Category: Administration

Smartctl on Linux

November 27, 2014 The Geek Decoder No Comments Administration, Hardware

SMART (Self-Monitoring, Analysis, and Reporting Technology) allows you to see the status or overall health of a hard drive. This information is instumental in providing warning signs of problems with a hard drive.

All Linux distributions provide the smartmontools package, which contain the smartctl program used to display SMART information from attached drives. This package also provides the smartd daemon which periodically polls the drives to obtain SMART information.

Using smartd is essential as it can let you know immediately when a SMART attribute fails.

With the -i option, you can view the type of drive, its serial number, and so forth. In a system with a lot of drives, having this information recorded can assist in knowing which drive device (i.e., /dev/sda) corresponds with which physical drive.

Install:

# yum install smartmontools

Now start the service of Smartctl. 


#service smartd start 
# chkconfig smartd on

To enable Smart Capability for the disk run below command. 

#smartctl -s on /dev/sdb

To disable Smart Capability for the disk run below command. 


#smartctl -s off  /dev/sdb

To display details Smart info for the disk run below command. 


#smartctl -a /dev/sdb              // For IDE drive
#smartctl -a -d ata /dev/sdb       // For SATA drive

To begin, see what the drive details are:


[root@austin ~]# fdisk -l

Disk /dev/sda: 250.0 GB, 250000000000 bytes
255 heads, 63 sectors/track, 30394 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          62      497983+  83  Linux
/dev/sda2              64         584     4184932+  82  Linux swap / Solaris
/dev/sda3             585       30390   239416695   82  Linux swap / Solaris

Now we know the single drive is sda. Also, you can usually identify which hard disks are on your system by
looking in /proc/ide and in /proc/scsi.

# smartctl -i /dev/sda

root@austin ~]# smartctl -i /dev/sda
smartctl 5.43 2012-06-30 r3573 [x86_64-linux-2.6.32-504.el6.x86_64] (local build)
Copyright (C) 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net

=== START OF INFORMATION SECTION ===
Model Family:     Western Digital RE3 Serial ATA
Device Model:     WDC WD2502ABYS-18B7A0
Serial Number:    WD-WCAT19910234
LU WWN Device Id: 5 0014ee 157014252
Firmware Version: 02.03B04
User Capacity:    250,000,000,000 bytes [250 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:    Thu Nov 27 16:10:20 2014 MST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

[root@austin ~]# smartctl -i /dev/sda
smartctl 5.43 2012-06-30 r3573 [x86_64-linux-2.6.32-504.el6.x86_64] (local build)
Copyright (C) 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net

=== START OF INFORMATION SECTION ===
Model Family:     Western Digital RE3 Serial ATA
Device Model:     WDC WD2502ABYS-18B7A0
Serial Number:    WD-WCAT19910234
LU WWN Device Id: 5 0014ee 157014252
Firmware Version: 02.03B04
User Capacity:    250,000,000,000 bytes [250 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:    Thu Nov 27 16:14:54 2014 MST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

Now, edit /etc/smartd.conf and add entries for your drives:


/dev/sda -d ata -H -m root
/dev/sdb -d ata -H -m root

Turn the service on:


# chkconfig smartd on
# service smartd start

The smartctl program also allows for you to view and test SMART attributes of a drive. You can quickly check the overall health of a drive by using:

# smartctl -H /dev/sda

smartctl can be used to initiate long and short tests for the drive. These should be run periodically to do quick, or full, self-tests of the drive:


# smartctl --test=short /dev/sda
# smartctl --test=long /dev/sda
# smartctl -a /dev/sda

More info : https://wiki.archlinux.org/index.php/S.M.A.R.T.

