主要针对Linux, Mac机器,
先按如下步骤检查是否已经被“攻击”:
http://www.linuxbrigade.com/bash ... -find-youve-tested/
First, ssh into your server and find your http access logs. Some common places are:
cPanel: /usr/local/apache/domlogs/
Debian/Apache: ar/log/apache2/
CentOS: ar/logtpd/
Once you find them, you can cat them, grepping for this pattern:
cat access_log |grep "{ :;};"
复制代码
如果发现已经被攻击了,赶紧打补丁吧:
http://www.linuxnews.pro/patch-bash-shell-shock-centos-ubuntu/
For CentOS, Fedora, Red Hat (and the like) users, just type this to update it (yes, there’s already a patch, and you’ll be patched up in about 10 seconds)
yum -y update bash
复制代码
For Debian, Ubuntu (and the like) users, type this to update bash:
sudo apt-get update && sudo apt-get install --only-upgrade bash
复制代码
最后检查是不是补丁打好了:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
复制代码
If you see “vulnerable” afterwards, you haven’t patched it.
If you see “this is a test”, you’re patched.
shell shock漏洞打补丁
精选 转载
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
浅谈热补丁的钩取方式
热补丁的钩取方式是为了解决内联钩取在多线程情况下会出错的情况,使用热补丁的钩取可以避免重复读写指令造成问题。
热补丁 多线程 内联钩取 重复读写指令