Last active
March 30, 2024 11:32
-
-
Save mhamlet/c76da4f3a554aecfa62dd507db9a8b11 to your computer and use it in GitHub Desktop.
Revisions
-
mhamlet renamed this gist
Mar 30, 2024 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Mar 30, 2024 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,112 @@ #!/bin/bash # Function to print message in red print_red() { echo -e "\033[0;31m$1\033[0m" } # Function to print message in green print_green() { echo -e "\033[0;32m$1\033[0m" } # Function to print help print_help() { echo "Usage: $0 [OPTIONS]" echo "Options:" echo " --check-xz Check XZ version on servers and print affected ones" echo " --help Print this help message" exit 0 } # List of IP addresses to check IP_ADDRESSES=( "1.2.3.4" "5.6.7.8" ) # SSH username USERNAME="your_ssh_username" # SSH key file path SSH_KEY="~/.ssh/id_rsa" # SSH command timeout in seconds SSH_TIMEOUT=3 # Check XZ version flag CHECK_XZ=false # Array to store failed servers XZ_AFFECTED_SERVERS=() FAILED_TO_SSH_SERVERS=() # Parse command line arguments while [[ $# -gt 0 ]]; do key="$1" case $key in --check-xz) CHECK_XZ=true shift ;; --help) print_help ;; *) # Unknown option echo "Unknown option: $key" print_help ;; esac done print_green "Starting the checking process..." # Iterate over each IP address for ip in "${IP_ADDRESSES[@]}" do echo echo "Checking XZ vulnerability on $ip..." if [ "$CHECK_XZ" = true ]; then xz_version=$(ssh -o ConnectTimeout=$SSH_TIMEOUT -i $SSH_KEY $USERNAME@$ip 'xz --version | head -n 1 | awk "{print \$NF}"') if [ "$?" -eq 0 ]; then if [ "$xz_version" = "5.6.0" ] || [ "$xz_version" = "5.6.1" ]; then print_red "Server $ip is affected by XZ vulnerability (version: $xz_version)" XZ_AFFECTED_SERVERS+=("$ip") else print_green "XZ version on $ip is $xz_version" fi else print_red "Failed to check XZ version on $ip" FAILED_TO_SSH_SERVERS+=("$ip") fi else echo "Checking SSH access to $ip..." ssh -o ConnectTimeout=$SSH_TIMEOUT -i $SSH_KEY $USERNAME@$ip "echo 'SSH access successful to $ip'" > /dev/null if [ $? -eq 0 ]; then print_green "SSH access successful to $ip" else print_red "SSH access failed to $ip" FAILED_TO_SSH_SERVERS+=("$ip") fi fi done echo echo "--------------------" echo # Print list of failed servers if [ ${#FAILED_TO_SSH_SERVERS[@]} -gt 0 ]; then echo "Failed to SSH servers:" for failed_server in "${FAILED_TO_SSH_SERVERS[@]}"; do echo "$failed_server" done fi if [ ${#XZ_AFFECTED_SERVERS[@]} -gt 0 ]; then print_red "Affected to XZ vulnerability:" for failed_server in "${XZ_AFFECTED_SERVERS[@]}"; do print_red "$failed_server" done fi