Bash script to check if you have a SIP profile attached to a Virtual Server (CVE-2023-22842)
Code is community submitted, community supported, and recognized as ‘Use At Your Own Risk’.
Short Description
Generate a CSV report to know which virtual servers have a SIP profile attached.
Problem solved by this Code Snippet
This is to shorten the time to investigate for CVE-2023-22842 for example.
How to use this Code Snippet
- On bash prompt:
# vi sip_profile.sh - Paste the script (see and copy below)
- Save the file :wq!
- change permission
# chmod 777 sip_profile.sh - Run the script:
# ./sip_profile.sh - The output will be a CSV file under /var/tmp/sip-mapped-to-virtuals-output.csv
- To check the output:
[admin@bigip:Active:Standalone] ~ # cat /var/tmp/sip-mapped-to-virtuals-output.csv
Virtual Server, SIP Profile
VS_SIP,sip
VS_MRP,sip_mrp
Code Snippet Meta Information
Full Code Snippet
#!/bin/bash
echo "Virtual Server, SIP Profile" > /var/tmp/sip_profile_map_to_virtual.csv
profile_names=`tmsh list ltm profile sip one-line | awk -F" " '{print $4}'`
for x in ${profile_names}
do
virtual_name=`tmsh list ltm virtual one-line | grep -w $x | awk -F" " '{print $3}'`
if [ "${virtual_name}" != "" ]
then
for y in ${virtual_name}
do
echo "$y,$x" >> /var/tmp/sip_profile_map_to_virtual.csv
done
fi
done
Published Sep 05, 2023
Version 1.0
michelangelodorado
Employee
Employee- LiefZimmerman
Admin
Thanks michelangelodorado - I haven't heard that this got any love.
Pretty tidy little script. - Carl_Brothers
Here is a similar result done in two commands from the bash shell that will scan all partitions and include results from iApps and FAST as well. This simply returns the virtual server name for every virtual that has a SIP profile associated with it to the terminal.
PROFILES=$(tmsh -c 'cd /; list ltm profile sip recursive one-line' | awk '{ print $4}' | tr '\n' '|' | sed '$s/.$/\n/') tmsh -c 'cd /; list ltm virtual recursive one-line' | grep -E "($PROFILES)" | awk '{print "/" $3}'
