来源

关联漏洞

描述

Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor)

介绍

# ansible-CVE-2024-3094
Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor). These were developed with guidance from https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/.

## Background
Running the checks to see if your Linux system is vulnerable is simple if it's only one or two systems, but what if you have a fleet of systems to manage? This is my humble attempt to make the automation of this process a little easier.

This has been tested on Ubuntu 22.04.

## Instructions

### Preflight
1) Clone the repo to your Ansible control node.
2) Prepare your hosts file in either INI or YML format.
3) Run the `preflight.sh` file to ensure you have the latest version from JFrog

### CVE-2024-3094 Check
1) Run the playbook with the following command:

`ansible-playbook -i <insert_hosts_file_here> CVE-2024-3094-check.yml`

### CVE-2024-3094 Fix
1) If needed, run the playbook with the following command:

`ansible-playbook -i <insert_hosts_file_here> CVE-2024-3094-fix.yml`

2) For further peace of mind, rerun the Check playbook.

### Results
Each playbook will produce text files in a `results` directory for each host.

文件快照

 [4.0K]  /data/pocs/35bb465c1d255d51b1ebe445d5792ec223bc7c22
├── [2.2K]  CVE-2024-3094-check.yml
├── [ 827]  CVE-2024-3094-fix.yml
├── [4.0K]  cve-2024-3094-tools
├── [ 125]  hosts.ini.template
├── [ 189]  hosts.yml.template
├── [1.0K]  LICENSE
├── [ 712]  playbook.yml.template
├── [ 409]  preflight.sh
└── [1.1K]  README.md

1 directory, 8 files

备注