Skip to content

Instantly share code, notes, and snippets.

@phips
Created October 26, 2014 11:31
Show Gist options
  • Save phips/a87b8d60d62a94f68d1a to your computer and use it in GitHub Desktop.
Save phips/a87b8d60d62a94f68d1a to your computer and use it in GitHub Desktop.
Quick Ansible Poodle (CVE-2014-3566) fix (RHEL/CentOS)
---
- hosts: all
gather_facts: false
tasks:
- name: Check for apache
command: rpm -q mod_ssl
register: modssl
ignore_errors: true
- name: Ensure openssl is latest
yum: name=openssl state=latest
when: modssl|success
- name: Ensure SSLv3 is disabled
lineinfile: dest=/etc/httpd/conf.d/ssl.conf
regexp=^SSLProtocol
line="SSLProtocol all -SSLv2 -SSLv3"
state=present
when: modssl|success
notify: restart apache
handlers:
- name: restart apache
service: name=httpd state=restarted
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment