Book Image

Mastering Linux Shell Scripting

By : Andrew Mallett
Book Image

Mastering Linux Shell Scripting

By: Andrew Mallett

Overview of this book

Shell scripting is a quick method to prototype a complex application or a problem by automating tasks when working on Linux-based systems. Using both simple one-line commands and command sequences complex problems can be solved with ease, from text processing to backing up sysadmin tools. In this book, you’ll discover everything you need to know to master shell scripting and make informed choices about the elements you employ. Get to grips with the fundamentals of creating and running a script in normal mode, and in debug mode. Learn about various conditional statements' code snippets, and realize the power of repetition and loops in your shell script. Implement functions and edit files using the Stream Editor, script in Perl, program in Python – as well as complete coverage of other scripting languages to ensure you can choose the best tool for your project.
Table of Contents (21 chapters)
Mastering Linux Shell Scripting
Credits
About the Author
About the Reviewer
www.PacktPub.com
Preface
Index

Bash vulnerabilities


For this book, I will be working entirely on a Raspberry Pi 2 running Raspbian, a Linux distribution similar to Debian, and Ubuntu; although for you, the operating system you choose to work with is immaterial, in reality, as is the version of bash. The bash version I am using is 4.2.37(1). If you are using the OS X operating system, the default command line environment is bash.

To return the operating system being used, type the following command if it is installed:

$ lsb_release -a

The output from my system is shown in the following screenshot:

The easiest way to determine the version of bash that you are using is to print the value of a variable. The following command will display your bash version:

$ echo $BASH_VERSION

The following screenshot displays the output from my system:

In 2014, there was a well-publicized bug within bash that had been there for many years—the shell-shock bug. If your system is kept up-to-date, then it is not likely to be an issue but it is worth checking. The bug allows malicious code to be executed from within a malformed function. As a standard user, you can run the following code to test for the vulnerabilities on your system. This code comes from Red Hat and is not malicious but if you are unsure then please seek advice.

The following is the code from Red Hat to test for the vulnerability:

$ env 'x=() { :;}; echo vulnerable''BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"

If your system is free from this first vulnerability the output should be as shown in the following screenshot:

To test for the last vulnerability from this bug, we can use the following test, which is again from Red Hat:

cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo

The output from a patched version of bash should look like the following screenshot:

If the output from either of these command lines is different, then your system may be vulnerable to shell-shock and I would update bash or at least take further advice from a security professional.