Install EPEL and additional repositories on CentOS and Red Hat

November 11, 2014 The Geek Decoder No Comments Administration, Repos

View Repos: http://wiki.centos.org/AdditionalResources/Repositories

Install the EPEL repository

You install the EPEL repository by downloading the appropriate RPM package for your system and installing it. The following instructions use the 64-bit packages that work with Rackspace Cloud Servers instances.
CentOS and Red Hat Enterprise Linux 5.x


wget http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
sudo rpm -Uvh epel-release-5*.rpm

CentOS and Red Hat Enterprise Linux 6.x


wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
sudo rpm -Uvh epel-release-6*.rpm

CentOS and Red Hat Enterprise Linux 7.x


wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
sudo rpm -Uvh epel-release-7*.rpm

If you get a File Not Found error message when trying to download the package, the version number might have changed. You can access the latest version of the RPM installer from the Fedora EPEL wiki page. The wiki page also includes additional instructions for Red Hat Network subscribers who are installing the EPEL repository.
Install the IUS repository (optional)

The IUS repository provides newer versions of some software in the official CentOS and Red Hat repositories. The IUS repository depends on the EPEL repository.

The package names in the IUS repository are different from the package names used in the official repositories. The difference helps to avoid unintentional conflicts or software version updates.

Note: Because IUS uses package names that are different from the package names in the official repositories, we recommend IUS over Remi for Rackspace customers with managed support levels that include server software. Managed servers automatically update nightly by default, which can cause unplanned upgrades if package names are the same in more than one enabled repository.

Installing the IUS repository is a matter of downloading the appropriate RPM package for your system and installing it. The instructions below use the 64-bit packages that work with our Cloud Server instances.
CentOS 5.x


wget http://dl.iuscommunity.org/pub/ius/stable/CentOS/5/x86_64/ius-release-1.0-13.ius.centos5.noarch.rpm
sudo rpm -Uvh ius-release*.rpm

CentOS 6.x


wget http://dl.iuscommunity.org/pub/ius/stable/CentOS/6/x86_64/ius-release-1.0-13.ius.centos6.noarch.rpm
sudo rpm -Uvh ius-release*.rpm

CentOS 7.x


wget http://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/ius-release-1.0-13.ius.centos7.noarch.rpm
sudo rpm -Uvh ius-release*.rpm

Red Hat 5.x


wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-release-1.0-13.ius.el5.noarch.rpm
sudo rpm -Uvh ius-release*.rpm

Red Hat 6.x


wget http://dl.iuscommunity.org/pub/ius/stable/RedHat/6/x86_64/ius-release-1.0-13.ius.el6.noarch.rpm
sudo rpm -Uvh ius-release*.rpm

Red Hat 7.x


wget http://dl.iuscommunity.org/pub/ius/stable/RedHat/7/x86_64/ius-release-1.0-13.ius.el7.noarch.rpm
sudo rpm -Uvh ius-release*.rpm

If you get a File Not Found error message when trying to download the RPM, the version number might have changed. You can access the latest version of the repository package from the IUS Release Packages Page.
Upgrade installed packages to IUS versions

If you already have a software package installed that you want to upgrade to a newer version in the IUS repository, install the IUS yum plug-in for package replacement to simplify the upgrade process.


sudo yum install yum-plugin-replace

The plug-in provides a yum replace command that replaces a specified package and installs any required dependencies at the same time. For example, to replace the installed PHP package with the PHP 5.3 package from the IUS repository, run the following command:


sudo yum replace php --replace-with php53

For more information, see the IUS Client Usage Guide.
Install the Remi repository (optional)

The Remi repository provides newer versions of the software in the core CentOS and Red Hat Enterprise Linux repositories. The Remi repository depends on the EPEL repository.

Package names in the Remi repository are the same as the package names used in the official repositories. This similarity can result in inadvertent package upgrades when you run an update with yum, so use the Remi repository with care.

Note: Because Remi uses package names that are the same as the package names in the official repositories, we do not recommend Remi for Rackspace customers with a managed level of support. Managed servers automatically update nightly by default, which can cause unplanned upgrades if the Remi repository is enabled. If you require the Remi repository or another repository with package name conflicts, contact Rackspace Support before applying any upgrades to ensure continued support for your server.

