Detect which scripts are using old interpreters

Question

I have a few Debian machines with some nearly-orphaned script interpreters, for example /bin/bash3 and /usr/bin/perl510. How can I detect those scripts that still have the aforementioned interpreters in their shebang line?

#!/bin/bash3

or

#!/usr/bin/perl510

Recursively searching through the filesystem is not really a viable option. Renaming the interpreters to make the scripts fail is also not in the cards.

What I succeeded in was using incrond for root with IN_OPEN to detect the usage of these old interpreters. From there I called a simple shell script to find out more, but the PPID is that of incrond. Both fuser and lsof didn't return anything.

#!/bin/bash

LOG=/tmp/icc.log
echo "PID  is $$"       >> ${LOG}
echo "PPID is ${PPID}"  >> ${LOG}
echo "\$1 is ${1}"      >> ${LOG}

echo "fuser ${1}"       >> ${LOG}
fuser ${1}              >> ${LOG}
echo                    >> ${LOG}

echo "lsof ${1}"        >> ${LOG}
lsof ${1}               >> ${LOG}
echo                    >> ${LOG}

score 3 · Accepted Answer · answered Aug 01 '14 at 18:22

3

Create a wrapper script like so:

#!/bin/sh

echo "`date` `whoami` $0 $*" >> /tmp/bash3_use.log

/bin/bash3.bin "$@"

Then rename bash3 to bash3.bin and name this script "/bin/bash3"

You may need to log more information, e.g., the working directory.

answered Aug 01 '14 at 18:22

Mark Wagner

18,428

Detect which scripts are using old interpreters

1 Answers1