09-25-2014
I assume that hackers would need to get to the server using ssh with a -c option for command. IMHO, web servers should not have outward facing ssh ports and if they do they should not use port 22 and should use cert based authentication. It seems like this is going to affect companies that don't have good network security, more than those that do.
I would be curious to see what the attack looks like though.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi All,
I need to pass a variable to perl script from bash script, where in perl i am using if condition. Here is the cmd what i am using in perl
FROM_DATE="06/05/2008"
TO_DATE="07/05/2008"
"perl -ne ' print if ( $_ >="$FROM_DATE" && $_ <= "$TO_DATE" ) ' filename"
filename has... (10 Replies)
Discussion started by: arsidh
10 Replies
2. Shell Programming and Scripting
Hi,
I use AIX (ksh) and Linux (bash) servers. I'm trying to do scripts to will run in both ksh and bash, and most of the time it works. But this time I don't get it in bash (I'm more familar in ksh).
The goal of my script if to read a "config file" (like "ini" file), and make various report.... (2 Replies)
Discussion started by: estienne
2 Replies
3. Shell Programming and Scripting
hi,
i have a script that runs on bash and would like to run it on a machine that has csh and bash. the default setting on that machine is csh. i dont want to change my code to run it with a csh shell. is there any way i can run the script (written in bash) on this machine? in other words is there... (3 Replies)
Discussion started by: npatwardhan
3 Replies
4. UNIX for Dummies Questions & Answers
# check host value regex='^(||1|2|25)(\.(||1|2|25)){3}$' if ')" != "" ]; then if ]; then echo host $host not found exit 4 fi elif ]; then echo $host is an invalid host address exit 5 fi
espeacailly the top regex part?
---------- Post updated at 06:58 PM ---------- Previous update was... (1 Reply)
Discussion started by: kevin298
1 Replies
5. Solaris
The patch blog has:
https://blogs.oracle.com/patch/entry/solaris_idrs_available_on_mos
information on dealing with bash 'shellshock' vulnerability. (3 Replies)
Discussion started by: jim mcnamara
3 Replies
6. Shell Programming and Scripting
In the bash below I am asking the user for a panel and reading that into bed. Then asking the user for a file and reading that into file1.Is the grep in bold the correct way to apply the selected panel to the file? I am getting a syntax error. Thank you :)
... (4 Replies)
Discussion started by: cmccabe
4 Replies
7. Shell Programming and Scripting
How to run several bash commands put in bash command line without needing and requiring a script file.
Because I'm actually a windows guy and new here so for illustration is sort of :
$ bash "echo ${PATH} & echo have a nice day!"
will do output, for example:... (4 Replies)
Discussion started by: abdulbadii
4 Replies
8. Shell Programming and Scripting
So I'm trying to pass certain json elements as env vars and use them later on in a script.
Sample json:
JSON='{
"Element1": "file-123456",
"Element2": "Name, of, company written in, a very weird way",
"Element3": "path/to/some/file.txt",
}'
(part of the) script:
for s... (5 Replies)
Discussion started by: da1
5 Replies
9. UNIX for Beginners Questions & Answers
Hi,
I am new in bash scripting. In my work, I provide support to several users and when I connect to their computers I use the same admin and password, so I am trying to create a script that will only ask me for the IP address and then connect to the computer without having me to type the user... (5 Replies)
Discussion started by: arcoa05
5 Replies
10. UNIX for Beginners Questions & Answers
In Bash shell - the ps -ef shows only the /bin/bash but the script name is not displayed ? Is there any way to get the script names for the process command ?
--- Post updated at 08:39 AM ---
in KSH (Korn Shell), my command output shows the script names but when run in the Bash Shell... (3 Replies)
Discussion started by: i4ismail
3 Replies
RATS(1) General Commands Manual RATS(1)
NAME
rats - Rough Auditing Tool for Security
SYNOPSIS
rats [options] [file]...
DESCRIPTION
rats is a rough auditing tool for security developed by Secure Software, Inc. It is a tool for scanning C, Perl, PHP, and Python source
code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race condi-
tions. As its name implies, the tool performs only a rough analysis of source code. It will not find every error and will also find
things that are not errors. Manual inspection of your code is still necessary, but greatly aided with this tool.
When started, RATS will scan each file or each file in the directory specified on the command line and produce a report when scanning is
complete. What vulnerabilities are reported in the final report depend on the data contained in the vulnerability database or databases
that are used and the warning level in use.
For each vulnerability, the list of files and line numbers where it occured is given, followed by a brief description of the vulnerability
and suggested action.
OPTIONS
-h, --help
Displays a brief usage summary and exit.
-a <fun>
Report any occurence of function 'fun' in the source file(s)
-d <filename>, --database <filename>, --db <filename>
Specifies a vulnerability database to be loaded. You may have multiple -d options and each database specified will be loaded.
-i, --input
Causes a list of function calls that were used which accept external input to be produced at the end of the vulnerability report.
-l <lang>, --language <language>
Force the specified language to be used regardless of filename extension. Currently valid language names are "c", "perl", "php" and
"python".
-r, --references
Causes references to vulnerable function calls that are not being used as calls themselves to be reported.
-w <level>, --warning <level>
Sets the warning level. Valid levels are 1, 2 or 3.
1 includes only default and high severity.
2 includes medium severity (default).
3 includes low severity vulnerabilities.
-x Causes the default vulnerability databases (which are in the installation data directory, /usr/share/rats by default) to not be
loaded.
-R, --no-recurssion
Do not recurse subdirectories when encountered.
--xml Output in XML
--html Output in HTML
--follow-symlinks
Follow symlinks and treat them like whatever they are pointing to. If the symlink points to a directory it will be descended into
unless -R is specified, if a pointing to a file, it will be treated as a file.
AUTHOR
This manual page was orginally written by Adam Lazur <adam@lazur.org>, for the Debian GNU/Linux system (but may be used by others).
Modified by Secure Software, Inc.
September 17, 2001 RATS(1)