Last active
January 24, 2019 00:25
-
-
Save tonejito/099c877ffa3b92c0c6777fb88a09d034 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # https://www.debian.org/security/2019/dsa-4371 | |
| # https://security-tracker.debian.org/tracker/CVE-2019-3462 | |
| function check() | |
| { | |
| dpkg --compare-versions ${1} ge ${2} | |
| if [ "$?" -eq 0 ] | |
| then | |
| echo "OK" | |
| else | |
| alert ${OS_VENDOR} ${OS_RELEASE} ${APT_VERSION} | |
| fi | |
| } | |
| function fail() | |
| { | |
| printf "Unknown GNU/Linux version (%s %s)" ${1} ${2} | |
| } | |
| function notice() | |
| { | |
| printf "apt not installed" | |
| exit | |
| } | |
| function alert() | |
| { | |
| printf "Vulnerable version! (%s %s) (apt %s)" "${1}" "${2}" "${3}" | |
| exit | |
| } | |
| which apt > /dev/null || notice | |
| OS_VENDOR=$(lsb_release -si) | |
| #OS_VERSION=$(cut -d . -f 1 /etc/debian_version) | |
| OS_VERSION=$(lsb_release -sr | cut -d . -f 1) | |
| OS_RELEASE=$(lsb_release -sc) | |
| APT_VERSION=$(apt --version 2>/dev/null | head -n 1 | awk '{print $2}') | |
| DEBIAN_8_APT_VERSION=1.0.9.8.5 | |
| DEBIAN_9_APT_VERSION=1.4.9 | |
| UBUNTU_12_APT_VERSION=0.8.16~exp12ubuntu10.28 | |
| UBUNTU_14_APT_VERSION=1.0.1ubuntu2.19 | |
| UBUNTU_16_APT_VERSION=1.2.29ubuntu0.1 | |
| UBUNTU_18_APT_VERSION=1.6.6ubuntu0.1 | |
| case ${OS_VENDOR} | |
| in | |
| Debian) | |
| case ${OS_VERSION} | |
| in | |
| 8) | |
| check ${APT_VERSION} ${DEBIAN_8_APT_VERSION} | |
| ;; | |
| 9) | |
| check ${APT_VERSION} ${DEBIAN_9_APT_VERSION} | |
| ;; | |
| *) | |
| fail ${OS_VENDOR} ${OS_RELEASE} | |
| ;; | |
| esac | |
| ;; | |
| Ubuntu) | |
| case ${OS_VERSION} | |
| in | |
| 12) | |
| check ${APT_VERSION} ${UBUNTU_12_APT_VERSION} | |
| ;; | |
| 14) | |
| check ${APT_VERSION} ${UBUNTU_14_APT_VERSION} | |
| ;; | |
| 16) | |
| check ${APT_VERSION} ${UBUNTU_16_APT_VERSION} | |
| ;; | |
| 18) | |
| check ${APT_VERSION} ${UBUNTU_18_APT_VERSION} | |
| ;; | |
| *) | |
| fail ${OS_VENDOR} ${OS_RELEASE} | |
| ;; | |
| esac | |
| ;; | |
| esac |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - hosts: debian-8 , debian-9 , ubuntu-12 , ubuntu-14 , ubuntu-16 , ubuntu-18 | |
| become: no | |
| tasks: | |
| - name: Create scripts directory | |
| file: dest=/opt/ansible/bin mode=755 owner=root group=staff state=directory | |
| - name: Copy script to server | |
| copy: src=check_CVE-2019-3462.sh dest=/opt/ansible/bin/check_CVE-2019-3462.sh mode=755 owner=root group=staff | |
| - name: Check apt version | |
| command: /opt/ansible/bin/check_CVE-2019-3462.sh | |
| become: no | |
| register: output | |
| - debug: var=output.stdout_lines |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [debian-8] | |
| [debian-9] | |
| [ubuntu-12] | |
| [ubuntu-14] | |
| [ubuntu-16] | |
| [ubuntu-18] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment