[Fix] Linux Bash Code Injection Vulnerability – ShellShock
ShellShock is new Linux vulnerability affecting all versions of Bash package. This vulnerability is worse than HeartBleed! This command line vulnerability is present in Mac OS X too. Basically it’s there in all the systems having Bash, a software used to control the command line in Unix.
To test if you are vulnerable to ShellShock, run this command:
1 | env x='() { :;}; echo vulnerable' bash -c "echo this is a test" |
If you see output:
1 2 | vulnerable this is a test |
that means you are vulnerable!
Fix for Redhat packages:
1 | yum update bash |
Fix for Ubuntu/Debian packages:
1 | apt-get upgrade bash |
After running above commands, check again to see if you are vulnerable:
1 | env x='() { :;}; echo vulnerable' bash -c "echo this is a test" |
If you see below output, that means you are no longer vulnerable
1 2 3 | bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test |
Magento: Sample apache virtualhost for your website
Sample apache virtualhost to point to your magento directory and run your local website with specified URL.
1 2 3 4 5 6 7 8 | <VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/var/www/magento/"
ServerName loca.lho.st
ServerAlias loca.lho.st
ErrorLog "logs/error_log"
CustomLog "logs/access_log" common
</VirtualHost> |
Add entry to /etc/hosts too:
1 | 127.0.0.1 loca.lho.st |
Restart apache (service httpd restart OR service apache2 restart) and point your browser location to:
1 | http://loca.lho.st |
and you will see the website running from your /var/www/magento directory.
Linux: Bash script to check availability of domain names in differnet TLDs
If you want to check whether your desired domain name is available or not in different extensions, it’s tiresome to search it for each and every tld. There are also limits of performing query to whois on websites, where they will not allow you unlimited whois information queries. It’s better to have your own script which will tell you the availibility of domain name in different extensions, right from your terminal.
Below script will check your domain name for TLDs .com, .net, .org, .info, .us, .co, .tel, .tv, .biz, .cc, .ru, .eu, .in, .it, .sk, .com.au, .sh, .re and .dk
But you can add other TLDs also if you want.
First create a file, e.g. chkWhois.sh, and give it proper permission to execute.
1 2 | touch chkWhois.sh
chmod 744 chkWhois.sh |
Now, copy below code to this newly created file
Continue reading »
Linux: Bash script to get email address and created/updated/expires dates of domain name
In linux, to check the whois of any domain name, the simple command is:
1 | whois domainname.com |
But, it will show you so many things which are not important, e.g. it will show you the NOTICE and TERMS of USE and so many other things.
If you are only concerned of getting the email address and creation/updation/expiry date of domain name from whois, here is the bash script that will help you out.
First create a bash script file, e.g. whoisEmailAndDates.sh and give it permissions to run:
1 2 | touch whoisEmailAndDates.sh
chmod 744 whoisEmailAndDates.sh |
Welcome to my Blog
Helping Magento developers in their day-to-day development problems since 2011. Most of the problems and solutions here are my own experiences while working on different projects. Enjoy the blog and don't forget to throw comments and likes/+1's/tweets on posts you like. Thanks for visiting!Certifications
Honor
Recognition
Contributions
Categories
- Apache (2)
- ChatGPT (1)
- Domain name (2)
- eCommerce (2)
- htaccess (1)
- Humor (3)
- Instagram API (1)
- jQuery (4)
- JSON (1)
- Linux (10)
- Magento (142)
- Magento admin (58)
- Magento Certification (5)
- Magento error (13)
- Magento frontend (68)
- Magento Imagine (2)
- Magento Interview (5)
- Magento Master (2)
- Magento2 (10)
- Mobile (1)
- MySQL (7)
- OpenAI (1)
- OroCRM (2)
- Performance (2)
- PHP (8)
- Prototype JS (3)
- Security (4)
- Wordpress (3)
- XML (2)