You install the Remi repository by downloading the appropriate RPM package for your system and installing it. The following instructions use the 64-bit packages that work with Cloud Servers instances.
CentOS and Red Hat Enterprise Linux 5.x


wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
sudo rpm -Uvh remi-release-5*.rpm

CentOS and Red Hat Enterprise Linux 6.x


wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm 
sudo rpm -Uvh remi-release-6*.rpm

CentOS and Red Hat Enterprise Linux 7.x


wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm 
sudo rpm -Uvh remi-release-7*.rpm

If you get a File Not Found error message when trying to download the package, the version number might have changed. You can access the latest version of the RPM installer from the Remi Repository Configuration page. The configuration page also includes additional instructions for Red Hat Network subscribers who are installing the Remi repository.
Enable the Remi repository

The Remi repository is disabled by default.

To use the Remi repository only when you know you need it, use the –enablerepo=remi option when installing a package. For example:


sudo yum --enablerepo=remi install php-tcpdf

If you want to permanently enable the Remi repository, you need to edit the yum configuration file for Remi.

Open the repository configuration file by using a text editor of your choice:


sudo nano /etc/yum.repos.d/remi.repo
Edit the [remi] portion of the file to set the enabled option to 1. This action enables the Remi repository by default.
name=Les RPM de remi pour Enterprise Linux $releasever - $basearch
#baseurl=http://rpms.famillecollet.com/enterprise/$releasever/remi/$basearch/
mirrorlist=http://rpms.famillecollet.com/enterprise/$releasever/remi/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
failovermethod=priority

Check available repositories

You can see if the repositories that you need are installed and enabled by running the following command:


yum repolist

Some repositories, like Remi, are disabled by default. To list disabled repositories, run the following command:


yum repolist disabled

Outbound Networking issues

November 6, 2014 The Geek Decoder No Comments Administration, Networking

Sometimes the resolvers in the server cannot find a server. You can update the DNS resolvers (/etc/resolv.conf) to rotate between a number of nameservers to try and resolve the issue. Add google nameservers to the mix with your Host resolvers.

# nano /etc/redolv.conf

nameserver 8.8.8.8
nameserver 69.xx.xx.xx
nameserver 8.8.4.4
nameserver 69.xx.xx.xx

Analyze a process

November 6, 2014 The Geek Decoder No Comments Administration

Run top

top - 01:11:13 up 6 days,  1:43,  3 users,  load average: 1.96, 2.41, 2.48
Tasks: 245 total,   2 running, 243 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.2%us,  0.1%sy,  0.0%ni, 97.1%id,  2.5%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:   3838996k total,  3637052k used,   201944k free,   924288k buffers
Swap:  4194296k total,    82612k used,  4111684k free,  1474944k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                              
 8047 root      20   0  895m 762m 2324 R 93.6 20.3  53:18.98 perl

Find what’s going on:


