UPDATED : Video version of this blog…..found here… http://youtu.be/RDcIIyYK044
So this Shell-Shock stuff is hitting the press quite a bit!
Fncy finding out really quickly if your Red Hat Enterprise Linux 6.5 systems are patched correctly? Even if they are turned off right now? Wow that is clever not even the virtual infrastructure players can do that…I know…its cool. Here it is..
Using Cloudforms (or ManageIQ for FREE!) download this policy and import it into Control. Then assign the policy to your targets. The policy will only check Linux systems, though it could do with a makeover to check only RHEL 6.5 systems too.
Download and import the following policy profile – https://github.com/jonnyfiveiq/CloudFORMSNOW/blob/master/Policies/ShellShockPolicy.yaml
To note….the policy is valid for only the fix packages as defined in article https://access.redhat.com/articles/1200223 for RHEL 6.5 systems. Feel free to modify the policy to fit your needs and share with the community at talk.manageiq.org
1. Ensure that your VM has a recent smart state scan completed successfully. You can check by clicking on the Configuration/Packages link as follows;
Search the list of packages for the “bash” package. Select the package and you will be presented something like the following;
Ok so we have confirmed we have package detail about bash in the VMDB for this virtual machine.
2. Assign the policy, you can assign the policy anywhere you like that has coverage of the test virtual machine.
Once assigned, simply click on a VM you wish to check and select the menu “Policy” and “Check Compliance”
You would have noticed that your Compliance status is probably as follows;
Once the compliance check is complete the compliance area of the screen will report how old the current report is.
Next, Click on the Status of the compliance to drill further into the detail;
As you can see the policy has fail compliance check.
Now we want to remediate the issue, and re-run the compliance check.
So I run a “yum update bash” and as you can see “4.1.2-15.el6_5.2” has been applied to my system, lets have cloudforms check against this now.
So, first run a smart state scan against your test virtual machine,
Once complete, run the compliance check once more on the virtual machine;
This time the compliance check passes, click on the status and drill further into the detail.
And as a last resort you can go back to the virtual machine and take a look at the package entry for “bash”
As you can see, Cloudforms has been updated with the latest rpm data from the yum update bash we ran.
So there you go, how simple is it to check for ShellShock using Cloudforms, really easy.
Thanks