulnerable to CVE-2014-6278" - Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "OK" --color GREEN + #Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "OK" --color GREEN fi # CVE-2014-7169 @@ -274,11 +282,11 @@ if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" logtext "Result: Vulnerable to taviso bug (CVE-2014-7169)" - Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "WARNING" --color RED + Display --indent 2 --text "- Shellshock: CVE-2014-7169 (taviso bug)" --result "WARNING" --color RED FOUND=1 else logtext "Result: Not vulnerable to taviso bug (CVE-2014-7169)" - Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "OK" --color GREEN + #Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "OK" --color GREEN fi # CVE-2014-7186 @@ -289,11 +297,11 @@ if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" logtext "Result: Vulnerable to CVE-2014-7186" - Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "WARNING" --color RED + Display --indent 2 --text "- Shellshock: CVE-2014-7186 redir_stack bug" --result "WARNING" --color RED FOUND=1 else logtext "Result: Not vulnerable to CVE-2014-7186" - Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "OK" --color GREEN + #Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "OK" --color GREEN fi # CVE-2014-7187 @@ -304,11 +312,11 @@ if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" logtext "Result: Vulnerable to CVE-2014-7187" - Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "WARNING" --color RED + Display --indent 2 --text "- Shellshock: CVE-2014-7187 nested loops off by one bug" --result "WARNING" --color RED FOUND=1 else logtext "Result: Not vulnerable to CVE-2014-7187" - Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "OK" --color GREEN + #Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "OK" --color GREEN fi # CVE-2014-//// @@ -319,16 +327,15 @@ if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" logtext "Result: Vulnerable to CVE-2014-//// (exploit #3 on shellshocker.net)" - Display --indent 4 --text "- Exploit #3 on shellshocker.net (no CVE)" --result "WARNING" --color RED + Display --indent 2 --text "- Shellshock: Exploit #3 on shellshocker.net (no CVE)" --result "WARNING" --color RED FOUND=1 else logtext "Result: Not vulnerable to exploit #3 on shellshocker.net (no CVE)" - Display --indent 4 --text "- Exploit#3 on shellshocker.net (no CVE)" --result "OK" --color GREEN + #Display --indent 4 --text "- Exploit#3 on shellshocker.net (no CVE)" --result "OK" --color GREEN fi else - logtext "Result: could not find bash in /etc/shells" - Display --indent 4 --text "Result: bash not in the list of valid shells (tests skipped)." + logtext "Result: could not find bash to be a valid shell" fi if [ ${FOUND} -eq 1 ]; then |