# lsof -p 8047
COMMAND  PID USER   FD   TYPE DEVICE   SIZE/OFF     NODE NAME
perl    8047 root  cwd    DIR    8,3       4096 11191353 /home/fl/tmp/awstats
perl    8047 root  rtd    DIR    8,3       4096        2 /
perl    8047 root  txt    REG    8,3      13568 23379957 /usr/bin/perl
perl    8047 root  mem    REG    8,3     156936  6960459 /lib64/ld-2.12.so
perl    8047 root  mem    REG    8,3    1926760  6960467 /lib64/libc-2.12.so
perl    8047 root  mem    REG    8,3     145896  6960747 /lib64/libpthread-2.12.so
perl    8047 root  mem    REG    8,3      22536  6960599 /lib64/libdl-2.12.so
perl    8047 root  mem    REG    8,3      17520  6960912 /lib64/libutil-2.12.so
perl    8047 root  mem    REG    8,3     599392  7044605 /lib64/libm-2.12.so
perl    8047 root  mem    REG    8,3     113952  7044614 /lib64/libresolv-2.12.so
perl    8047 root  mem    REG    8,3     480264  6960710 /lib64/libfreebl3.so
perl    8047 root  mem    REG    8,3    1488544 23639376 /usr/lib64/perl5/CORE/libperl.so
perl    8047 root  mem    REG    8,3      43392  6960711 /lib64/libcrypt-2.12.so
perl    8047 root  mem    REG    8,3     116368  7044608 /lib64/libnsl-2.12.so
perl    8047 root  mem    REG    8,3      65928  6960428 /lib64/libnss_files-2.12.so
perl    8047 root  mem    REG    8,3      41704 23770555 /usr/lib64/perl5/auto/Encode/Encode.so
perl    8047 root  mem    REG    8,3      25624 23770786 /usr/lib64/perl5/auto/Socket/Socket.so
perl    8047 root  mem    REG    8,3   99154480 23380451 /usr/lib/locale/locale-archive
perl    8047 root    0u   CHR  136,0        0t0        3 /dev/pts/0
perl    8047 root    1u   CHR  136,0        0t0        3 /dev/pts/0
perl    8047 root    2u   CHR  136,0        0t0        3 /dev/pts/0
perl    8047 root    3r   REG    8,3      14977 23379268 /usr/local/share/perl5/Geo/IPfree.pm
perl    8047 root    4r   REG    8,3     990145 23379201 /usr/local/share/perl5/Geo/ipscountry.dat
perl    8047 root    5r   DIR    8,3       4096 11191353 /home/fl/tmp/awstats
perl    8047 root    6r   REG    8,3 5603612003  4549256 /home/fl/logs/flvoters.com-Oct-2014.log
perl    8047 root    7r   REG    8,3  119605932 11191354 /home/fl/tmp/awstats/awstats102014.tmp.8047
perl    8047 root    8w   REG    8,3    8892416 11191361 /home/fl/tmp/awstats/awstats102014.tmp.8047.bis

This is a process to re-run awstats

# /usr/bin/perl /usr/local/cpanel/3rdparty/bin/awstats.pl -config=/home/user_name/tmp/awstats/awstats.domain.com.conf -LogFile=/usr/local/apache/domlogs/domain.com -update

SSLv3 Vulnerability (Poodle)

October 15, 2014 The Geek Decoder No Comments Administration, Security

According to The Register, a serious vulnerability in SSL v3 will be disclosed tomorrow on October 15th. Some people are recommending disabling SSL v3 in various daemons until further notice.

A vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.

SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.

Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today.

Detection (Linux)

The following script can be run against the server in question. The command will return ‘SSL 3.0 enabled’ if vulnerable and ‘SSL 3.0 disabled’ if not.

_______________

#!/bin/bash
ret=$(echo Q | timeout 5 openssl s_client -connect “${1-`hostname`}:${2-443}” -ssl3 2> /dev/null)
if echo “${ret}” | grep -q ‘Protocol.*SSLv3’; then
if echo “${ret}” | grep -q ‘Cipher.*0000’; then
echo “SSL 3.0 disabled”
else
echo “SSL 3.0 enabled”
fi
else
echo “SSL disabled or other error”
fi
_______________

NOTE: This script takes the hostname of the server to check as the first argument and an optional port as the second. By default it will check the local system, port 443.
Resolution

To avoid this vulnerability, Red Hat recommends disabling SSL and using only TLSv1.1 or TLSv1.2. Backwards compatibility can be achieved using TLSv1.0. Many products Red Hat supports have the ability to use SSLv2 or SSLv3 protocols, however it is strongly recommended against.

To mitigate this vulnerability as it affects httpd, set the SSLProtocol directive as follows in /etc/httpd/conf.d/ssl.conf:

Note: This directive must either be located at the topmost level of the configuration file, or inside the default virtual host configuration for an address.

