NSLU2-Linux
view · edit · print · history

SHELLSHOCK

October 7, 2014 The official bash_3.2.54-1_armeb.ipk feed now tested NOT-vulnerable although it does not include the 055, 056 and 057 patches. So for that reason I'll leave link http://computerfixpro.com/shellshock-FIXed-057.zip(approve sites) for those who want that too. Anyone using the feed of bash_3.2.52-1_armeb.ipk or less should update. (bash_3.2.52 was compiled incorrectly and will fail all vulnerability testing!!!)

Installation

From the root prompt, type:

    ipkg install bash

Configuration

The /etc/shells

You can add bash to the /etc/shells file. Just simple do:

    echo "/opt/bin/bash" >> /etc/shells

The /etc/passwd file

You can configure the default shell for a normal user: - Open the /etc/passwd file - Change the line of the normal user (myuser):

    myuser:*crypted*:2000:501:Normal User:/share/hdd/data/myuser:/opt/bin/bash

First login

Try now to login as the normal user.

The .bash_profile and .bashrc files

The .bash_profile is used during login. This file calls the .bashrc file.

The .bashrc is called when a bash process is started (not login)

During login the /etc/profile will also be executed (if it exists). This package comes with /opt/etc/profile. Use

    ln -s /opt/etc/profile /etc/profile

to activate it.

Example files

These example files are severely cut down versions of the common standard bashrc files (http://www.tldp.org/LDP/abs/html/sample-bashrc.html#BASHRC) which work on the slug. The originals are a lot more sophisticated, but these are a pretty good starting point.

Example .bash_profile

Save this file as .bash_profile in the user's home folder (i.e. ~/)

 
#===============================================================
#
# PERSONAL $HOME/.bash_profile FILE
#
#===============================================================

#-----------------------
# Load the .bashrc file
#-----------------------

[ -f .bashrc ] && source .bashrc

 

Example Global bashrc

Save this file as /opt/etc/bashrc

 
#===============================================================
#
# GLOBAL /opt/etc/bashrc FILE for bash-2.05a (or later)
#
# This file is read (normally) by interactive shells only.
# Here is the place to define your aliases, functions and
# other features common to all user's bash sessions.
#
#===============================================================


#-------------------------------------------------------------
# Automatic setting of $DISPLAY (if not set already)
# This works for linux - your mileage may vary....
# The problem is that different types of terminals give
# different answers to 'who am i'......
# I have not found a 'universal' method yet
#-------------------------------------------------------------

DISPLAY=${hostname}:0.0
export DISPLAY

#---------------
# Some settings
#---------------

ulimit -S -c 0          # Don't want any coredumps
set -o notify
set -o noclobber
set -o ignoreeof
set -o nounset
#set -o xtrace          # useful for debuging

# Enable options:
shopt -s cdspell
shopt -s cdable_vars
shopt -s checkhash
shopt -s checkwinsize
shopt -s mailwarn
shopt -s sourcepath
shopt -s no_empty_cmd_completion  # bash>=2.04 only
shopt -s cmdhist
shopt -s histappend histreedit histverify
shopt -s extglob        # necessary for programmable completion

# Disable options:
# shopt -u mailwarn
# unset MAILCHECK               # I don't want my shell to warn me of incoming mail


export TIMEFORMAT=$'\nreal %3R\tuser %3U\tsys %3S\tpcpu %P\n'
export HISTIGNORE="&:bg:fg:ll:h"
export HOSTFILE=$HOME/.hosts    # Put a list of remote hosts in ~/.hosts


#-----------------------
# Greeting, motd etc...
#-----------------------

# Define some colors first:
red='\e[0;31m'
RED='\e[1;31m'
blue='\e[0;34m'
BLUE='\e[1;34m'
cyan='\e[0;36m'
CYAN='\e[1;36m'
NC='\e[0m'              # No Color
# --> Nice. Has the same effect as using "ansi.sys" in DOS.

 

Example .bashrc

Save this file as .bashrc in any normal user's home folder (i.e. ~/) it relies on the existence of the /opt/etc/bashrc file.

