Improved Shellshock test by searching for bash via which if /etc/shell is not present

1 files changed, 26 insertions, 19 deletions

diff --git a/include/tests_shells b/include/tests_shells
index c0a5336f..e9a74ddc 100644
--- a/include/tests_shells
+++ b/include/tests_shells
@@ -213,10 +213,18 @@
     Register --test-no SHLL-6290 --weight H --network NO --description "Check shellshock vulnerability (CVE-2014-6271)"
     if [ ${SKIPTEST} -eq 0 ]; then
         FOUND=0
-        Display --indent 2 --text "- Testing for Shellshock vulnerability"
+        #Display --indent 2 --text "- Testing for Shellshock vulnerability"
         logtext "Test: Check if bash is in the list of shells."
-        FIND=`egrep '(/usr)?(/local)?/bin/bash' /etc/shells | grep -v "^#" | head -1`
-        if [ ! "${FIND}" = "" -a ! -L ${FIND} ]; then
+        if [ -f /etc/shells ]; then
+            logtext "Test: checking for bash shell in /etc/shells"
+            FIND=`egrep '(/usr)?(/local)?/bin/bash' /etc/shells | grep -v "^#" | head -1`
+          else
+            logtext "Test: checking if bash is available via which command"
+            FIND=`which bash 2> /dev/null | head -1`
+        fi
+
+        logtext "Result: command revealed ${FIND} as output"
+        if [ ! "${FIND}" = "" -a -x ${FIND} -a ! -L ${FIND} ]; then
             logtext "Result: found ${FIND} as a valid shell"
 
             SHELLSHOCK_TMP=`mktemp /tmp/lynis-shellshock-test.XXXXXXXXXX` || exit 1
@@ -229,11 +237,11 @@
             if [ ! "${VULNERABLE}" = "" ]; then
                 logtext "Output: ${VULNERABLE}"
                 logtext "Result: Vulnerable to original shellshock (CVE-2014-6271)"
-                Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: CVE-2014-6271 (original shellshocker)" --result "WARNING" --color RED
                 FOUND=1
               else
                 logtext "Result: Not vulnerable to original shellshock (CVE-2014-6271)"
-                Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "OK" --color GREEN
+                #Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "OK" --color GREEN
             fi
 
             # CVE-2014-6277
@@ -244,11 +252,11 @@
             if [ ! "${VULNERABLE}" = "" ]; then
                 logtext "Output: ${VULNERABLE}"
                 logtext "Result: Vulnerable to original shellshock (CVE-2014-6277)"
-                Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "WARNING" --color RED
                 FOUND=1
               else
                 logtext "Result: Not vulnerable to original shellshock (CVE-2014-6277)"
-                Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "OK" --color GREEN
+                #Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "OK" --color GREEN
             fi
 
             # CVE-2014-6278
@@ -259,11 +267,11 @@
             if [ ! "${VULNERABLE}" = "" ]; then
                 logtext "Output: ${VULNERABLE}"
                 logtext "Result: Vulnerable to CVE-2014-6278"
-                Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "WARNING" --color RED
                 FOUND=1
               else
                 logtext "Result: Not vulnerable to CVE-2014-6278"
-                Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "OK" --color GREEN
+                #Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "OK" --color GREEN
             fi
 
             # CVE-2014-7169
@@ -274,11 +282,11 @@
             if [ ! "${VULNERABLE}" = "" ]; then
                 logtext "Output: ${VULNERABLE}"
                 logtext "Result: Vulnerable to taviso bug (CVE-2014-7169)"
-                Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: CVE-2014-7169 (taviso bug)" --result "WARNING" --color RED
                 FOUND=1
               else
                 logtext "Result: Not vulnerable to taviso bug (CVE-2014-7169)"
-                Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "OK" --color GREEN
+                #Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "OK" --color GREEN
             fi
 
             # CVE-2014-7186
@@ -289,11 +297,11 @@
             if [ ! "${VULNERABLE}" = "" ]; then
                 logtext "Output: ${VULNERABLE}"
                 logtext "Result: Vulnerable to CVE-2014-7186"
-                Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: CVE-2014-7186 redir_stack bug" --result "WARNING" --color RED
                 FOUND=1
               else
                 logtext "Result: Not vulnerable to CVE-2014-7186"
-                Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "OK" --color GREEN
+                #Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "OK" --color GREEN
             fi
 
             # CVE-2014-7187
@@ -304,11 +312,11 @@
             if [ ! "${VULNERABLE}" = "" ]; then
                 logtext "Output: ${VULNERABLE}"
                 logtext "Result: Vulnerable to CVE-2014-7187"
-                Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: CVE-2014-7187 nested loops off by one bug" --result "WARNING" --color RED
                 FOUND=1
               else
                 logtext "Result: Not vulnerable to CVE-2014-7187"
-                Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "OK" --color GREEN
+                #Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "OK" --color GREEN
             fi
 
             # CVE-2014-////
@@ -319,16 +327,15 @@
             if [ ! "${VULNERABLE}" = "" ]; then
                 logtext "Output: ${VULNERABLE}"
                 logtext "Result: Vulnerable to CVE-2014-//// (exploit #3 on shellshocker.net)"
-                Display --indent 4 --text "- Exploit #3 on shellshocker.net (no CVE)" --result "WARNING" --color RED
+                Display --indent 2 --text "- Shellshock: Exploit #3 on shellshocker.net (no CVE)" --result "WARNING" --color RED
                 FOUND=1
               else
                 logtext "Result: Not vulnerable to exploit #3 on shellshocker.net (no CVE)"
-                Display --indent 4 --text "- Exploit#3 on shellshocker.net (no CVE)" --result "OK" --color GREEN
+                #Display --indent 4 --text "- Exploit#3 on shellshocker.net (no CVE)" --result "OK" --color GREEN
             fi
 
           else
-            logtext "Result: could not find bash in /etc/shells"
-            Display --indent 4 --text "Result: bash not in the list of valid shells (tests skipped)."
+            logtext "Result: could not find bash to be a valid shell"
         fi
 
         if [ ${FOUND} -eq 1 ]; then