Option 1: Disable SSLv2 and SSLv3 (Enable everything except SSLv2 and SSLv3)
SSLProtocol All -SSLv2 -SSLv3

Option 2: Disable everything except TLSv1.x

On RHEL 7 or RHEL 6.6 and later:
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

On other platforms:
SSLProtocol -All +TLSv1

Then restart httpd:

# service httpd restart

Resources:
For Microsoft
https://technet.microsoft.com/en-us/library/security/3009008.aspx

https://www.openssl.org/~bodo/ssl-poodle.pdf
http://forums.cpanel.net/f185/sslv3-vulnerability-432641.html

http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html
Tests
Test your web server for SSLv2
https://www.ssllabs.com/ssltest/index.html
What you are looking for is:
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No

For Nginx – there are other files to edit:


/usr/local/psa/admin/conf/templates/default/server/nginxVhosts.php
/usr/local/psa/admin/conf/templates/default/nginxDomainVirtualHost.php
/usr/local/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php

Rebuild after any changes

# /usr/local/psa/admin/bin/httpdmng --reconfigure-all

Other Resources:

CPanel/WHM
https://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

http://www.cpanelkb.net/fix-poodle-sslv3-vulnerability/
http://thecpaneladmin.com/disabling-support-for-sslv3-on-a-cpanel-server/
Plesk
http://kb.sp.parallels.com/en/123160

http://www.percona.com/blog/2014/10/15/how-to-close-poodle-sslv3-security-flaw-cve-2014-3566/
http://bobcares.com/blog/protecting-your-cpanel-whm-server-from-sslv3-poodle-vulnerability-guide-to-mitigate-cve-2014-3566-by-disabling-ssl-3-0-in-exim-apache-nginx-pure-ftp-proftpd-dovecot-and-courier-imap

Change Date/Time for CentOS 6

October 9, 2014 The Geek Decoder No Comments Administration, Date/Time

Need to set the data for Central Stabndard Time?

CentOS System Date/Time
PHP Date and Time Global
MySQL Data and Time

The Timezone can been set to MST by running the following:


mv /etc/localtime /etc/localtime.bak
ln -s /usr/share/zoneinfo/America/Chicago /etc/localtime

#Sync with timeserver


service ntpd stop
ntpdate pool.ntp.org
service ntpd start

#Lock the file


chattr +i /etc/localtime

#MySQL uses the system date and time, so it just needed to be restarted to take effect
service mysqld restart

Added date.ini the following file to /etc/php.d/


[date]
date.timezone=America/Chicago

#Apache needs to be restarted afterwards


#service httpd restart

Date/Timezone for CentOS 6.5 server

October 3, 2014 The Geek Decoder No Comments Administration, CentOS 6

My Server time Zone was +00:00 GMT and today I found the time showing +1:00 GMT . Would you please tell how it has been changed ? Is that because of Daylight Saving issue ?

The server currently is set to British Summer Time, which is UTC +1 currently, you can change the time zone to UTC/GMT which does not adjust for Daylight Saving Time, you can run the following commands to set the time zone to UTC:


mv /etc/localtime /etc/localtime.bak
ln -s /usr/share/zoneinfo/UTC /etc/localtime

You can prevent this from being changed by updates by running:


chattr +i /etc/localtime

Bash Code Injection Vulnerability (Shellshock)

September 25, 2014 The Geek Decoder No Comments Administration, Security

Products Affected:

Product/Channel Fixed in package Remediation details
Red Hat Enterprise Linux 7 bash-4.2.45-5.el7_0.2 Red Hat Enterprise Linux
Red Hat Enterprise Linux 6 bash-4.1.2-15.el6_5.1 Red Hat Enterprise Linux
bash-4.1.2-15.el6_5.1.sjis.1 Red Hat Enterprise Linux
bash-4.1.2-9.el6_2.1 Red Hat Enterprise Linux 6.2 AUS
bash-4.1.2-15.el6_4.1 Red Hat Enterprise Linux 6.4 EUS
Red Hat Enterprise Linux 5 bash-3.2-33.el5.1 Red Hat Enterprise Linux
bash-3.2-33.el5_11.1.sjis.1 Red Hat Enterprise Linux
bash-3.2-24.el5_6.1 Red Hat Enterprise Linux 5.6 LL
bash-3.2-32.el5_9.2 Red Hat Enterprise Linux 5.9 EUS
Red Hat Enterprise Linux 4 bash-3.0-27.el4.2 Red Hat Enterprise Linux 4 ELS

 

Check the version:

[root@server]# rpm -qa | grep bash
bash-completion-1.3-7.el6.noarch
bash-4.1.2-15.el6_4.x86_64

Diagnostic Steps:

Exploit 1 (CVE-2014-6271)

There are a few different ways to test if your system is vulnerable to shellshock. Try running the following command in a shell.

