Skip to content

Instantly share code, notes, and snippets.

@carsongee
Last active August 29, 2015 14:06
Show Gist options
  • Save carsongee/6a861c2bca81a0ff1523 to your computer and use it in GitHub Desktop.
Save carsongee/6a861c2bca81a0ff1523 to your computer and use it in GitHub Desktop.
- name: Apply Upgrade for bash vulnerability in Ubuntu
hosts: all
sudo: yes
tasks:
- name: Check if we are vulnerable
shell: executable=/bin/bash chdir=/tmp foo='() { echo vulnerable; }' bash -c foo
register: test_vuln
ignore_errors: yes
- name: Apply bash security update if we are vulnerable
apt: name=bash state=latest update_cache=true
when: "'vulnerable' in test_vuln.stdout"
- name: Check again and fail if we are still vulnerable
shell: executable=/bin/bash chdir=/tmp foo='() { echo vulnerable; }' bash -c foo
when: "'vulnerable' in test_vuln.stdout"
register: test_again
ignore_errors: yes
failed_when: "'vulnerable' in test_again.stdout"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment