Without wanting to logon to each Linux server I created an ESP Application to use your command.
I added a "| grep shellshock" at the end.
This enables the exit status of the command to be checked.
If it is 0 the vulnerability it present, if it is a 1 the vulnerability is NOT present.
I split command up into 2 variables (Cmd1 and Cmd2) to avoid continuation characters.
Note the difference between the various punctuation characters.
Using conditional release one of two different SELFCOMPLETING tasks are called.
Output is send to user with SEND command as well as being written to a Variable Table. You can use both or the method your prefer.
Create the Variable Table with VTDEFINE [Table]
Create the Event to invoke the ESP Application.
Trigger Event for any/all Linux agents
ESP Application
PROCEDURE_SECTION:
APPL CHKLINUX
AgentName=%USER1
AgentChkTable="CHKLINUX"
Cmd1="env x='() { :;}; echo shellshock' `which bash`"
Cmd2=" -c 'echo completed'| grep shellshock"
LINUX_JOB CHKLINUX
AGENT %USER1
CMDNAME /bin/bash
USER <valid user>
ARGS -c "%Cmd1%Cmd2"
RELEASE ADD(CHK4FLAW) COND(RC(0))
RELEASE ADD(PASSFLAW) COND(RC(1))
EXITCODE 0-1 SUCCESS
RUN ANYDAY
ENDJOB
JOB CHK4FLAW TASK SELFCOMPLETING
SEND 'Agent %AgentName needs to be checked.' USER(*)
VSET %AgentName 'FAILED - flaw check' TABLE(%AgentChkTable)
RUN ANYDAY
ENDJOB
JOB PASSFLAW TASK SELFCOMPLETING
SEND 'Agent %AgentName successfully PASSED flaw check.' USER(*)
VSET %AgentName 'PASSED - flaw check' TABLE(%AgentChkTable)
RUN ANYDAY
ENDJOB