Oneiroi/CVE-2019-12301_check.sh Secret

## CVE-2019-12301_check.sh
#!/bin/bash

#
# CVE-2019-12301 checking script.
# Only deb installs of Percona Server for MySQL 5.6.44-85.0-1 were affected by this issue in the postinst script.
# Other installations were not affected.
#
# This script performed the following:
#
# - Checks for percona-server-server-5.6.44-85.0-1 in installation logs on system
# - Attempts to connect to the specific mysql host and port (127.0.0.1 & 3306 by default) as root with no password.
# - Outputs OK or WARN depending on the result of the coneciton test
#
# Authors:
# - David Busby
# - David Bennett
#
# Enquires / bug reports:
# - security{at}percona.com (replace {at} with @)


function usage() {
    echo "Example of use:";
    echo "  $0 -h 1.2.3.4 -p 3306";
    echo "  $0 -h your.mysql.server.domain.tld";
    echo "  $0"
    echo ""
    echo "[NOTE] if -h / --host is not set script defaults to 127.0.0.1"
    echo "[NOTE] if -p / --port is not set script defaults to 3306"
}

function check_history() {
    #Check apt history for affected percona server version
    grep 'percona-server-server' /var/log/apt/history.log | grep 'Install' | grep -q '5.6.44-85.0-1' && \
    echo "[WARN] Found affected Percona Server install in /var/log/apt/history.log" || \
    echo "[OK] No affected version of Percona Server found in /var/log/apt/history.log";

    #If the package was not installed through apt we may have a false positive, check /var/log/dpkg.log
    grep 'percona-server-server' /var/log/dpkg.log | grep -q '5.6.44-85.0-1' && \
    echo "[WARN] Found affected Percona Server install in /var/log/dpkg.log" || \
    echo "[OK] No affected version of Percona Server found in /var/log/dpkg.log";
}

while [ ! -z "$1" ]; do
    case $1 in
        -h | --host)        shift
                            host=$1
                            ;;
        -p | --port)        shift
                            port=$1
                            ;;
        *)
            usage
            exit 1
            ;;
    esac
    shift
done

#Set defaults if args were not passed
[[ -z "$host" ]] && host="127.0.0.1"
[[ -z "$port" ]] && port="3306"

#Check running as root, requred due to file access permissions
[[ "$EUID" -ne 0 ]] && echo "[ERROR] please run this script as root" && exit 1;

## Check to see if the affected package was installed
[[ -f /var/log/apt/history.log ]] && check_history || echo "[ERROR] /var/log/apt/history.log does not exist, we are unable to check if the affected version was installed, continuing";

#we do not exit if there is no match above, as the log may have been truncated or removed.

#check for mysql client binary path
mysql=$(which mysql)

#_if_ we could not get the mysql client binary path we can not proceed, ehco our Error
[[ -z "$mysql" ]] && echo "[ERROR] could not find mysql client in PATH" && exit 1;

#use timeout as in some edge cases mysql binary would wait forever for the conneciton, making it appear this script hangs
check=$(timeout 10 "$mysql" -h $host -P $port -u root -e "select 'unsecure'" 2>&1)

#if return code was 124 then timeout triggered, we need to report this and exit
if [ 124 -eq $? ]; then
    echo "[ERROR] mysql client connection timeout when attempting to reach $host:$port";
    exit 1;
fi

#if the command did not reach timeout, then we can process the output accordingly
(echo "$check" | grep -qi "denied") && echo "[OK] root password appears set for host $host:$port"                             #We received Access denied in the output from mysql client
(echo "$check" | egrep -qi "refused|allowed") && echo "[ERROR] failed to connect to $host:$port"                              #We received connection refused / not allowed in the output from mysql client
(echo "$check" | grep -qi "unsecure") && echo "[WARN] root password does not appear to be set, please set a root password"    #We received the unsecure output, indicating we were able to access root without a password report this.
	#!/bin/bash

