Skip to content
/ ansible-CVE-2024-3094 Public

Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor)

License

MIT license
4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

crfearnworks/ansible-CVE-2024-3094

BranchesTags

Repository files navigation

ansible-CVE-2024-3094

Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor). These were developed with guidance from https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/.

Background

Running the checks to see if your Linux system is vulnerable is simple if it's only one or two systems, but what if you have a fleet of systems to manage? This is my humble attempt to make the automation of this process a little easier.

This has been tested on Ubuntu 22.04.

Instructions

Preflight

  1. Clone the repo to your Ansible control node.
  2. Prepare your hosts file in either INI or YML format.
  3. Run the preflight.sh file to ensure you have the latest version from JFrog

CVE-2024-3094 Check

  1. Run the playbook with the following command:

ansible-playbook -i <insert_hosts_file_here> CVE-2024-3094-check.yml

CVE-2024-3094 Fix

  1. If needed, run the playbook with the following command:

ansible-playbook -i <insert_hosts_file_here> CVE-2024-3094-fix.yml

  1. For further peace of mind, rerun the Check playbook.

Results

Each playbook will produce text files in a results directory for each host.

About

Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor)

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages