Test your server for the Shellshock vulnerability

After patching your server, run the following tests to make sure your server is safe from the Shellshock vulnerability.

Note: These tests work on all versions of Linux.

  1. Run the following command:
    cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
    A correctly-patched server will return:
    date cat: /tmp/echo: No such file or directory
  2. Run the following command:
    env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"

    Clean servers' responses will vary depending on the BASH version, but you should see test near the the bottom of the output.

    Vulnerable servers' response will be vulnerable.

Warning: Your server must pass both tests to be considered safe from the bash vulnerability.

Was This Article Helpful?
Thanks for your feedback. To speak with a customer service representative, please use the support phone number or chat option above.
Glad we helped! Anything more we can do for you?
Sorry about that. Tell us what was confusing or why the solution didn’t solve your problem.