Created
September 25, 2014 19:57
-
-
Save lanefu/00d59dc5e363f3b088d4 to your computer and use it in GitHub Desktop.
Simple Ansible playbook to update bash and test for Shellshock vulnerability on yum-based boxes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: [ 'all', '{{cli_target}}' ] | |
| tasks: | |
| - name: clean yum | |
| command: yum clean all | |
| tags: cleanyum | |
| - name: update bash | |
| yum: name=bash state=latest | |
| tags: updatebash | |
| - name: test vulnerability | |
| shell: env x='() { :;}; echo vulnerable' bash -c "echo this is a test" | |
| register: vuln | |
| failed_when: vuln.stdout.find('vulnerable') != -1 | |
| changed_when: false | |
| tags: testvuln |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment