openssh-cve-checks/2024-6387/check-debian.yml

---
- name: Check OpenSSH server package version and verify CVE-2024-6387 vulnerability
  hosts: all
  become: yes
  gather_facts: yes

  tasks:
    - name: Gather the package facts
      ansible.builtin.package_facts:
        manager: auto

    - name:
      set_fact:
        openssh_version: "{{ ansible_facts.packages['openssh-server'][0].version }}"
      when: "'openssh-server' in ansible_facts.packages"

    - name: "Check whether a package is installed"
      debug:
        msg: "{{ ansible_facts.packages['openssh-server'][0].version }}"
      when: "'openssh-server' in ansible_facts.packages"


    - name: "Check distribution"
      debug:
        msg: "{{ ansible_distribution }} {{ ansible_distribution_release }} {{ ansible_distribution_version }}"

    - name: "Package is vulnerable"
      debug:
        msg: "The server openssh version is vulnerable to CVE-2024-6387!!!"
      when: 
        - openssh_version == "1:9.2p1-2+deb12u1" or openssh_version == "1:9.2p1-2+deb12u2"
        - ansible_distribution == "Debian"
        - ansible_distribution_version | regex_search('^(12|12\.)$')


    - name: "Package is vulnerable"
      debug:
        msg: "The server openssh version is vulnerable to CVE-2024-6387!!!"
      when: 
        - openssh_version == "1:8.4p1-5+deb11u1" or openssh_version == "1:8.4p1-5+deb11u2"
        - ansible_distribution == "Debian"
        - ansible_distribution_version | regex_search('^(11|11\.)$')
Added debian check 2024-07-07 22:41:12 +03:00			`---`
			`- name: Check OpenSSH server package version and verify CVE-2024-6387 vulnerability`
			`hosts: all`
			`become: yes`
			`gather_facts: yes`

			`tasks:`
			`- name: Gather the package facts`
			`ansible.builtin.package_facts:`
			`manager: auto`

			`- name:`
			`set_fact:`
			`openssh_version: "{{ ansible_facts.packages['openssh-server'][0].version }}"`
			`when: "'openssh-server' in ansible_facts.packages"`

			`- name: "Check whether a package is installed"`
			`debug:`
			`msg: "{{ ansible_facts.packages['openssh-server'][0].version }}"`
			`when: "'openssh-server' in ansible_facts.packages"`


			`- name: "Check distribution"`
			`debug:`
			`msg: "{{ ansible_distribution }} {{ ansible_distribution_release }} {{ ansible_distribution_version }}"`

			`- name: "Package is vulnerable"`
			`debug:`
			`msg: "The server openssh version is vulnerable to CVE-2024-6387!!!"`
			`when:`
			`- openssh_version == "1:9.2p1-2+deb12u1" or openssh_version == "1:9.2p1-2+deb12u2"`
			`- ansible_distribution == "Debian"`
			`- ansible_distribution_version \| regex_search('^(12\|12\.)$')`


			`- name: "Package is vulnerable"`
			`debug:`
			`msg: "The server openssh version is vulnerable to CVE-2024-6387!!!"`
			`when:`
			`- openssh_version == "1:8.4p1-5+deb11u1" or openssh_version == "1:8.4p1-5+deb11u2"`
			`- ansible_distribution == "Debian"`
			`- ansible_distribution_version \| regex_search('^(11\|11\.)$')`