Shellshock bug – vulnerability on Bash shell: How to fix ?

Shellshock bug – vulnerability on Bash shell: How to fix ?

On September 24, 2014, a GNU Bash vulnerability, referred to as Shellshock or the "Bash Bug", was disclosed. In short, the vulnerability allows remote attackers to execute arbitrary code given certain conditions, by passing strings of code following environment variable assignments. Because of Bash's ubiquitous status amongst Linux, BSD, and Mac OS X distributions, many computers are vulnerable to Shellshock; all unpatched Bash versions between 1.14 through 4.3 (i.e. all releases until now) are at risk.

Examples of exploitable systems include the following:

    Apache HTTP Servers that use CGI scripts (via mod_cgi and mod_cgid) that are written in Bash or launch to Bash subshells
    Certain DHCP clients
    OpenSSH servers that use the ForceCommand capability
    Various network-exposed services that use Bash

How to check the vulnerability ?

Run the below command and check

env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

If Vulnerability exists you will get below output

[root@serverA ~]# env x='() { :;}; echo vulnerable' bash -c "echo Bash  test"
Bash is vulnerable
Bash test
[root@serverA ~]#

How to fix vulnerable?


Ubuntu/Debian : apt-get

#sudo apt-get update && sudo apt-get install --only-upgrade bash

CentOS / Red Hat / Fedora : YUM

#sudo yum update bash

Be sure to update all of your affected servers to the latest version of Bash! Also, be sure to keep your servers up to date with the latest security updates!

Cheers !!!

Install Redhat Linux 5/6 on iSCSI SAN Boot : How to ??

Software iSCSI:

For a software initiator to implement a SAN boot device, you can have the root device on an iSCSI LUN, and you can use any of the following options to load the kernel:
 1.A host’s locally attached disk (for storing kernel and initrd images)
 2.A Preboot Execution Environment (PXE) Server

Hardware iSCSI:

If the SAN boot LUN uses an iSCSI HBA, then, because the protocol stack runs on the HBA, it is ready to communicate with the storage system and discover a LUN when it starts up.
You can have both the boot device and root device on an iSCSI LUN.

 Install RHEL 5/6 in software iSCSI SAN boot:

Steps :

1.When you initiate the installation, specify the Boot Option as linux mpath and press Enter.

2.Continue with the installation until you reach the storage configuration page. Click Advanced storage configuration.

3.Select Add iSCSI target and click Add drive.

4.Enter the Target IP address and the iSCSI initiator name.
Note: You should ensure that you associate this IQN with the correct privileges on the storage controller.

5.On the storage controller, create an igroup with the initiator name that you provided in Step 4.

6.Create a LUN on the storage system on which you intend to create root partition, and map it to the igroup.

7.Return to the host screen.

8.Click Add Target in the Configure iSCSI Parameters window.

When you add the target, the target portal is discovered.

Note: You should ensure that multiple target portals are discovered, because the Red Hat 
.installer does not identify the iSCSI device as a multipathed device unless it has more than one path.

9.To discover more target portals, repeat Step 2 through Step 8.

You should now see a multipathed iSCSI device listed in the drives section.
Note: If the iSCSI multipathed device is not listed, you should check the configuration.

10.Select a partitioning layout as Create custom layout and Click Next.

You can now proceed with the installation process and enter choices until you reach the Installation Summary page.

11.At the storage devices selection screen, select the iSCSI multipathed device from the list of allowable drives where you want to install the root file system.

12.Create the root file system on the selected device and select the mount point as /.

13.Create a SWAP partition.

Note: You can create a SWAP partition on the same LUN that contains the root partition or on a different LUN.
If you are using the software suspend functionality, you should ensure that the SWAP partition is on a local disk.

14.Create the /boot partition.
You can create a /boot partition on a locally attached disk or use a PXE server to load the kernel boot image.

15.Click Next and follow the installation prompts to complete the installation.

Install RHEL 5/6 on Hardware iSCSI SAN boot:


1.Create a LUN on the storage system and map it to the host. This will be the SAN boot LUN.

You should ensure that the SAN boot LUN is mapped, and multiple paths to the SAN boot LUN are available on the host. You should also ensure that the SAN boot LUN is visible to the host during the boot process.

2.Set the Initiator IP Settings and Initiator iSCSI Name in Host Adapter Settings.

3.Set the Primary and Alternate Target IP and iSCSI Name and Adapter Boot Mode to Manual in iSCSI Boot Settings.
For information, see your HBA vendor-specific documentation.

4.After making changes to the HBA BIOS, save and exit.
Reboot the host.

5. Install the operating system on the boot LUN and follow the installation prompts to complete the installation.

Note: You should specify Boot Option as linux mpath during the operating system installation. When you
Blogger Tips and TricksLatest Tips And TricksBlogger Tricks