Giter VIP home page Giter VIP logo

Comments (5)

mzet- avatar mzet- commented on July 1, 2024 2

To avoid these kind of errors I've added bash version checking on script's startup. 4.0 is needed for associative arrays, =~ operator was added in 3.* so we should be good now.

from linux-exploit-suggester.

bcoles avatar bcoles commented on July 1, 2024 1

For what it's worth, CentOS 5.5 (2.6.18-194) and CentOS 5.4 (2.6.18-164) don't have this issue.

from linux-exploit-suggester.

bcoles avatar bcoles commented on July 1, 2024

I was able to reproduce this issue (and an additional error) on CentOS 5.0 (i686).

$ uname -a
Linux centos-live 2.6.18-8.1.1.tl5 #2 SMP Fri Apr 13 22:03:48 EDT 2007 i686 i686 i386 GNU/Linux
$ bash --version
GNU bash, version 3.1.17(1)-release (i686-redhat-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.

$ bash ./linux-exploit-suggester.sh

Kernel version: 2.6.18
Architecture: i386
Distribution:
Package list:

Possible Exploits:

./linux-exploit-suggester.sh: line 1324: declare: -A: invalid option
declare: usage: declare [-afFirtx] [-p] [name[=value] ...]
./linux-exploit-suggester.sh: line 1379: syntax error in conditional expression: unexpected token `|'
./linux-exploit-suggester.sh: line 1379: syntax error near `|t'
./linux-exploit-suggester.sh: line 1379: `        elif [[ "$src_url" =~ ^.*tgz|tar.gz|zip$ && -n "$EXPLOIT_DB" ]]; then'

from linux-exploit-suggester.

mzet- avatar mzet- commented on July 1, 2024

Thanks guys.

Yeah, these are probably due to older Bash versions are lacking some particular feature (associative arrays, and probably =~ operator). Not sure how to handle it elegantly - I'm reluctant to support ancient bash versions.

In cases like this the simplest workaround would be to take uname -a and rpm -qa/dpkg -l outputs from target machine and run linux-exploit-suggester.sh on other machine with newer bash:

$ ./linux-exploit-suggester.sh --uname "Linux centos-live 2.6.18-8.1.1.tl5 #2 SMP Fri Apr 13 22:03:48 EDT 2007 i686 i686 i386 GNU/Linux" --pkglist-file dpkgOutput.txt

from linux-exploit-suggester.

tophertimzen avatar tophertimzen commented on July 1, 2024

That's not a terrible workaround and is already reflective in the README.md. I agree you should not need to support ancient bash versions especially since you are likely running this script on an owned machine you have a shell on.

I'll go ahead and close this issue as I agree with your usage of uname -a or rpm -qa|dpkg -l

Cheers

from linux-exploit-suggester.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.