Protect your servers from shellshock with a quick Ansible ad-hoc command

Digital Ocean provided this useful tutorial on how to protect yourself from the shellshock vulnerability in bash.

If you manage a bunch of servers, it might be easier to do this with a tool like ansible which can run the command accross many servers. It's pretty easy:

You need to run two commands:

ansible All -a "apt-get update" -s -i hosts --user=<remote_user> 

Then:

ansible All -a "apt-get install --only-upgrade bash" -s -i hosts --user=<remote_user>

Where:

  • -s tells the command to use sudo
  • --user specifies your remote user to log into the box with
  • -i specifies your hosts file to use (see below)

Where All is all your hosts, and hosts is your hosts file. Your hosts file might look something like this:

[All]
1.2.3.4
...

References: