Are we vulnerable to the recently announced BASH bug?

Answer of KK in the mailing list. (https://lists.debian.org/debian-knoppix/2014/09/msg00036.html)

Thanks Werner.

"Nothing is terrible except fear itself" (Francis Bacon), later shamelessly paraphrased by F. D. Roosevelt when he declared that "Only thing to fear is fear itself".

.
There is a test one may use, and I have, which tells you something about Knoppix 7.4.1
This test is given in a zdnet article you may find at.
http://www.zdnet.com/shellshock-how-to-protect-your-unix-linux-and-mac-servers-7000034072/

An excerpt of this article says.


So, how do you know if your servers can be attacked? First, you need to check to see if you're running a vulnerable version of Bash. To do that, run the following command from a Bash shell:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you get the result:

vulnerable this is a test

Bad news, your version of Bash can be hacked. If you see:

bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test

You're good. Well, to be more exact, you're as protected as you can be at the moment.


FWIW, when I cut & paste the env x= ... line in a terminal, here's what I get.
See the attached .png at full screen with Image Viewer.

So, how do you know if your servers can be attacked?And? Has anyone in this forum a server running with Knoppix?

See the cited article.


Summary: The Unix/Linux Bash security hole can be deadly to your servers.
Here's what you need to worry about, how to see if you can be attacked,
and what to do if your shields are down.

Hello!

Yes, I've read the article, but I cannot see any danger for me. I doesn't offer any services like httpd, ssh, nameserver. mailserver and so on outside of my LAN. All is restricted for locally use and within Knoppix this is also the default for any service.

I cannot see any danger for me.

Hello, Werner.

I believe you and Klaus K know you have no server worries with Knoppix.

But, what should the amateur Knoppix user do to be as certain that
he or she has not inadvertently enabled one or more vulnerable
servers with their own peculiar choices of applications, usage and
tweaks? And, is there an app for that?

Respectfully.

Hello!

You cannot offer inadvertently a service like for example Apache worldwide without profound knowledge how to do it. And if somebody has this knowledge and offers those services worldwide, then it would be a very serious mistake to do it with a Live system, which doesn't has the ability for daily security updates.

It's one thing, to run Apache for example within my home LAN or within the LAN for a computer course, and it is another thing to offer Apache service worldwide and clients from outside can attack my server.

Therefore, keep calm and be pleased about some nice features, which you get with Bash and not Dash.

.
One last question, then I'll stop pestering the moderator:

Should I not worry about using cups, rsync, ssh and/or dhclient if
these should 'serve' some purpose I don't presently need?
If so, does this mean these are immune to bash bug vulnerability?

Thanks in advance. I know all these uncertainties will vanish with 742,
in any event.

Hello!

You don't pestering the moderator. Above all I'm a member in the forum and almost all of my postings are postings as a member and not as a moderator. My activity as moderator is a secret job - ban spammer forever, write a warning pm to suspicious new users. Rarely in the past I had to intervene within a thread as moderator.


Should I not worry about using cups, rsync, ssh and/or dhclient if
these should 'serve' some purpose I don't presently need?If you use for example ssh, your computer is the server who offers the ssh-service. You as the client of the ssh-service may write a malicious bash-script and may attack your own server. Now, if you are sucessful, your own server may no longer be secure. But why should you do this?

.
Thank you for your patience, Werner.

I appreciate all you do for this forum, and for the
numerous times you have helped me solve a Linux problem.

Heres what I get with Knoppix 7.4.2 LiveDVD

Heres what I get with Knoppix 7.4.2 LiveDVD

You have 7.4.2?

Greetings, philo.

I d/l-ed my iso earlier today.

The DVD iso is (at least) at both the first two ftp choices at:
http://www.knopper.net/knoppix-mirrors/index-en.html
No CD version yet.

MY new iso made a good LiveDVD and LiveUSB.
With the LiveUSB, I had better luck NOT using either option to save personal stuff.
I just used my own notes & files for that this time.

The DVD iso is (at least) at both the first two ftp choices at......


Importantly, it is also on the Knoppix Bit Torrent Tracker at http://torrent.unix-ag.uni-kl.de/
I'm unclear why people are still using the FTP and/or HTML downloads, I haven't used them for Knoppix since the torrents became available. I've found the torrents faster and completely error free, while I had a lot of problems with errors on the FTP sites. If one has never used a torrent before it might take five minutes to download a client and start using it, but that will pay off before the first download is even finished.

If one has never used a torrent before it might take five minutes to download a client and start using it, but that will pay off before the first download is even finished.

Greetings, Harry.
But FWIW, the first site dls ftp at 5 min per Gb for me. Testdvds were ok first time through.

I'm unclear why people are still using the FTP and/or HTML downloads, I haven't used them for Knoppix since the torrents became available. I've found the torrents faster ..Hello Harry!

Possibly it may be so for one or another. For me I have no advantage using the Torrents. I have a very slow DSL download rate of nearby 250kB/sec offered by my provider and this I've got last night for my download from a mirror (for me in Germany). In the last years I never had a md5sum error using the mirrors.

I also tried Bittorrent this night and got a rate nearby 80kB/sec downloading from 3 of 6 peers.

Hi Werner and utu,

As to not having a md5 error in recent years, neither have I, but clearly for different reasons. I was seeing about 50% bad downloads. I tracked this to FTP sometimes thinking that it should do a NL -> CR/LF translation on the files. Of course, I was using Windows and I expect that you use Linux to download so would never see this. But I also expect that most novices to Knoppix are also downloading the ISO in Windows. Never have had this problem with any other binary FTP download in Windows, but must have had over two dozen bad downloads in my first few years on Knoppix FTP servers before the torrents were offered.

I'm not sure why your torrent speed was so slow. Of course, I'm downloading the EN version rather than the DE version and there are a lot more seeders. There also could be an issue with some clients artificially slowing down if you don't have a router set up to properly forward ports, but recent clients seem to be getting past this nicely. I haven't forwarded any ports for the bittorrent protocol in my current router and I'm still seeing great speeds (as contrasted to the mirrors) and I'm seeing that I have plenty of piers that I'm both getting data from and sharing data with.

Perhaps the lower demand for the DE version could mean that any one mirror can keep up with it's demands, but I sure didn't see that on the EN mirrors.

For these reasons, I think the torrents are still a much better recommendation for the average user.