Merge pull request 'Add playbook to deploy sudo update on all machines' (#34) from sudo_update into master

Reviewed-on: Aurore/ansible#34
2021-03-11 14:22:20 +01:00 · 2021-03-11 14:22:20 +01:00 · 974fcff1d3
parent ebb3c894da 3050a95699
commit 974fcff1d3
1 changed files with 17 additions and 0 deletions
--- a/sudo_upgrade.yml
+++ b/sudo_upgrade.yml
@ -0,0 +1,17 @@
+#!/usr/bin/env ansible-playbook
+---
+# This is a special playbook to upgrade sudo everywhere after the
+# CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
+# Please always use with --limit myserver.adm.auro.re
+# And list updates with --check
+- hosts: all
+  tasks:
+    - name: Upgrade sudo
+      apt:
+        name: sudo
+        state: latest
+        update_cache: true
+        cache_valid_time: 3600  # one hour
+      register: apt_result
+      retries: 3
+      until: apt_result is succeeded