Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge about "how to fix potential bash vulnerabilities on RedHat system". In the actual case operation process, many people will encounter such difficulties. Next, let Xiaobian lead you to learn how to deal with these situations! I hope you can read carefully and learn something!

Bash is software used to control the command prompt of Linux computers. Cybersecurity experts say hackers can exploit a security flaw in Bash to gain full control of a targeted computer system.

Dan Guido, chief executive of Trail of Bits, a cybersecurity firm, points out that "compared to Heartbleed," which allows hackers to snoop on computers but doesn't give hackers control of them. "

"It's also much easier to exploit Bash," he said."You can just cut and paste a line of software code and get great results. "

Guido also said he was considering taking his company's non-essential servers offline to protect them from the Bash vulnerability until he could patch it.

Tod Beardsley, engineering manager at cybersecurity firm Rapid7, warned that Bash was rated 10 for severity, meaning it had the most impact, and "low" for difficulty, meaning it was easier for hackers to exploit.

Beardsley said: "Using this vulnerability, an attacker could take over the entire operating system of a computer, gain access to confidential information, make changes to the system, and so on. Anyone who uses Bash software on their computer system needs to be patched immediately. "

well... Let's take a look at the fixes on RedHat systems:

1. Confirm whether the vulnerability exists:

The code is as follows:

# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

vulnerable

this is a test

2. Repair method:

If it is Redhat or CentOS system, directly execute the following command:

The code is as follows:

yum -y update bash

Then re-execute the above test command if prompted as follows:

The code is as follows:

# env x='() { :;}; echo vulnerable' bash -c "

this is a test

The latest bash version is:

The code is as follows:

# rpm -qa bash

bash-4.1.2-15.el6_5.2.x86_64

For more version information, please refer to Redhat official website: rhn.redhat.com/errata/RHSA-2014-1306.html

3. Security enhancement:

For php or other web service applications, the default shell is modified to nologin, such as:

The code is as follows:

www:x:80:80::/home/www:/sbin/nologin

"How to fix potential bash vulnerabilities on RedHat systems" is introduced here. Thank you for reading. If you want to know more about industry-related knowledge, you can pay attention to the website. Xiaobian will output more high-quality practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.