Re: shellshock - detect in Apache?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Fri, Sep 26, 2014 at 10:40 AM, Gary Stainburn <gary.stainburn@xxxxxxxxxxxxxx> wrote:
On Friday 26 September 2014 15:32:15 Fulko Hew wrote:
> On Fri, Sep 26, 2014 at 8:28 AM, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx>
>
> wrote:
> > On Fri, Sep 26, 2014 at 01:19:29PM +0100, Gary Stainburn wrote:
> > > Is there any way to detect an attack within Apache and block it?
> > > I'm thinking of a rule or something to check the user-agent or equiv
> >
> > before
> >
> > > calling the CGI or PHP etc.
> > > I'm looking to protect some old servers where BASH updates won't be
> > > forthcoming
> >
> > You should be able to do this with mod_rewrite -- at least if you can be
> > sure that none of the CGI variables should ever legitimately start with
> > "(".
> > Use the RewriteCond and test for every one of those variables that come
> > from
> > the user.
> > http://httpd.apache.org/docs/current/mod/mod_rewrite.html
> >
> > There may be a better way, but that's what comes to mind.
>
> Is there a simple test (similar to the 'basic bash' test';  posted
> everywhere)
> that can be executed to determine whether an apache/cgi 'environment'
> can be attacked?  or do each of my CGI (perl) apps need checking...
>
> It seems to me to be an apache/cgi environment issue, and not
> a CGI app issue.

I've found the following page:

http://www.zdnet.com/shellshock-how-to-protect-your-unix-linux-and-mac-servers-7000034072/

which includes some rewrite rules. As I've never done rewrite rules before,
where would I put them?

Yes, I saw that from a few emails ago.
That's a potential technique for mitigation, but I'm wondering
about a technique for detecting apache/cgi based vulnerability.
 
Ie.  Do I have to worry about _my_ web server?

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux