Added debian check

2024-07-07 22:41:12 +03:00 · 2024-07-07 22:41:12 +03:00 · 5c718043fa
commit 5c718043fa
parent 88495d0b8c
1 changed files with 42 additions and 0 deletions
--- a/2024-6387/check-debian.yml
+++ b/2024-6387/check-debian.yml
@ -0,0 +1,42 @@
+---
+- name: Check OpenSSH server package version and verify CVE-2024-6387 vulnerability
+  hosts: all
+  become: yes
+  gather_facts: yes
+
+  tasks:
+    - name: Gather the package facts
+      ansible.builtin.package_facts:
+        manager: auto
+
+    - name:
+      set_fact:
+        openssh_version: "{{ ansible_facts.packages['openssh-server'][0].version }}"
+      when: "'openssh-server' in ansible_facts.packages"
+
+    - name: "Check whether a package is installed"
+      debug:
+        msg: "{{ ansible_facts.packages['openssh-server'][0].version }}"
+      when: "'openssh-server' in ansible_facts.packages"
+
+
+    - name: "Check distribution"
+      debug:
+        msg: "{{ ansible_distribution }} {{ ansible_distribution_release }} {{ ansible_distribution_version }}"
+
+    - name: "Package is vulnerable"
+      debug:
+        msg: "The server openssh version is vulnerable to CVE-2024-6387!!!"
+      when: 
+        - openssh_version == "1:9.2p1-2+deb12u1" or openssh_version == "1:9.2p1-2+deb12u2"
+        - ansible_distribution == "Debian"
+        - ansible_distribution_version | regex_search('^(12|12\.)$')
+
+
+    - name: "Package is vulnerable"
+      debug:
+        msg: "The server openssh version is vulnerable to CVE-2024-6387!!!"
+      when: 
+        - openssh_version == "1:8.4p1-5+deb11u1" or openssh_version == "1:8.4p1-5+deb11u2"
+        - ansible_distribution == "Debian"
+        - ansible_distribution_version | regex_search('^(11|11\.)$')