NgTech-LTD/openssh-cve-checks
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ca0f6e4fd0
openssh-cve-checks/2024-6387/check-alma.yml
Eliezer Croitoru a9ce0c5dd7 Added alma check
2024-07-07 23:09:22 +03:00

55 lines
1.5 KiB
YAML
Raw Blame History

---
- name: Check OpenSSH server package version and verify CVE-2024-6387 vulnerability
hosts: all
become: yes
gather_facts: yes
vars:
alma9_vulnerable_openssh_versions:
- 8.7p1-30
- 8.7p1-31
- 8.7p1-32
- 8.7p1-33
- 8.7p1-34
- 8.7p1-35
- 8.7p1-36
- 8.7p1-37
- 8.7p1-38
# Alma 8 is not vulnerable (RHEL 6,7,8 also are not vulnerable)
tasks:
- name: "Setting default to not vulnerable"
set_fact:
vulnerable: false
- name: Gather the package facts
ansible.builtin.package_facts:
manager: auto
- name:
set_fact:
openssh_version: "{{ ansible_facts.packages['openssh-server'][0].version }}"
when: "'openssh-server' in ansible_facts.packages"
- name: "Check whether a package is installed"
debug:
msg: "{{ ansible_facts.packages['openssh-server'][0].version }}"
when: "'openssh-server' in ansible_facts.packages"
- name: "Check distribution"
debug:
msg: "{{ ansible_distribution }} {{ ansible_distribution_release }} {{ ansible_distribution_version }}"
- name: "Package is vulnerable"
debug:
msg: "The server openssh version is vulnerable to CVE-2024-6387!!!"
when:
- ansible_distribution == "AlmaLinux"
- ansible_distribution_major_version == "9"
- openssh_version in alma9_vulnerable_openssh_versions
- fail:
msg: "The server openssh version is vulnerable to CVE-2024-6387!!!"
when: vulnerable
Reference in New Issue View Git Blame Copy Permalink