Here is a guide to Shellshock Bash Vulnerability Patch for Infrastructure managed Rackspace Cloud. You should be careful about Nova-Agent. Rackspace obviously has official guides on their community forum plus you can always open a ticket or ask via chat to fix the issue. Rackspace, for other reasons is restarting the servers. As during upgrade, you’ll need to replace the boot files (in case of Ubuntu PVHVM Performance 1), OpenStack nova-agent might not start resulting in ineffective backup and complete loss of Cloud Monitoring Tool Function. The second one will be separately discussed. Here only the Shellshock Bash Vulnerability Patch for Rackspace Cloud Server has been discussed.
Shellshock Bash Vulnerability Patch on Rackspace Cloud Server, XE-Linux and Nova-Agent
OpenStack Nova Agent might not properly start or system can not stat them rightly. You will not get any graph on Rackspace Cloud Monitoring Agent in such case. As it is of lesser importance than fixing the Shellshock Bash Vulnerability, those who yet not have fixed the bug, must patch them. The upgrade will not match with other vendors. We wrote about Shellshock Bash Vulnerability in this hyperlinked article. The reason of mass restart has been written here :
1 | http://www.rackspace.com/blog/an-apology/ |
Shellshock Bash Vulnerability Patch on Rackspace Cloud Server
I am showing you the vulnerability on my MacBook Pro, I ran this command :
---
1 | env x='() { :;}; echo vulnerable' bash -c "echo What is above this line? Vulnerable? If yes that is bad" |
If it is vulnerable, you will get output like this :
Here is the gif :
Also, you can test your instance here :
1 2 | http://shellshock.brandonpotter.com/ http://bashsmash.ccsir.org |
Now upgrade Bash :
1 | sudo apt-get update && sudo apt-get install --only-upgrade bash |
Unfortunately it will only upgrade and fix bash not fix the Xen issue. So you must fully update and upgrade :
1 | apt-get update -y |
and then :
1 | apt-get upgrade |
The last command will ask to press Y to replace the boot file to apply vendor (Rackspace) patch. You will press Y and continue. Unfortunately you might loss the functions of nova-agent. As file level backup and plain FTP backup of the core files works fine, you should fix them one by one.
There will be no impact on the frontend. Ping tool will work despite cloud monitoring tool not working.
