-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcheck-ssh-cve-6387.sh
More file actions
66 lines (52 loc) · 2.03 KB
/
check-ssh-cve-6387.sh
File metadata and controls
66 lines (52 loc) · 2.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/bin/bash
# File yang berisi daftar IP instance
instances_file="instances.txt"
# Daftar user
users=("ubuntu" "cloud-user" "centos")
# Kunci SSH
ssh_key="~/devops.pem"
# File output
output_file="hasil-ssh.csv"
# Hapus file output jika sudah ada dan tulis header CSV
echo "ip,user,version,os_version,vulnerable" > "$output_file"
# Fungsi untuk memeriksa versi SSH
check_ssh_version() {
local ip=$1
local success=false
for user in "${users[@]}"; do
echo "Memeriksa IP: $ip dengan user: $user"
# Tentukan perintah berdasarkan user (distribusi Linux)
if [ "$user" == "ubuntu" ]; then
command="apt-cache policy openssh-server | grep 'Installed' | awk '{print \$2}'"
os_command="lsb_release -ds"
elif [ "$user" == "cloud-user" ] || [ "$user" == "centos" ]; then
command="rpm -q --queryformat '%{VERSION}-%{RELEASE}' openssh-server"
os_command="cat /etc/redhat-release"
fi
# Command untuk memeriksa versi OpenSSH dan versi OS
version=$(ssh -i "$ssh_key" -l "$user" -o "ConnectTimeout=10" -o "GSSAPIAuthentication=no" -o "PasswordAuthentication=no" -o "StrictHostKeyChecking=no" "$ip" "$command" 2>/dev/null)
os_version=$(ssh -i "$ssh_key" -l "$user" -o "ConnectTimeout=10" -o "GSSAPIAuthentication=no" -o "PasswordAuthentication=no" -o "StrictHostKeyChecking=no" "$ip" "$os_command" 2>/dev/null)
# Buang string "1:" dari versi Ubuntu
if [ "$user" == "ubuntu" ]; then
version=$(echo "$version" | sed 's/^1://')
fi
# Tentukan apakah versinya rentan (antara 8.5p1 dan 9.8p1)
if [[ "$version" > "8.4p1" && "$version" < "9.9p1" ]]; then
vulnerable="Vulnerable"
else
vulnerable="Not Vulnerable"
fi
if [ -n "$version" ]; then
echo "$ip,$user,$version,$os_version,$vulnerable" >> "$output_file"
success=true
break
fi
done
if [ "$success" = false ]; then
echo "$ip,-,Tidak bisa SSH,-,-" >> "$output_file"
fi
}
# Baca IP dari file instances.txt dan lakukan pengecekan
for ip in $(cat $instances_file); do
check_ssh_version "$ip"
done