The bash bug

If you’ve following the news, here for example, you’re aware that there is a new bug out there. You can easily find information about it out there and how to fix it.

We’ve patching servers and although we have the most recent one’s managed with Chef some legacy one’s are not. As a good practice I script everything, so this time wasn’t an exception.

The script provided here as a gist, will help you check for the bug and patch it.

Because our servers are mostly Ubuntu servers, it’s only accounting for that. But you can easily change the script to suite your system.

Just a quick rundown of what it does.

  • it ssh’s into your server one by one and runs a test;
  • if the output of the test contains ‘vulnerable’ well, it’s vulnerable;
  • it then updates the repository and updates your bash.

For this script, I’m using Fabric. You can install it on your system, you you can create a virtualenv for the purpose. You can do:

$ virtualenv /path/to/env/folder
$ source /path/to/env/folder/bin/activate
$ pip install fabric

After that, get the code into any folder you desire (remember to name the file fabfile.py) and run:

$ fab check_bug

I hope it helps.

P.S. Of course, don’t forget yo update the hosts, user and key_filename to your own. Also, a check_bug.log is created in the same folder the file is run from. You can use that log to troubleshoot any problem that might arise.

 

Advertisements