On September 24, 2014, a GNU Bash vulnerability, referred to as Shellshock or the “Bash Bug”, was disclosed. In short, the vulnerability allows remote attackers to execute arbitrary code given certain conditions. Because of Bash’s ubiquitous status amongst Linux, BSD, and Mac OS X distributions, many computers are vulnerable to Shellshock; all unpatched Bash versions between 1.14 through 4.3 (i.e. all releases until now) are at risk.

A detailed description of the bug can be found at CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187.

Check System Vulnerability

You may check for the Shellshock vulnerability by running the following command at the bash prompt:

env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

The code echo Bash is vulnerable! portion of the command represents where a remote attacker could inject malicious code. Therefore, if you see the following output, your version of Bash is vulnerable and should be updated:

Bash is vulnerable!
Bash Test

If the only output from the test command is the following, your Bash is safe from Shellshock:

Bash Test

Continue reading

If you have to dig in to logs files to investigate a problem, 1: you have failed straight away but i won’t go in to that now, 2: if you have to look at them it helps if the log files are readable.

The icinga.log file has a lot of data and unfortunately the timestamps are in epoch time format.

[1411724135] SERVICE ALERT: monitor1.gb1;IOSTAT_BUSY;WARNING;HARD;5;WARNING:sda=O:5,W:0,C:0: sdb=O:4,W:1,C:0: 

Using a little perl command line magic we can convert that ugly timestamps into something more readable.

[Fri Sep 26 09:35:35 2014] SERVICE ALERT: monitor1.gb1;IOSTAT_BUSY;WARNING;HARD;5;WARNING:sda=O:5,W:0,C:0: sdb=O:4,W:1,C:0:

Just use…

perl -pe 's/(\d+)/localtime($1)/e' icinga.log |grep monitor1.gb1

or...

tail -f icinga.log | perl -pe 's/(\d+)/localtime($1)/e'