The GHOST (CVE-2015-0235) is serious network function vulnerability in Glibc. How do I check and test if a my Linux based server is secure using command line options? There are two methods to test and find out if your server or desktop powered by Linux is secure or not:
(a) A simple C test program for all Linux based servers (distro independent; generic method). [donotprint][/donotprint]
(b) A simple bash shell test program for RHEL or CentOS or Scientifc Linux server only.
Method #1: GHOST.C Glibc Vulnerability Test C Program
Type the following wget command to download GHOST.C on a Linux based system:
wget https: //webshare.uchicago.edu /orgs /ITServices /itsec /Downloads /GHOST.c
wget -O GHOST.c https: //gist.githubusercontent.com /koelling /ef9b2b9d0be6d6dbab63 /raw /de1730049198c64eaf8f8ab015a3c8b23b63fd34 /gistfile1.c
Fig. 01: GHOST.c bug: A simple way to test if Linux system is secure or not Method #2: GHOST-test.sh Vulnerability Test Bash Script
this url to download a script (or grab it here). You need to have an account with RHN. The script tells whether your system is vulnerable or not. Run script as follows:
wget -O GHOST-test.sh http: //sxi.io /files /scripts /GHOST-test.sh.txt
Fig.02: Fig.02: GHOST-test.sh output on a RHEL/CentOS based system What to do if my server is not secure or Vulnerable to the Ghost attack?
this tutorial page for securing your server by applying patches to glibc.