Considering the recent glibc vulnerability, getting details regarding glibc versions can be a bit difficult when you are managing large server clusters with multiple OS versions. Configuration management tools like ansible becomes a real boon in here.
For anyone who is not familiar with ansible, take a looks at the ansible intro page for details regarding ansible installation.
An ansible playbook file to get the required information into a csv file is as follows. It is in no way perfect and is a bit longer with repetitions, but it does get the job done. We can easily extend it to include a comparison of existing glibc version and the available update to print the status(i.e. whether the installed glibc version is vulnerable or not). I will update the blog post and the playbook file if I get more time to update the playbook file.
---
- hosts: all
remote_user: '{{ user_name }}'
become: yes
environment:
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
vars_prompt:
- name: user_name
prompt: "Enter ssh username"
private: no
tasks:
- name: Get hostname
shell: hostname
register: host_name
- name: Check glibc version for Debian based servers
shell: dpkg -s libc-bin | awk '/Version/ {print $2}'
register: version_deb
when: ansible_os_family == "Debian"
- name: Check glibc version for RedHat based servers
shell: rpm -qa glibc
register: version_rpm
when: ansible_os_family == "RedHat"
- name: Create base file
local_action: shell echo 'hostname;server_ip;glibc version' | tee glibc_version.csv
become: no
- name: Write output to file
local_action: shell echo '{{ host_name.stdout }};{{ inventory_hostname }};{{ version_deb.stdout }}' | tee -a glibc_version.csv
become: no
when: ansible_os_family == "Debian"
- name: Write output to file
local_action: shell echo '{{ host_name.stdout }};{{ inventory_hostname }};{{ version_rpm.stdout }}' | tee -a glibc_version.csv
become: no
when: ansible_os_family == "RedHat"
Pr-requisites for playbook execution:
Save the above code as check-glibc.yml, also get a list of IP addresses of all servers you wish to check into a file(we’ll name it hosts) in the below format(replace IP1, IP2 etc.. with IP addresses)
[servers]
IP1
IP2
Playbook execution:
ansible-playbook check-glibc.yml -i hosts
Execution of the playbook will prompt for ssh username and will write the glibc version details along with the hostname and IP address of the server to a csv file(glibc_version.csv)