Playbook #280
/home/ssh-gateway/ansible/RM9537.yaml
Execution
Date 08 May 2024 13:16:46 +0100
Duration 00:00:05.93
Controller ssh-gw-4.layershift.com
User root
Versions
Ansible 2.16.4
ara 1.7.1 / 1.7.2.dev2
Python 3.10.10
Summary
1 Hosts
4 Tasks
4 Results
1 Plays
1 Files
0 Records
remote_user:root check:False tags:all subset:kuly-c7-uk.uk.easy-server.com

File: /home/ssh-gateway/ansible/RM9537.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
---
- name: Mitigating CVE-2024-2961
  hosts: all, !wolf-serv1.uk.plesk-server.com
  gather_facts: false

  tasks:
    - name: Check if gconv-modules-extra.conf exists
      ansible.builtin.stat:
        path: /usr/lib64/gconv/gconv-modules.d/gconv-modules-extra.conf
      register: gconv_modules_extra_exist
    - name: Check if gconv-modules exists
      ansible.builtin.stat:
        path: /usr/lib64/gconv/gconv-modules
      register: gconv_modules_exist
    - name: Match and comment out block in the configuration file
      ansible.builtin.shell: |
        set -o pipefail
        file="{{ '/usr/lib64/gconv/gconv-modules.d/gconv-modules-extra.conf' if gconv_modules_extra_exist.stat.exists else '/usr/lib64/gconv/gconv-modules' }}"
        grep -n "ISO2022CNEXT//" "$file" | while read -r line; do line_number=$(echo "$line" | cut -d':' -f1); sed -i "${line_number},$((line_number + 2)) s/^/# /" "$file"; done
        rm -f /usr/lib64/gconv/gconv-modules.cache
      register: config_changes
      notify:
        - run_iconvconfig
      when: gconv_modules_extra_exist.stat.exists or gconv_modules_exist.stat.exists

  handlers:
    - name: Run iconvconfig
      ansible.builtin.command: iconvconfig
      when: config_changes.changed
      listen: run_iconvconfig