We were wondering if SmartState could be leveraged to identify systems in the environment with the Bash shell vulnerability.
Absolutely, you can scan file information, file contents, users, groups, etc… there forebased on the article links you have posted;
“The fix is an update to a patched version of the Bash shell”
We would scan for the bash file itself, this would come back to include its version, date, time stamps.
You can then create a compliance check that returns true or false to a specific a minimum version, date/time stamp etc…
Here is a link to some VMware based security hardening checks on exactly the type of thing you describe, they may help as a reference.
Hope this helps
@jhardy I believe we have an example somewhere for the Heartbleed vulnerability that is done almost exactly the same way (i.e. check for openssl version). Do you have a link to that?
Also there is a YMAL somewhere on Mojo I shall send you the link.
Thanks @jhardy . Since ask is going away and that link will probably die, I’m copying here for posterity:
Done, the article I blogged has a link to a downloadable policy profile that you can simply import and go.
Nice! Will grab your blog post and video and syndicate them.