Got Badlock? Ansible Can Help

Badlock might not be bad for all. If you are using Ansible you can patch your systems with a single playbook (or ad hoc command).

For RPM based OS users Badlock (samba) patching is as easy as: ansible -m shell -a "yum update *samba*" all

Or you can be very granular and use an Ansible Playbook to audit and patch samba packages:

—
- hosts: all
  tasks:
    - name: Check if samba packages are installed
      shell: “yum list installed samba | awk ‘!/^Loaded|^Installed/’ | cut -d ‘ ’ -f 1”
      register: yum_samba
    - name: Update samba if installed
      yum: name={{ item }} state=latest
      when: yum_samba.stdout != “”
      with_items: ‘{{yum_samba.stdout_lines}}’

A similar Ansible Playbook for a Debian based system would look something like this:

—
- hosts: all
  tasks:
    - name: Check if samba packages are installed
      shell: “dpkg –get-selections | grep samba | cut -f 1”
      register: dpkg_samba
    - name: Update samba if installed
      apt: name={{ item }} state=latest
      when: dpkg_samba.stdout != “”
      with_items: ‘{{dpkg_samba.stdout_lines}}’

Your bad nightmares about Badlock will be a not so bad memory in no time.

See Also

comments powered by Disqus