chef - [chef] Re: Re: Re: Shellshock patching with Chef

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Re: Re: Shellshock patching with Chef

From: Brian Pitts < >
To:
Subject: [chef] Re: Re: Re: Shellshock patching with Chef
Date: Mon, 29 Sep 2014 17:39:53 -0500

Depending on your tolerance for automatic security upgrades, on ubuntu
and debian you could use
https://supermarket.getchef.com/cookbooks/unattended-upgrades

On Mon, Sep 29, 2014 at 5:32 PM, Morgan Blackthorne
< >
wrote:
> We have our own mirror for ubuntu, but we don't force the latest version. I
> don't think we have RHEL or OL or Debian mirrors at the moment, though.
>
> Forcing the latest version might just be the simplest way to resolve it.
>
> --
> ~*~ StormeRider ~*~
>
> "Every world needs its heroes [...] They inspire us to be better than we
> are. And they protect from the darkness that's just around the corner."
>
> (from Smallville Season 6x1: "Zod")
>
> On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSS
>
> On Mon, Sep 29, 2014 at 3:26 PM, AJ Christensen
> < >
> wrote:
>>
>> yo,
>>
>> On Tue, Sep 30, 2014 at 11:23 AM, Morgan Blackthorne
>> < >
>> wrote:
>> > I'm looking to see if there's a good way to help manage patching of
>> > vulnerabilities with Chef. This Shellshock one seems to be a great
>> > example
>> > of why Chef would be a helpful tool for the job, since it's just a
>> > package
>> > in need of upgrading (bash).
>> >
>> > My question is, what's the best way in Chef to say "for this
>> > distribution
>> > and release, ensure that this package is at least at version X" without
>> > potentially downgrading the package down the road? I want to set a
>> > minimum
>> > bar, but I don't wan't to permanently pin the version.
>>
>> I like pushing sec packages into a signed internal repository. Always
>> roll to latest. Makes the chef code simple(r), especially for managing
>> multiple edges.
>>
>> Some providers support pessimistic version specifications (~>). They
>> may be of use.
>>
>> --aj
>>
>> >
>> > Thoughts? Thanks!
>> >
>> > --
>> > ~*~ StormeRider ~*~
>> >
>> > "Every world needs its heroes [...] They inspire us to be better than we
>> > are. And they protect from the darkness that's just around the corner."
>> >
>> > (from Smallville Season 6x1: "Zod")
>> >
>> > On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSS
>
>

--
Brian Pitts
Web Operations Engineer

[chef] Shellshock patching with Chef, Morgan Blackthorne, 09/29/2014
- [chef] Re: Shellshock patching with Chef, AJ Christensen, 09/29/2014
  - [chef] Re: Re: Shellshock patching with Chef, Morgan Blackthorne, 09/29/2014
    - [chef] Re: Re: Re: Shellshock patching with Chef, Brian Pitts, 09/29/2014
      - [chef] Re: Re: Re: Re: Shellshock patching with Chef, AJ Christensen, 09/29/2014
      - [chef] Re: Re: Re: Re: Shellshock patching with Chef, Morgan Blackthorne, 09/29/2014
        
        [chef] Re: Re: Re: Re: Re: Shellshock patching with Chef, Walter Dolce, 09/29/2014
        
        [chef] Re: Re: Re: Re: Re: Shellshock patching with Chef, David Giesberg, 09/30/2014
        
        [chef] Re: Re: Re: Re: Re: Re: Shellshock patching with Chef, Morgan Blackthorne, 09/30/2014