Playbook #276
/home/ssh-gateway/ansible/RM9537.yaml
Execution
Date 08 May 2024 13:04:26 +0100
Duration 00:00:02.64
Controller ssh-gw-4.layershift.com
User root
Versions
Ansible 2.16.4
ara 1.7.1 / 1.7.2.dev2
Python 3.10.10
Summary
1 Hosts
3 Tasks
3 Results
1 Plays
1 Files
0 Records
remote_user:root check:False tags:all subset:kuly-c7-uk.uk.easy-server.com

File: /home/ssh-gateway/ansible/RM9537.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
---
- name: Mitigating CVE-2024-2961
  hosts: all, !wolf-serv1.uk.plesk-server.com
  gather_facts: false

  tasks:
    - name: Check if gconv-modules-extra.conf exists
      ansible.builtin.stat:
        path: /usr/lib64/gconv/gconv-modules.d/gconv-modules-extra.conf
      register: gconv_modules_extra_exist
    - name: Check if gconv-modules exists
      ansible.builtin.stat:
        path: /usr/lib64/gconv/gconv-modules
      register: gconv_modules_exist
    - name: Match and comment out block in the configuration file
      ansible.builtin.lineinfile:
        backup: true
        path: "{{ item }}"
        regexp: '^#?\s*alias\s+ISO2022CNEXT\/\/\s+ISO-2022-CN-EXT\/\/$|^#?\s*module\s+ISO-2022-CN-EXT\/\/\s+INTERNAL\s+ISO-2022-CN-EXT\s+1$|^#?\s*module\s+INTERNAL\s+ISO-2022-CN-EXT\/\/\s+ISO-2022-CN-EXT\s+1$'
        line: '# \g<0>'
      register: config_changes
      notify:
        - run_iconvconfig
      when: gconv_modules_extra_exist.stat.exists or gconv_modules_exist.stat.exists

  handlers:
    - name: Run iconvconfig
      ansible.builtin.command: iconvconfig
      when: config_changes.changed