After patching your server, run the following tests to make sure your server is safe from the Shellshock vulnerability.
Note: These tests work on all versions of Linux.
- Run the following command:
cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
A correctly-patched server will return: datecat: /tmp/echo: No such file or directory
- Run the following command:
env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
Clean servers' responses will vary depending on the BASH version, but you should see test
near the the bottom of the output.
Vulnerable servers' response will be vulnerable
.
Warning: Your server must pass both tests to be considered safe from the bash vulnerability.