---
- name: Check OpenSSH server package version and verify CVE-2024-6387 vulnerability
  hosts: all
  become: yes
  gather_facts: yes

  tasks:
    - name: Gather the package facts
      ansible.builtin.package_facts:
        manager: auto

    - name:
      set_fact:
        openssh_version: "{{ ansible_facts.packages['openssh-server'][0].version }}"
      when: "'openssh-server' in ansible_facts.packages"

    - name: "Check whether a package is installed"
      debug:
        msg: "{{ ansible_facts.packages['openssh-server'][0].version }}"
      when: "'openssh-server' in ansible_facts.packages"


    - name: "Check distribution"
      debug:
        msg: "{{ ansible_distribution }} {{ ansible_distribution_release }} {{ ansible_distribution_version }}"

    - name: "Package is vulnerable"
      debug:
        msg: "The server openssh version is vulnerable to CVE-2024-6387!!!"
      when: 
        - openssh_version == "1:9.2p1-2+deb12u1" or openssh_version == "1:9.2p1-2+deb12u2"
        - ansible_distribution == "Debian"
        - ansible_distribution_version | regex_search('^(12|12\.)$')


    - name: "Package is vulnerable"
      debug:
        msg: "The server openssh version is vulnerable to CVE-2024-6387!!!"
      when: 
        - openssh_version == "1:8.4p1-5+deb11u1" or openssh_version == "1:8.4p1-5+deb11u2"
        - ansible_distribution == "Debian"
        - ansible_distribution_version | regex_search('^(11|11\.)$')