Added ubuntu test

2024-6387/check-ubuntu.yml

@@ -0,0 +1,96 @@
+---
+- name: Check OpenSSH server package version and verify CVE-2024-6387 vulnerability
+  hosts: all
+  become: yes
+  gather_facts: yes
+  vars:
+    jammy_vulnerable_openssh_versions:
+      - 1:8.9p1-3ubuntu0.7
+      - 1:8.9p1-3ubuntu0.6
+      - 1:8.9p1-3ubuntu0.5
+      - 1:8.9p1-3ubuntu0.4
+      - 1:8.9p1-3ubuntu0.3
+      - 1:8.9p1-3ubuntu0.1
+    mantic_vulnerable_openssh_versions:
+      - 1:9.3p1-1ubuntu3.3
+      - 1:9.3p1-1ubuntu3.2
+      - 1:9.3p1-1ubuntu3.1
+      - 1:9.3p1-1ubuntu3
+      - 1:9.3p1-1ubuntu2
+      - 1:9.3p1-1ubuntu1
+    noble_vulnerable_openssh_versions:
+      - 1:9.6p1-3ubuntu13
+      - 1:9.6p1-3ubuntu12
+      - 1:9.6p1-3ubuntu11
+      - 1:9.6p1-3ubuntu10
+      - 1:9.6p1-3ubuntu9
+      - 1:9.6p1-3ubuntu8
+      - 1:9.6p1-3ubuntu7
+      - 1:9.6p1-3ubuntu6
+      - 1:9.6p1-3ubuntu5
+      - 1:9.6p1-3ubuntu4
+      - 1:9.6p1-3ubuntu3
+      - 1:9.6p1-3ubuntu2
+      - 1:9.6p1-3ubuntu1
+
+# bionic	Not vulnerable (introduced in v8.5p1)
+# focal	Not vulnerable (introduced in v8.5p1)
+# jammy	Released (1:8.9p1-3ubuntu0.10)
+# mantic	Released (1:9.3p1-1ubuntu3.6)
+# noble	Released (1:9.6p1-3ubuntu13.3)
+# trusty	Not vulnerable (introduced in v8.5p1)
+# upstream	Pending (9.8p1)
+# xenial	Not vulnerable (introduced in v8.5p1)
+
+  tasks:
+    - name: "Setting default to not vulnerable"
+      set_fact:
+        vulnerable: false
+
+    - name: Gather the package facts
+      ansible.builtin.package_facts:
+        manager: auto
+
+    - name:
+      set_fact:
+        openssh_version: "{{ ansible_facts.packages['openssh-server'][0].version }}"
+      when: "'openssh-server' in ansible_facts.packages"
+
+    - name: "Check whether a package is installed"
+      debug:
+        msg: "{{ ansible_facts.packages['openssh-server'][0].version }}"
+      when: "'openssh-server' in ansible_facts.packages"
+
+
+    - name: "Check distribution"
+      debug:
+        msg: "{{ ansible_distribution }} {{ ansible_distribution_release }} {{ ansible_distribution_version }}"
+
+    - name: "Package is vulnerable"
+      debug:
+        msg: "The server openssh version is vulnerable to CVE-2024-6387!!!"
+      when: 
+        - ansible_distribution in ['Ubuntu']  # Check for Ubuntu or Debian
+        - ansible_distribution_release == 'bionic'
+        - openssh_version in bionic_vulnerable_openssh_versions
+
+    - name: "Package is vulnerable"
+      set_fact:
+        vulnerable: true
+      when: 
+        - ansible_distribution in ['Ubuntu']  # Check for Ubuntu or Debian
+        - ansible_distribution_release == 'jammy'
+        - openssh_version in jammy_vulnerable_openssh_versions
+
+    - name: "Package is vulnerable"
+      set_fact:
+        vulnerable: true
+      when: 
+        - ansible_distribution in ['Ubuntu']  # Check for Ubuntu or Debian
+        - ansible_distribution_release == 'mantic'
+        - openssh_version in matic_vulnerable_openssh_versions
+
+    - fail: 
+        msg: "The server openssh version is vulnerable to CVE-2024-6387!!!"
+      when: vulnerable
+