Bash has recently exposed a serious vulnerability, which affects almost all Linux systems on the market. From the security perspective, the customer requires that the vulnerability be repaired for each affected host. As the company uses a Red Hat system, security is also affected.
(Digress: Red Hat Patches can be downloaded only after they are paid. As a poor person, I am helpless. I asked the company if I didn't buy the Red Hat service. The Red Hat service is generally calculated based on the number of CPUs, it seems that two of them are in one group. A group of services (the red hat person-in-charge service is called subscription) Costs 799 US dollars for 5 × 8 services and 1299 US dollars for 7 × 24 services .)
If a vulnerable server executes the following commands, the system prompts "vulnerable" and "this is a test,
If no vulnerability exists or the vulnerability is fixed, only "this is a test" is displayed ".
Because the company has not purchased the Red Hat service, it has obtained patches from third-party channels. (It took me a lot of points and hurt me)
There are two types of servers designed, one is Red Hat Enterprise Linux Server Release 5 system is 32, and bash on the system is a bash-3.2-24.el5.
The patch file I got has a bash-3.2-33.el5_11.4.i386.rpm which is suitable for my use in this version.
Upload to the server and start installation.
After successful installation, run the test statement again to find that the vulnerability has been fixed.
The Red Hat Enterprise Linux Server Release 6 is also 32-bit, And the bash version is the bash-4.1.2-8.el6.i686. This troublesome patch package is a bash-4.1.2-15.el6_5.2.src.rpm. Generally, this SRC package is compiled and requires a normal rpm generated after compilation for installation. Suddenly, when my mind crapped and I installed it directly, an error was reported,
Later I remembered that the uncompiled SRC package must be compiled before a normal rpm package can be generated.
Upload the SRC package to the server and compile it with the following command:
Rebuildbash-4.1.2-15.el6_5.2.src.rpm-rpmbuild
After compilation, several packages are generated in the/root/rpmbuild/RPMS/i686/directory.
Go to/root/rpmbuild/RPMS/i686/and find the bash-4.1.2-15.el6.2.i686.rpm package below for installation. The vulnerability has been fixed again,
The rest is that there are several red hat 6 servers left, And the compiled package can be installed on each server. The repair has been announced so far.
I have provided Red Hat 5 and 6 patch packages here, 32 and 64-bit are all here, And I uploaded them to my csdn resources, if you need it, download it and install it by referring to the above steps.
Http://download.csdn.net/detail/wxlbrxhb/8018477
Install and download bash vulnerability patches, which will be sorted out in October 9