Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
ShellShock fix Ansible playbook for CentOS
- hosts: all
gather_facts: false
sudo: true
tasks:
- name: check for shellshock bash vulnerability
shell: executable=/bin/bash env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
register: test_vuln
- name: update bash from yum if vulnerable
yum: name=bash
state=latest
when: "'vulnerable' in test_vuln.stdout"
- name: Check again and fail if we are still vulnerable
shell: executable=/bin/bash env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
when: "'vulnerable' in test_vuln.stdout"
register: test_vuln
failed_when: "'vulnerable' in test_vuln.stdout"
@jondlm

This comment has been minimized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.