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you see “vulnerable” you need to update bash. Otherwise, you should be good to go.

Exploit 2 (CVE-2014-7169)

Even after upgrading bash you may still be vulnerable to this exploit. Try running the following code.

env X='() { (shellshocker.net)=>' bash -c "echo date"; cat echo ; rm -f echo

If the above command outputs the current date (it may also show errors), you are still vulnerable.

Exploit 3 (???)

Here is another variation of the exploit. Please leave a comment below if you know the CVE of this exploit.

env -i X=' () { }; echo hello' bash -c 'date'

If the above command outputs “hello”, you are vulnerable.

Exploit 4 (CVE-2014-7186)

bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' ||
echo "CVE-2014-7186 vulnerable, redir_stack"

A vulnerable system will echo the text “CVE-2014-7186 vulnerable, redir_stack”.

Exploit 5 (CVE-2014-7187)

(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash ||
echo "CVE-2014-7187 vulnerable, word_lineno"

A vulnerable system will echo the text “CVE-2014-7187 vulnerable, word_lineno”.

Run update:

[root@server ~]# yum update bash
Loaded plugins: downloadonly, fastestmirror, priorities
Loading mirror speeds from cached hostfile
epel/metalink                                            |  16 kB     00:00
 * base: mirror.hmc.edu
 * epel: mirrors.solfo.com
 * extras: centos.sonn.com
 * updates: linux.mirrors.es.net
base                                                     | 3.7 kB     00:00
extras                                                   | 3.3 kB     00:00
updates                                                  | 3.4 kB     00:00
updates/primary_db                                       | 5.3 MB     00:00
81 packages excluded due to repository priority protections
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package bash.x86_64 0:4.1.2-15.el6_4 will be updated
---> Package bash.x86_64 0:4.1.2-15.el6_5.1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package       Arch            Version                   Repository        Size
================================================================================
Updating:
 bash          x86_64          4.1.2-15.el6_5.1          updates          905 k

Transaction Summary
================================================================================
Upgrade       1 Package(s)

Total download size: 905 k
Is this ok [y/N]: y
Downloading Packages:
bash-4.1.2-15.el6_5.1.x86_64.rpm                         | 905 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : bash-4.1.2-15.el6_5.1.x86_64                                 1/2
  Cleanup    : bash-4.1.2-15.el6_4.x86_64                                                                                                                                                        2/2
  Verifying  : bash-4.1.2-15.el6_5.1.x86_64                                                                                                                                                      1/2
  Verifying  : bash-4.1.2-15.el6_4.x86_64                                                                                                                                                        2/2

Updated:
  bash.x86_64 0:4.1.2-15.el6_5.1

Complete!


[root@server ~]# rpm -qa | grep bash
bash-4.1.2-15.el6_5.1.x86_64
bash-completion-1.3-7.el6.noarch

Test after update:

[root@server ~]# env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

For Ubuntu Systems:

apt-get update; apt-get install --only-upgrade bash

For Arch Linux:

pacman -Sy bash

A reboot is not required after the update.

Resources:

https://access.redhat.com/articles/1200223

http://www.reuters.com/article/2014/09/24/us-cybersecurity-bash-idUSKCN0HJ2FQ20140924

http://seclists.org/oss-sec/2014/q3/685

http://www.vox.com/2014/9/25/6843949/the-bash-bug-explained

Find Out Which Process Is Listening Upon a Port

September 12, 2014 The Geek Decoder No Comments Administration

How do I find out running processes were associated with each open port?


#sudo netstat -lpn |grep :8080

You will get an output similar to this one


tcp6       0      0 :::8080                 :::*                    LISTEN      6782/java

The process i, which is 6782, now this is the process that is using port 8080.

Kill the process, type: kill 6782


# kill -9 6782

and now port 8080 is free.

http://www.cyberciti.biz/faq/what-process-has-open-linux-port/