{"id":300,"sha1":"735f875ab7570b2806d2e1a305f040d878a19643","playbook":{"id":300,"items":{"plays":1,"tasks":8,"results":385,"hosts":50,"files":1,"records":0},"arguments":{"version":null,"verbosity":2,"private_key_file":"/home/ssh-gateway/.ssh/id_rsa","remote_user":"root","connection":"ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":false,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/ssh-gateway/ansible/bash-kvm-inventory-prod.sh"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":20,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["projects/RM9537/RM9537.yaml"]},"labels":[{"id":1,"name":"remote_user:root"},{"id":2,"name":"check:False"},{"id":3,"name":"tags:all"},{"id":13,"name":"plesk"},{"id":32,"name":"security"},{"id":33,"name":"CVE-2024-2961"}],"started":"2024-05-08T16:04:43.391073+01:00","ended":"2024-05-08T16:05:47.217435+01:00","duration":"00:01:03.826362","name":"RM9537.yaml","ansible_version":"2.16.4","client_version":"1.7.1","python_version":"3.10.10","server_version":"1.7.2.dev2","status":"failed","path":"/home/ssh-gateway/ansible/projects/RM9537/RM9537.yaml","controller":"ssh-gw-4.layershift.com","user":"root"},"content":"---\n- name: Mitigating CVE-2024-2961\n hosts: all\n gather_facts: true\n vars:\n folder: /home/ssh-gateway/ansible/playbook_output\n ara_playbook_name: RM9537.yaml\n ara_playbook_labels:\n - plesk\n - security\n - CVE-2024-2961\n tasks:\n - name: Check if gconv-modules-extra.conf exists\n ansible.builtin.stat:\n path: /usr/lib64/gconv/gconv-modules.d/gconv-modules-extra.conf\n register: gconv_modules_extra_exist\n - name: Check if gconv-modules exists\n ansible.builtin.stat:\n path: /usr/lib64/gconv/gconv-modules\n register: gconv_modules_exist\n - name: Match and comment out block in the configuration file\n ansible.builtin.shell: |\n set -o pipefail\n file=\"{{ '/usr/lib64/gconv/gconv-modules.d/gconv-modules-extra.conf' if gconv_modules_extra_exist.stat.exists else '/usr/lib64/gconv/gconv-modules' }}\"\n cp \"$file\" \"$file\".backup-\"$(date +%d-%m-%Y-%H-%M)\"\n grep -n \"ISO2022CNEXT//\" \"$file\" | while read -r line; do line_number=$(echo \"$line\" | cut -d':' -f1); sed -i \"${line_number},$((line_number + 2)) s/^/# /\" \"$file\"; done\n rm -f /usr/lib64/gconv/gconv-modules.cache\n register: config_changes\n notify:\n - run_iconvconfig\n when: gconv_modules_extra_exist.stat.exists or gconv_modules_exist.stat.exists\n - name: Run iconv command and check for CN-EXT\n ansible.builtin.shell: |\n set -o pipefail\n iconv -l | grep -E 'CN-?EXT'\n args:\n executable: /bin/bash\n register: iconv_output\n ignore_errors: true\n changed_when: false\n - name: Write to file if the command has output\n ansible.builtin.lineinfile:\n dest: \"{{ folder }}/RM9537-vms-prod-patched-or-not.txt\"\n create: true\n mode: '0644'\n line: \"{{ ansible_facts.nodename }} - NOT PATCHED\"\n delegate_to: 127.0.0.1\n when: iconv_output.rc == 0\n - name: Write to file if the command has no output\n ansible.builtin.lineinfile:\n dest: \"{{ folder }}/RM9537-vms-prod-patched-or-not.txt\"\n create: true\n mode: '0644'\n line: \"{{ ansible_facts.nodename }} - clean\"\n delegate_to: 127.0.0.1\n when: iconv_output.rc != 0\n\n handlers:\n - name: Run iconvconfig\n ansible.builtin.command: iconvconfig\n when: config_changes.changed\n listen: run_iconvconfig\n","created":"2024-05-08T16:04:43.411391+01:00","updated":"2024-05-08T16:04:43.411414+01:00","path":"/home/ssh-gateway/ansible/projects/RM9537/RM9537.yaml"}