How to Protect your BASH Against the Shellshock Bash Vulnerability

On September 24, 2014, a GNU Bash vulnerability, referred to as Shellshock or the “Bash Bug”, was disclosed. In short, the vulnerability allows remote attackers to execute arbitrary code given certain conditions, by passing strings of code following environment variable assignments. Because of Bash’s ubiquitous status amongst Linux, BSD, and Mac OS X distributions, many computers are vulnerable to Shellshock; all unpatched Bash versions between 1.14 through 4.3 (i.e. all releases until now) are at risk.

On each of your systems that run Bash, you may check for Shellshock vulnerability by running the following command at the bash prompt:

env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

Copy and paste this command in your terminal.If you are getting this output

 Bash is vulnerable!

Then your Bash is vulnerable
If the only thing that is output from the test command is the following, your Bash is safe from Shellshock:

Bash Test

Fix Vulnerability: Update Bash

sudo apt-get update 
sudo apt-get install --only-upgrade bash
Advertisements

How to get tab completion in bash if its not working by default

In Debian Squeeze bash doesn’t support tab completion in terminal by default…this can be accomplished by a small hack…first we need to edit a file..vim /etc/bash.bashrc

By deafult these lines will be commented uncomment them by removing the #

# enable bash completion in interactive shells
#if [ -f /etc/bash_completion ]; then
#    . /etc/bash_completion
#fi

Save the file after done withyour editing do a restart…now the bash support tab completion………