-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfix_shellshock.yml
48 lines (41 loc) · 1.31 KB
/
fix_shellshock.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
---
- hosts: all
tasks:
- name: check if vulnerable
command:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
register: res
always_run: yes
- name: stop if not vulnerable
fail:
msg="not vulnerable"
when: "'vulnerable' not in res.stdout"
# For Debian Squeeze, the fixed bash package is provided by squeeze-lts
# https://wiki.debian.org/LTS/Using
- name: ensure we have the latest version of debian keyring
apt:
name={{item}}
state=latest
force=yes
with_items:
- debian-keyring
- debian-archive-keyring
when: ansible_distribution=='Debian' and ansible_distribution_major_version=='6'
- name: setup squeeze-lts repository
apt_repository:
repo='deb http://http.debian.net/debian squeeze-lts main contrib non-free'
state=present
update_cache=yes
when: ansible_distribution=='Debian' and ansible_distribution_major_version=='6'
- name: install latest version of bash (Debian)
apt:
name=bash
state=latest
update_cache=yes
when: ansible_os_family=='Debian'
- name: install latest version of bash (RedHat)
yum:
name=bash
state=latest
when: ansible_os_family=='RedHat'
# vi: set ft=ansible :