主要针对Linux, Mac机器,
先按如下步骤检查是否已经被“***”:
http://www.linuxbrigade.com/bash ... -find-youve-tested/
First, ssh into your server and find your http access logs. Some common places are:
cPanel: /usr/local/apache/domlogs/
Debian/Apache: 
ar/log/apache2/
CentOS: ar/logtpd/
Once you find them, you can cat them, grepping for this pattern:
cat access_log |grep "{ :;};"
复制代码
如果发现已经被***了,赶紧打补丁吧:
http://www.linuxnews.pro/patch-bash-shell-shock-centos-ubuntu/
For CentOS, Fedora, Red Hat (and the like) users, just type this to update it (yes, there’s already a patch, and you’ll be patched up in about 10 seconds)
yum -y update bash
复制代码
For Debian, Ubuntu (and the like) users, type this to update bash:
sudo apt-get update && sudo apt-get install --only-upgrade bash
复制代码
最后检查是不是补丁打好了:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
复制代码
If you see “vulnerable” afterwards, you haven’t patched it.
If you see “this is a test”, you’re patched.
转载于:https://blog.51cto.com/9388567/1582708
3053
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