 
#===============================================================
#
# PERSONAL $HOME/.bashrc FILE for bash-2.05a (or later)
#
# Last modified: Mon Jan 17 
#
# This file is read (normally) by interactive shells only.
# Here is the place to define your aliases, functions and
# other interactive features like your prompt.
#
# This file was designed (originally) for Solaris but based 
# on Redhat's default .bashrc file
# --> Modified for Linux.
# The majority of the code you'll find here is based on code found
# on Usenet (or internet).
# This bashrc file is a bit overcrowded - remember it is just
# just an example. Tailor it to your needs
# --> Tailored to be operable on the NLSU2 with Unslung 1.x 
#     onwards. It has been cut down somewhat from the original
#     sample found at:
#     http://www.tldp.org/LDP/abs/html/sample-bashrc.html#BASHRC
#
#===============================================================

#-----------------------------------
# Source global definitions (if any)
#-----------------------------------

if [ -f /opt/etc/bashrc ]; then
        . /opt/etc/bashrc   # --> Read /opt/etc/bashrc, if present.
fi


#-----------------------
# Greeting, motd etc...
#-----------------------

# Define some colors first (defined in /opt/etc/bashrc):

# Looks best on a black background.....
#echo -e "${CYAN}BASH ${RED}${BASH_VERSION%.*}$NC"

# function to run upon exit of shell
#function _exit()
#{
#    echo -e "${RED}Bye Bye${NC}"
#}
#trap _exit EXIT

#---------------
# Shell Prompt
#---------------

HILIT=${cyan}  # local machine: prompt will be partly cyan

#  --> Replace instances of \W with \w in prompt functions below
#  --> to get display of full path name.

function fastprompt()
{
    unset PROMPT_COMMAND
    case $TERM in
        *term | rxvt | linux )
            PS1="${HILIT}//\h\w$NC> " ;;
        *)
            PS1="//\h\w> " ;;
    esac
}

fastprompt

#-----------------------------------
# File & strings related functions:
#-----------------------------------

# Find a file with a pattern in name:
function ff() { find . -type f -iname '*'$*'*' -ls ; }
# Find a file with pattern $1 in name and Execute $2 on it:
function fe() { find . -type f -iname '*'$1'*' -exec "${2:-file}" {}\;  ; }

function ii()   # get current host related info
{
    echo -e "\nYou are logged on ${RED}$HOST"
    echo -e "\nAdditionnal information:$NC " ; uname -a
#    echo -e "\n${RED}Users logged on:$NC " ; w -h
    echo -e "\n${RED}Current date :$NC " ; date
    echo -e "\n${RED}Machine stats :$NC " ; uptime
    echo -e "\n${RED}Memory stats :$NC " ; free my_ip 2>&- ;
    echo -e "\n${RED}Local IP Address :$NC" ; echo ${MY_IP:-"Not connected"}
    echo -e "\n${RED}ISP Address :$NC" ; echo ${MY_ISP:-"Not connected"}
    echo -e "\n${RED}Free Disk Space :$NC" ; df
    echo
}


Example .bashrc for root

Save this file as .bashrc in the root user's home folder (i.e. /root/) it relies on the existence of the /opt/etc/bashrc file.

 
#===============================================================
#
# PERSONAL $HOME/.bashrc FILE for bash-2.05a (or later)
#
# Last modified: Mon Jan 17 
#
# This file is read (normally) by interactive shells only.
# Here is the place to define your aliases, functions and
# other interactive features like your prompt.
#
# This file was designed (originally) for Solaris but based 
# on Redhat's default .bashrc file
# --> Modified for Linux.
# The majority of the code you'll find here is based on code found
# on Usenet (or internet).
# This bashrc file is a bit overcrowded - remember it is just
# just an example. Tailor it to your needs
# --> Tailored to be operable on the NLSU2 with Unslung 1.x 
#     onwards. It has been cut down somewhat from the original
#     sample found at:
#     http://www.tldp.org/LDP/abs/html/sample-bashrc.html#BASHRC
#
#===============================================================

#-----------------------------------
# Source global definitions (if any)
#-----------------------------------

if [ -f /opt/etc/bashrc ]; then
        . /opt/etc/bashrc   # --> Read /opt/etc/bashrc, if present.
fi


