Last active
March 30, 2024 11:32
-
-
Save mhamlet/c76da4f3a554aecfa62dd507db9a8b11 to your computer and use it in GitHub Desktop.
Bulk check XZ version for list linux servers using SSH
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Function to print message in red | |
| print_red() { | |
| echo -e "\033[0;31m$1\033[0m" | |
| } | |
| # Function to print message in green | |
| print_green() { | |
| echo -e "\033[0;32m$1\033[0m" | |
| } | |
| # Function to print help | |
| print_help() { | |
| echo "Usage: $0 [OPTIONS]" | |
| echo "Options:" | |
| echo " --check-xz Check XZ version on servers and print affected ones" | |
| echo " --help Print this help message" | |
| exit 0 | |
| } | |
| # List of IP addresses to check | |
| IP_ADDRESSES=( | |
| "1.2.3.4" | |
| "5.6.7.8" | |
| ) | |
| # SSH username | |
| USERNAME="your_ssh_username" | |
| # SSH key file path | |
| SSH_KEY="~/.ssh/id_rsa" | |
| # SSH command timeout in seconds | |
| SSH_TIMEOUT=3 | |
| # Check XZ version flag | |
| CHECK_XZ=false | |
| # Array to store failed servers | |
| XZ_AFFECTED_SERVERS=() | |
| FAILED_TO_SSH_SERVERS=() | |
| # Parse command line arguments | |
| while [[ $# -gt 0 ]]; do | |
| key="$1" | |
| case $key in | |
| --check-xz) | |
| CHECK_XZ=true | |
| shift | |
| ;; | |
| --help) | |
| print_help | |
| ;; | |
| *) | |
| # Unknown option | |
| echo "Unknown option: $key" | |
| print_help | |
| ;; | |
| esac | |
| done | |
| print_green "Starting the checking process..." | |
| # Iterate over each IP address | |
| for ip in "${IP_ADDRESSES[@]}" | |
| do | |
| echo | |
| echo "Checking XZ vulnerability on $ip..." | |
| if [ "$CHECK_XZ" = true ]; then | |
| xz_version=$(ssh -o ConnectTimeout=$SSH_TIMEOUT -i $SSH_KEY $USERNAME@$ip 'xz --version | head -n 1 | awk "{print \$NF}"') | |
| if [ "$?" -eq 0 ]; then | |
| if [ "$xz_version" = "5.6.0" ] || [ "$xz_version" = "5.6.1" ]; then | |
| print_red "Server $ip is affected by XZ vulnerability (version: $xz_version)" | |
| XZ_AFFECTED_SERVERS+=("$ip") | |
| else | |
| print_green "XZ version on $ip is $xz_version" | |
| fi | |
| else | |
| print_red "Failed to check XZ version on $ip" | |
| FAILED_TO_SSH_SERVERS+=("$ip") | |
| fi | |
| else | |
| echo "Checking SSH access to $ip..." | |
| ssh -o ConnectTimeout=$SSH_TIMEOUT -i $SSH_KEY $USERNAME@$ip "echo 'SSH access successful to $ip'" > /dev/null | |
| if [ $? -eq 0 ]; then | |
| print_green "SSH access successful to $ip" | |
| else | |
| print_red "SSH access failed to $ip" | |
| FAILED_TO_SSH_SERVERS+=("$ip") | |
| fi | |
| fi | |
| done | |
| echo | |
| echo "--------------------" | |
| echo | |
| # Print list of failed servers | |
| if [ ${#FAILED_TO_SSH_SERVERS[@]} -gt 0 ]; then | |
| echo "Failed to SSH servers:" | |
| for failed_server in "${FAILED_TO_SSH_SERVERS[@]}"; do | |
| echo "$failed_server" | |
| done | |
| fi | |
| if [ ${#XZ_AFFECTED_SERVERS[@]} -gt 0 ]; then | |
| print_red "Affected to XZ vulnerability:" | |
| for failed_server in "${XZ_AFFECTED_SERVERS[@]}"; do | |
| print_red "$failed_server" | |
| done | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment