I don't really understand the point of this. Aren't there already simple tools that take a list of server credentials and run the same command on all of them? (I could understand if it was made for fun but the FAQ says it's "out of necessity" and patching multiple distros can be a "nightmare". How? Just attempt to execute apt and yum everywhere.)
Though maybe I'm just disappointed that it doesn't log in via shellshock as I hoped from the title.
For those wondering, "What simple tools take a list of server credentials and run the same command on all of them?", Fabric is a great one: http://www.fabfile.org/en/latest/
So... instead of connecting to all my servers securely and 'yum update bash'ing I can download this script that I don't trust, configure it with all my super secret passwords and let it run riot.
I gotta say, if this is what you have to resort to for one single security advisory, I'm scared to think how the remaining ~weekly advisories are handled.
Shameless plug: https://commando.io provides a great way to run commands on groups of servers via SSH and a web interface for patching shellshock. We also store the result of stdout and stderr and who executed the commands for a complete audit trail.
11 comments
[ 4.2 ms ] story [ 38.1 ms ] threadThough maybe I'm just disappointed that it doesn't log in via shellshock as I hoped from the title.
It's super-simple (wrote it for this answer), but should be less than 5 min if anyone need something quick.
See the following tweet: https://twitter.com/alexandermensa/status/514811145887027201