Check xz vulnerability (cve_2024_3094) on your system.
GitHub | GitLab | Downloads | Version |
---|---|---|---|
This example is taken from molecule/default/converge.yml
and is tested on each push, pull request and release.
---
- name: Converge
hosts: all
become: true
gather_facts: true
roles:
- role: robertdebock.cve_2024_3094
cve_2024_3094_cleanup: false
The machine needs to be prepared. In CI this is done using molecule/default/prepare.yml
:
---
- name: Prepare
hosts: all
become: true
gather_facts: false
roles:
- role: robertdebock.bootstrap
- role: robertdebock.openssh
Also see a full explanation and example on how to use these roles.
The default values for the variables are set in defaults/main.yml
:
---
# defaults file for cve_2024_3094
# If requirements are installed, would you like to remove them after this role ran?
cve_2024_3094_cleanup: true
# Where to look for `sshd`, a list of paths.
cve_2024_3094_sshd_paths:
- /usr/bin
- /usr/sbin
- /usr/local/bin
- /usr/local/sbin
- pip packages listed in requirements.txt.
The following roles are used to prepare a system. You can prepare your system in another way.
Requirement | GitHub | GitLab |
---|---|---|
robertdebock.bootstrap | ||
robertdebock.openssh |
This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.
Here is an overview of related roles:
This role has been tested on these container images:
container | tags |
---|---|
Alpine | all |
Amazon | Candidate |
Debian | all |
EL | 9 |
Fedora | all |
Ubuntu | all |
The minimum version of Ansible required is 2.12, tests have been done to:
- The previous version.
- The current version.
- The development version.
If you find issues, please register them in GitHub.
Please consider sponsoring me.