How to Protect Your Server From the Shellshock Bash Bug

Verified and Tested 02/17/2015

Introduction

This guide will cover how to check and fix your server if you are vulnerable to the Shellshock Bash bug.
The Shellshock Bash bug effects ‘nix based operating systems, which allows attackers to remotely run commands on the server gaining unauthorized access to the server and further exploiting the server.
This guide will show you how to test, and fix your server if it is vulnerable.

Is My System Vulnerable?

Run the following command:

env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

If you see the following in the output, your system is vulnerable to the Bash bug and it needs to be updated:

Bash is vulnerable!

Move to “System’s Vulnerable? No Worries.”

If you, instead, receive the following output:

Bash Test

This means, your system is secure and no further work is required.

System’s Vulnerable? No Worries.

The fix is simple, run the following command:

In CentOS/Fedora

yum update bash

In Debian/Ubuntu

sudo apt-get update && sudo apt-get install –only-upgrade bash

In FreeBSD

pkg upgrade bash

More from Atlantic.Net

Learn more about Atlantic.Net’s hosting solutions, including HIPAA compliant disaster recovery services.