Does the shellshock vulnerability leave any traces in log files?

Question

I've patched my servers, but I'd also like to review my logs to see if there have been any compromises on them. Are there any consistent traces of exploits using this bug?

score 2 · Answer 1 · answered Sep 26 '14 at 03:10

2

I caught some hits in the logs with:

grep -r '"()' /var/log/httpd/
grep -r "'()" /var/log/httpd/

answered Sep 26 '14 at 03:10

Darren

316
2
5

Does the shellshock vulnerability leave any traces in log files?

1 Answers1