正则表达式匹配安全的openssl和不安全的openssl
The goal of this, is to run this across many machines with ansible or fabric to find out which of your machines are vulnerable to the heartbleed. Heartbleed has been out for a while, this will search the version installed on Ubuntu 12.04 LTS.
这样做的目的是在使用ansible或fabric的许多机器上运行它,以找出哪些机器容易受到伤害。 Heartbleed已经出现了一段时间,这将搜索安装在Ubuntu 12.04 LTS上的版本。
For Ubuntu users, the correct, patched version is also release-dependent. Use this list to see the minimum secure version for your release:
对于Ubuntu用户,正确的修补版本也依赖于版本。使用此列表查看您的版本的最低安全版本:
Ubuntu 10.04: Unaffected (Shipped with older version prior to vulnerability)
Ubuntu 12.04: 1.0.1-4ubuntu5.12
Ubuntu 12.10: 1.0.1c-3ubuntu2.7
Ubuntu 13.04: SUPPORT END OF LIFE REACHED, SHOULD UPGRADE
Ubuntu 13.10: 1.0.1e-3ubuntu1.2
I have been tinkering with this for a while, and I do not know why this will not match beyond the hyphen:
我一直在修补这个问题,我不知道为什么这不符合连字符:
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9].[1-2]*)\b'
Will match
Version: 1.0.1-
Instead of
Version: 1.0.1-4ubuntu5.16
I have tried:
我努力了:
dpkg -s openssl | grep -Ei '\b(Version: (0|1)\.0\.(0|1)[a-c]\-(ubuntu)*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (0|1)\.0\.(0|1)[a-f]\-(ubuntu)*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (0|1)\.[0-9]\.(0|1)[c-z]?\-(ubuntu)[5-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]-- -[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]---[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]--[4-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]--[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]--[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]--[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]-[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9].([4-9]ubuntu))\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9].([4-9]ubuntu*))\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9].[4-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9].[4-9]ubuntu)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9][c-z]?--[4-9](ubuntu)*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9][c-z]?--[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9][c-z]?--[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9][c-z]?\-[4-9](ubuntu)*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\- --[4-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-([4-9]ubuntu*))\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-*[4-9])\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-*[4-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\---[4-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\---[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\--[4-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\--[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\--\-[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-.[4-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-[4-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-[4-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-[4-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-[4-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-[4-9]ubuntu*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-\.[4-9]*)\b'
dpkg -s openssl | grep -Ei '\b(Version: (1)\.[0-9]\.[1-9]\-\[4-9]*)\b'
I am probably doing something very obviously wrong, please help.
我可能做的事情显然是错误的,请帮忙。
My logic is:
我的逻辑是:
- Check if machine has minimum safe version or higher? If machine
- Does have safe version or higher, everything is OK, do nothing.
- If machine does not have safe version or higher, do another regex search if machine matches lower unsafe version.
- If machine matches older/unsafe version, do something.
检查机器是否具有最低安全版本或更高版本?如果机器
有安全版本或更高版本,一切正常,什么都不做。
如果机器没有安全版本或更高版本,如果机器匹配较低的不安全版本,请执行另一个正则表达式搜索。
如果机器匹配旧版/不安全版,请执行某些操作。
3 个解决方案
#1
1
According to CVE-2014-0160, the following versions are affected:
根据CVE-2014-0160,以下版本受到影响:
- 1.0.1-beta1
- 1.0.1-beta2
- 1.0.1-beta3
- 1.0.1
- 1.0.1a
- 1.0.1b
- 1.0.1c
- 1.0.1d
- 1.0.1e
- 1.0.1f
- 1.0.2-beta1
So the easiest would be to just look for these version numbers:
所以最简单的方法就是查找这些版本号:
^Version:\s+1\.0\.(1([abcdef]|\.beta[123])?|2\.beta1))(-|$)
I’m not sure of the numbering syntax for beta versions, you may need to adjust it.
我不确定测试版的编号语法,您可能需要调整它。
更多相关文章
- Linux安装开发环境,必须配置的环节(Fedora15版本)
- 我已提取并尝试使用启动脚本(./start navicat)来启动 Navicat Linu
- Linux CentOS6环境下MySQL5.1升级至MySQL5.5版本过程
- Linux-2.6 所有版本内核源码下载
- Linux下符号版本原理及实现
- windows管理linux机器
- 在两台Linux机器之间配置一条SLIP链路,以便使用互联网socket进行
- MySQL5.5.22版本安装配置以及基本命令的使用和管理数据库备份与
- Mysql5.7.10版本安装后空密码登录,退出后提示密码错误连接不上解