Joe Gregory

Shellshock - Qualys Reporting How-To

Discussion created by Joe Gregory Employee on Sep 25, 2014
Latest reply on Sep 29, 2014 by Kishore kumar janakiraman

Please monitor The specified item was not found. for additional information.

 

 

 

 

If you run regular authenticated scans on your Unix/Linux environment you can leverage the existing scan data to identify hosts where bash is installed.

 

 

Using the Applications Tab


The Application Tab will leverage your previous authenticated scan data to search for hosts that have bash installed.  From the Applications Tab you can simply search for “bash” and it will return all hosts with bash installed.

 

1.png

 

Using the Asset Search Portal


Searching your current data in the Asset Search Portal can show you which hosts have bash installed
QID 105213 – List of Valid Shells
QID 45141 – Installed Packages on Unix and Linux Operating Systems

Using these two QID’s and searching for “bash” in the results will yield all hosts that have bash in the results section of the collected data on the host.

Example:

 

2.png

 

When the results post you can click on each host to drill down into the data if needed.

 

 

 

Using the Host Based Findings Report with results


You can also leverage your current authenticated scan data by running a report that shows all the hosts with bash installed, and the detailed information.

 

To do this:

  1. Create a search list with QID 105213 & 45141


3.png

  1. Create your report template that targets the results of these QID’s by attaching your Search List

4.png

 

  1. Setup your Vulnerability Filters

 

5.png

 

  1. Limit your Detailed Results section to only show the Results

 

6.png

 

  1. Running the report in CSV format will be the easiest way to move through the data. Here are some .pdf examples of what will be displayed for each QID:

 

QID 45141:

7.png

 

 

QID 105213:

 

8.png

Outcomes