Concerned about shellshock? You should be!

Heartbleed (CVE-2014-0160.) has been given a rating of 10 which is the highest possible rating.

If you are running just about any Unix or Linux variant (including Apple Mac), or embeded device that uses bash and/or a web-server with CGI that can call bash.

How do you protect yourself?

1. If possible disable any remote system access from the Internet, or non-secure internal network.
2. Try to replace scripts that use bash to use another shell

There are some FREE Linux automated scanning tools that can help you see if you are vulnerable:

Free online scanners:

The way to test for yourself is:


# env ‘x=() { :;}; echo vulnerable’ ‘BASH_FUNC_x()=() { :;}; echo vulnerable’ bash -c “echo test”
bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)’
bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable’
bash: error importing function definition for `BASH_FUNC_x’


[root@XXXXXX ~]# env ‘x=() { :;}; echo vulnerable’ ‘BASH_FUNC_x()=() { :;}; echo vulnerable’ bash -c “echo test”
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `BASH_FUNC_x’




Ever wondered which files have been changed on your system?

The “ff” command can scan the inodes of a filesystem or logical volume and produce a status report, for instance to see all the files that have changed within the last 24 hours in the root filesystem:

ff -m -1 -u /dev/hd4
ff: /dev/rhd4: 43 files were selected
./etc   12          root
./etc/objrepos/CDiagAtt 97          root
./etc/objrepos/      98          root
./etc/objrepos/CDiagDev 99          root
./etc/objrepos/CuAt     101         root
./etc/objrepos/  102         root
./etc/objrepos/SRCnotify        120         root
./etc/objrepos/SRCsubsvr        121         root
./etc/objrepos/SRCsubsys        122         root
./etc/objrepos/SWservAt 123         root


To list files that have not been changed for more than 30 days:

ff -a +30 /dev/hd4
./lpp/        77572       root
./lpp/   77573       root
./lpp/bos/bos.rte.tty/  77600       root
./lpp/bos/deinstl/bos.rte.tty/ 77601       roo
./lpp/bos/deinstl/bos.rte.tty/  77602      root
./lpp/bos/bos.rte.archive/      77632       root
./lpp/bos/bos.rte.archive/   77633       root
./lpp/bos/bos.rte.archive/    77634      root


To list the paths corresponding to i-node numbers 21016 and 8216,enter:

ff -l -i 21016,8216 /dev/hd3
ff: /dev/rhd3: 2 files were selected
ff: /dev/rhd3: 0 link names were detected
./.workdir.4587694.6488228_1    8216
./.workdir.16056422.15925484_1  21016