	#
	# CVE-2019-12301 checking script.
	# Only deb installs of Percona Server for MySQL 5.6.44-85.0-1 were affected by this issue in the postinst script.
	# Other installations were not affected.
	#
	# This script performed the following:
	#
	# - Checks for percona-server-server-5.6.44-85.0-1 in installation logs on system
	# - Attempts to connect to the specific mysql host and port (127.0.0.1 & 3306 by default) as root with no password.
	# - Outputs OK or WARN depending on the result of the coneciton test
	#
	# Authors:
	# - David Busby
	# - David Bennett
	#
	# Enquires / bug reports:
	# - security{at}percona.com (replace {at} with @)


	function usage() {
	echo "Example of use:";
	echo " $0 -h 1.2.3.4 -p 3306";
	echo " $0 -h your.mysql.server.domain.tld";
	echo " $0"
	echo ""
	echo "[NOTE] if -h / --host is not set script defaults to 127.0.0.1"
	echo "[NOTE] if -p / --port is not set script defaults to 3306"
	}

	function check_history() {
	#Check apt history for affected percona server version
	grep 'percona-server-server' /var/log/apt/history.log \| grep 'Install' \| grep -q '5.6.44-85.0-1' && \
	echo "[WARN] Found affected Percona Server install in /var/log/apt/history.log" \|\| \
	echo "[OK] No affected version of Percona Server found in /var/log/apt/history.log";

	#If the package was not installed through apt we may have a false positive, check /var/log/dpkg.log
	grep 'percona-server-server' /var/log/dpkg.log \| grep -q '5.6.44-85.0-1' && \
	echo "[WARN] Found affected Percona Server install in /var/log/dpkg.log" \|\| \
	echo "[OK] No affected version of Percona Server found in /var/log/dpkg.log";
	}

	while [ ! -z "$1" ]; do
	case $1 in
	-h \| --host) shift
	host=$1
	;;
	-p \| --port) shift
	port=$1
	;;
	*)
	usage
	exit 1
	;;
	esac
	shift
	done

	#Set defaults if args were not passed
	[[ -z "$host" ]] && host="127.0.0.1"
	[[ -z "$port" ]] && port="3306"

	#Check running as root, requred due to file access permissions
	[[ "$EUID" -ne 0 ]] && echo "[ERROR] please run this script as root" && exit 1;

	## Check to see if the affected package was installed
	[[ -f /var/log/apt/history.log ]] && check_history \|\| echo "[ERROR] /var/log/apt/history.log does not exist, we are unable to check if the affected version was installed, continuing";

	#we do not exit if there is no match above, as the log may have been truncated or removed.

	#check for mysql client binary path
	mysql=$(which mysql)

	#_if_ we could not get the mysql client binary path we can not proceed, ehco our Error
	[[ -z "$mysql" ]] && echo "[ERROR] could not find mysql client in PATH" && exit 1;

	#use timeout as in some edge cases mysql binary would wait forever for the conneciton, making it appear this script hangs
	check=$(timeout 10 "$mysql" -h $host -P $port -u root -e "select 'unsecure'" 2>&1)

	#if return code was 124 then timeout triggered, we need to report this and exit
	if [ 124 -eq $? ]; then
	echo "[ERROR] mysql client connection timeout when attempting to reach $host:$port";
	exit 1;
	fi

	#if the command did not reach timeout, then we can process the output accordingly
	(echo "$check" \| grep -qi "denied") && echo "[OK] root password appears set for host $host:$port" #We received Access denied in the output from mysql client
	(echo "$check" \| egrep -qi "refused\|allowed") && echo "[ERROR] failed to connect to $host:$port" #We received connection refused / not allowed in the output from mysql client
	(echo "$check" \| grep -qi "unsecure") && echo "[WARN] root password does not appear to be set, please set a root password" #We received the unsecure output, indicating we were able to access root without a password report this.