Merge pull request #3544 from edx/jibsheet/remove-old-security-checks

These are no longer relevant in newer base images of 12.04 and 16.04

Merge pull request #3544 from edx/jibsheet/remove-old-security-checks
These are no longer relevant in newer base images of 12.04 and 16.04
b338caa4 · Kevin Falcone · GitHub · b6157c50 · f4f715f8 · b338caa4
Commit b338caa4 authored Dec 13, 2016 by Kevin Falcone Committed by GitHub Dec 13, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 44 deletions

playbooks/roles/security/tasks/security-ubuntu.yml
+0 -44

No files found.
--- a/playbooks/roles/security/tasks/security-ubuntu.yml
+++ b/playbooks/roles/security/tasks/security-ubuntu.yml
@@ -57,47 +57,3 @@
  with_items:
    - unattended-upgrade --dry-run
    - unattended-upgrade
-
-#### Bash security vulnerability
-
- name: Check if we are vulnerable
-  shell: "executable=/bin/bash chdir=/tmp foo='() { echo vulnerable; }' bash -c foo"
-  register: test_vuln
-  ignore_errors: yes
-
- name: Apply bash security update if we are vulnerable
-  apt:
-    name: bash
-    state: latest
-    update_cache: yes
-  when: "'vulnerable' in test_vuln.stdout"
-
- name: Check again and fail if we are still vulnerable
-  shell: "executable=/bin/bash foo='() { echo vulnerable; }' bash -c foo"
-  when: "'vulnerable' in test_vuln.stdout"
-  register: test_vuln
-  failed_when: "'vulnerable' in test_vuln.stdout"
-
-#### GHOST security vulnerability
-
- name: GHOST.c
-  copy:
-    src: "tmp/GHOST.c"
-    dest: "/tmp/GHOST.c"
-    owner: root
-    group: root
-
- name: Compile GHOST
-  shell: "gcc -o /tmp/GHOST /tmp/GHOST.c"
-
- name: Check if we are vulnerable
-  shell: "/tmp/GHOST"
-  register: test_ghost_vuln
-  ignore_errors: yes
-
- name: Apply glibc security update if we are vulnerable
-  apt:
-    name: libc6
-    state: latest
-    update_cache: yes
-  when: "'vulnerable' in test_ghost_vuln.stdout"