I'm a big fan of the "script" module when you need to push and run a tiny shell script.
http://docs.ansible.com/script_module.html On Sat, Sep 27, 2014 at 3:04 AM, Igor Homyakov <[email protected]> wrote: > Hi Mark, > > I think this is not a good idea to use one liner such that. There are > many players except bash interpreter, yaml parser, python string > quotation and so forth. I would recommend you to you use a bash script > in this case > > I've made a simple role, it is based and code samples you provided I > hope you will find it useful > https://github.com/hostmaster/check_shellshock > > -- Best, Igor > > On Sat, Sep 27, 2014 at 6:02 AM, Mark Casey <[email protected]> wrote: > > Oh... the official source of the commands was: > > https://access.redhat.com/articles/1200223, but someone was nice enough > to > > combine them in: https://bugzilla.redhat.com/show_bug.cgi?id=1141597#c47 > > > > > > On Friday, September 26, 2014 9:00:57 PM UTC-5, Mark Casey wrote: > >> > >> I'm trying to write an Ansible task to check for both CVE-2014-6271 and > >> CVE-2014-7169 as I haven't been able to find one pre-made. > >> > >> This command should check both but for the life of me I can't get the > >> escaped single quote past the parser... I've tried some variants of > "shell: > >> >" and "shell: |" but no dice. > >> > >> > >>> - name: Check for shellshock fix (checks for both CVE-2014-6271 and > >>> CVE-2014-7169) > >>> shell: cd /tmp && rm -f /tmp/echo && env 'x=() { :;}; echo > vulnerable' > >>> 'f=() { (a)=>\' bash -c 'echo echo vulnerable'; cat echo > >>> args: > >>> executable: /bin/bash > >>> sudo: no > >>> register: shellshock_result2 > >>> changed_when: False > >>> failed_when: "'vulnerable' in shellshock_result2.stderr" > >> > >> > >> This version gives: > >> > >>> ERROR: There was an error while parsing the task "shell cd /tmp && rm > -f > >>> /tmp/echo && env 'x=() { :;}; echo vulnerable' 'f=() { (a)=>\\' bash -c > >>> 'echo echo vulnerable'; cat echo". > >>> Make sure quotes are matched or escaped properly > >> > >> > >> > >> I'm assuming the issue is that, if I understand correctly, the second > >> exploit partly depends on the mismatched quote arriving unharmed(?) and > YAML > >> thinks that is bad(?). > >> > >> Anyone have any ideas or should I just copy it over as a script and run > >> that? > >> > >> Thank you, > >> Mark > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To post to this group, send email to [email protected]. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/ansible-project/c40d456b-8d1b-40f4-b0a5-95ce4cebe359%40googlegroups.com > . > > > > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAGuansqODOOhR_u84L%3DKwU1Voc30HXBVGD6BuDxAfkt5uwa%3D8Q%40mail.gmail.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgxAE19OMPFCvWim%3DP5jv%2BFOjhEbrBpt3_Oo3vkr_P6XEw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
