cookbook 'bash-shellshock', '~> 1.0.1'
The bash-shellshock cookbook has been deprecated
Author provided reason for deprecation:
The bash-shellshock cookbook has been deprecated and is no longer being maintained by its authors. Use of the bash-shellshock cookbook is no longer recommended.
bash-shellshock (2) Versions 1.0.1 Follow5
Audits & remediates the Shellshock vulnerability
cookbook 'bash-shellshock', '~> 1.0.1', :supermarket
knife supermarket install bash-shellshock
knife supermarket download bash-shellshock
bash-shellshock Cookbook
This cookbook is designed to test and optionally remediate the bash "shellshock" bug, more formally known as cve-2014-7169.
Once Chef-client has executed this recipe on one or more hosts, a list of all nodes that are vulnerable to the "Shellshock" exploit can be retrieved from the Chef server via knife search:
knife search node 'bash:shellshock_vulnerable'
Limitations
This cookbook relies on the OS-native packaging system to provide patched versions of the bash package.
Requirements
Platforms
- Tested on CentOS 6.5
- Tested on Ubuntu 12.04
- Should work on a wide variety of other systems
Chef
- Chef 11+
Cookbooks
Attributes
- No user-configurable attributes
Recipes
bash-shellshock::default
- Audits and remediates Bash-CVE-2014-7169 ("Shellshock")
bash-shellshock::audit
- Installs an OHAI plugin that will automatically audit nodes for the Shellshock vulnerability. This plugin creates two new values in OHAI:
node['languages']['bash']['version'], a string. Returned from bash --version
.
node['languages']['bash']['shellshock_vulnerable'], a boolean. True if node is vulnerable.
bash-shellshock::remediate
- If the node is marked vulnerable by the audit recipe, this recipe will attempt to upgrade bash via the native packaging system. Includes the audit recipe.
- Audits and remediates Bash-CVE-2014-7169 ("Shellshock")
License & Authors
Author: Cookbook Engineering Team (cookbooks@chef.io)
Copyright: 20014-2015, Chef Software, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Dependent cookbooks
ohai ~> 2.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
bash-shellshock Cookbook CHANGELOG
This file is used to list changes made in each version of the bash-shellshock cookbook.
1.0.1 (10-20-2015)
- Fixed bad search string example in the readme
- Added much scarier warning logging if the node is vulnerable
- Added travis and cookbook version badges to the readme
- Added a .foodcritic file to exclude rules
- Updated chefignore and .gitignore files
- Updated platforms in Test Kitchen
- Added standard Rubocop file
- Added Travis CI testing
- Removed yum from Berksfile and removed version constraint on Apt
- Added contributing and testing docs
- Added Gemfile with testing deps
- Added maintainers.md and maintainers.toml
- Added rakefile for simplified testing
- Added source_url and issues_url metadata
- Updated Chefspec to the latest format
1.0.0 (10-29-2014)
- Initial release
Collaborator Number Metric
1.0.1 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
1.0.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Cookstyle Metric
1.0.1 failed this metric
Chef/Modernize/IncludingOhaiDefaultRecipe: Use the ohai_plugin resource to ship custom Ohai plugins instead of using the ohai::default recipe. If you're not shipping custom Ohai plugins, then you can remove this recipe entirely (https://docs.chef.io/workstation/cookstyle/chef_modernize_includingohaidefaultrecipe): bash-shellshock/recipes/audit.rb: 23
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
No Binaries Metric
1.0.1 passed this metric
Testing File Metric
1.0.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.1 failed this metric
1.0.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Cookstyle Metric
1.0.1 failed this metric
Chef/Modernize/IncludingOhaiDefaultRecipe: Use the ohai_plugin resource to ship custom Ohai plugins instead of using the ohai::default recipe. If you're not shipping custom Ohai plugins, then you can remove this recipe entirely (https://docs.chef.io/workstation/cookstyle/chef_modernize_includingohaidefaultrecipe): bash-shellshock/recipes/audit.rb: 23
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
No Binaries Metric
1.0.1 passed this metric
Testing File Metric
1.0.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.1 failed this metric
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
1.0.1 passed this metric
Testing File Metric
1.0.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.1 failed this metric
1.0.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number