There are two methods to test and find out if your server or desktop powered by Linux is secure or not:
(a) A simple C test program for all Linux based servers (distro independent; generic method). [donotprint]
Tutorial details | |
---|---|
Difficulty | Easy (rss) |
Root privileges | No |
Requirements | Linux |
Time | 1m |
(b) A simple bash shell test program for RHEL or CentOS or Scientifc Linux server only.
Method #1: GHOST.C Glibc Vulnerability Test C Program
Type the following wget command to download GHOST.C on a Linux based system:
wget https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c ## OR wget -O GHOST.c https://gist.githubusercontent.com/koelling/ef9b2b9d0be6d6dbab63/raw/de1730049198c64eaf8f8ab015a3c8b23b63fd34/gistfile1.c
Compile it:
gcc -o GHOST GHOST.c
Test i:
./GHOST
Sample outputs:
Fig. 01: GHOST.c bug: A simple way to test if Linux system is secure or not
Method #2: GHOST-test.sh Vulnerability Test Bash Script
Visit this url to download a script (or grab it here). You need to have an account with RHN. The script tells whether your system is vulnerable or not. Run script as follows:
wget -O GHOST-test.sh http://www.cyberciti.biz/files/scripts/GHOST-test.sh.txt bash GHOST-test.sh
Sample outputs:
Fig.02: Fig.02: GHOST-test.sh output on a RHEL/CentOS based system
What to do if my server is not secure or Vulnerable to the Ghost attack?
See this tutorial page for securing your server by applying patches to glibc.
- Check Ghost Vulnerability Test Programs
- Secure and Patch Your Linux Server For Ghost Bug
🐧 17 comments so far... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Linux Sever should be Linux Server
The md5sum of the GHOST.c code from the uchicago.edu website that I tested with is
a19b0657c80d74ea5c4f4544dc9998c5
You should always check this before compiling downloaded code, otherwise the next exploit on you will be a man in the middle attack.
Where’d you hear about ghost.c on uchicago’s webshare?
The code was published in original research page at openwall and now it is everywhere including uchicago’s webshare:
http://www.openwall.com/lists/oss-security/2015/01/27/9
That’s odd, the MD5 I get is d0ed67a61753e568596a830e7171a8eb. Which one of has the right version?
There are probably slightly different versions going around with differing whitespace, etc. I mentioned the uchicago.edu site because its probably more static than the gist URL. Either way, just make sure that you’re downloading something legit.
I would agree with that last sentence. But then, how trustworthy am I? You might try to see if you can reverse the hash I posted.
Reviewing the code might not be entirely sufficient as the MITM could exclude vulnerable versions but ilthe code could appear safe to run.
Try get MD5 hash of source code file => GHOST.c
Single Step:
If your concern is security, then don’t pipe shell scripts directly into your shell.
$ md5sum GHOST.c
a19b0657c80d74ea5c4f4544dc9998c5 GHOST.c
$ md5sum GHOST-test.sh
bd6fea3404950de06e024e2d8b924219 GHOST-test.sh
$ ./GHOST
vulnerable
$ bash GHOST-test.sh
Vulnerable glibc version <= 2.17-54
Vulnerable glibc version <= 2.5-122
Vulnerable glibc version <= 2.12-1.148
Detected glibc version 2.12 revision 149
Not Vulnerable.
The script has been updated.
A practical thing (hope it could be helpful for anyone). You don’t need to reboot the whole server after updating. If you are not able to do reboot — use this cmd which relaunchs only several applications that actually use vulnerable glibc:
From.
This is the script working for Debian (
Great write up!
Are Solaris glib packages vulnerable? Not finding anything online (or from Oracle) about it.
Thanks!
-S
sorry guys…my server doesnt have rpm package..and i am unable to connect it to any internet connection since it is prohibited. But i still need to check the vulnerability of our system. How can i do it ? thx
Method #2: GHOST-test.sh Vulnerability Test Bash Script
as per the ghost shell script, it says glibc 2.12 is not vulnerable in the screen shot.
But version in between 2.2 to 2.17 all are vulnerable to GHOST attack. refer link : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0235
after referring the NVD, looks like the script is not working properly.