#-----------------------
# Greeting, motd etc...
#-----------------------

# Define some colors first (defined in /opt/etc/bashrc):

# Looks best on a black background.....
echo -e "${CYAN}BASH ${RED}${BASH_VERSION%.*}$NC"
echo -e "\n${RED}Machine information:$NC " ; uname -a
#echo -e "\n${RED}Users logged on:$NC " ; w -h
echo -e "\n${RED}Current date :$NC " ; date
echo -e "\n${RED}Machine stats :$NC " ; uptime
echo -e "\n${RED}Memory stats :$NC " ; free my_ip 2>&- ;
echo -e "\n${RED}Free Disk Space :$NC" ; df
echo

# function to run upon exit of shell
#function _exit()
#{
#    echo -e "${RED}Bye Bye${NC}"
#}
#trap _exit EXIT

#---------------
# Shell Prompt
#---------------

HILIT=${RED}  # local machine: prompt will be partly red

#  --> Replace instances of \W with \w in prompt functions below
#  --> to get display of full path name.

function fastprompt()
{
    unset PROMPT_COMMAND
    case $TERM in
        *term | rxvt | linux )
            PS1="${HILIT}//\h\w$NC# " ;;
        *)
            PS1="//\h\w# " ;;
    esac
}

fastprompt

#-----------------------------------
# File & strings related functions:
#-----------------------------------

# Find a file with a pattern in name:
function ff() { find . -type f -iname '*'$*'*' -ls ; }
# Find a file with pattern $1 in name and Execute $2 on it:
function fe() { find . -type f -iname '*'$1'*' -exec "${2:-file}" {}\;  ; }

function ii()   # get current host related info
{
    echo -e "\nYou are logged on ${RED}$HOST"
    echo -e "\nAdditionnal information:$NC " ; uname -a
#    echo -e "\n${RED}Users logged on:$NC " ; w -h
    echo -e "\n${RED}Current date :$NC " ; date
    echo -e "\n${RED}Machine stats :$NC " ; uptime
    echo -e "\n${RED}Memory stats :$NC " ; free my_ip 2>&- ;
    echo -e "\n${RED}Local IP Address :$NC" ; echo ${MY_IP:-"Not connected"}
    echo -e "\n${RED}ISP Address :$NC" ; echo ${MY_ISP:-"Not connected"}
    echo -e "\n${RED}Free Disk Space :$NC" ; df
    echo
}

 

The Prompt

A simple prompt (SuSE-style):

export PS1="\u@\h:\w/ > "
export PS2="> "

For details: look at: http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO


////Note to maintainer: It seems like bash needs curses, after installing bash and ssh on a fresh 3.17 I got this error when starting bash.

-bash: error while loading shared libraries: libncurses.so.5: cannot open shared object file: No such file or directory

////Note to maintainer: It might be helpful to noobies to include that the .bash_profile and .bashrc files need to be manually created and where one should create them. I found, via another page, that the .bash_profile goes in each user's home folder, but still haven't found where to put the .bashrc file. Other than that, the wiki seems pretty well thought out and is very helpful.


.bash_profile and .bashrc need to be created in a user's home directory (~/). They should be owned, readable and executable by that user.

I did a fresh install and did not get a libcurses error.


I had sftp and ssh available before installing and configuring bash for root. After install I cannot do sftp [but can ssh]. When starting my sftp client, I get the error:

File transfer server could not be started or exited unexpectedly. Exit value 0 was returned. Most likely the sftp-server is not in the pat of the user on the server-side.

Since then, I maually added the /opt/libexec to to the PATH in /etc/profile, but this did not change the error. BTW, I can still sftp and ssh as another user which does not have the .bash configured.

OK here is the solution: The above problem was caused by the echo statements in the ~/.bshrc file. When all of these were commented out, the sftp logon works now.


An issue related to no sftp login with the above ~/.bashrc file. This is caused by an interactive logon starting. My solution is to not parse the ~/.bashrc if the login is not interactive. Adding the line below to the beginning of the ~/.bashrc works for me.

# if not logging in interactively do nothing
[ -z "$PS1" ] && return

I had some line wrapping problems with this color prompt. putting \[ and \] around the color codes within the prompt definition solved that problem:
change

PS1="${HILIT}//\h\w$NC# " ;;

to

PS1="\[${HILIT}\]//\h\w\[$NC\]# " ;;

See http://www.nslu2-linux.org/wiki/HowTo/RunAnotherShellForRootSafely for changing the root shell safely.

Page last modified on October 07, 2014, at 03:03 PM