From 3050a956990fc526d1df73e42b5fe856a4674a72 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 27 Jan 2021 14:36:14 +0100 Subject: [PATCH] Add playbook to deploy sudo update on all machines --- sudo_upgrade.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100755 sudo_upgrade.yml diff --git a/sudo_upgrade.yml b/sudo_upgrade.yml new file mode 100755 index 0000000..45b01ad --- /dev/null +++ b/sudo_upgrade.yml @@ -0,0 +1,17 @@ +#!/usr/bin/env ansible-playbook +--- +# This is a special playbook to upgrade sudo everywhere after the +# CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) +# Please always use with --limit myserver.adm.auro.re +# And list updates with --check +- hosts: all + tasks: + - name: Upgrade sudo + apt: + name: sudo + state: latest + update_cache: true + cache_valid_time: 3600 # one hour + register: apt_result + retries: 3 + until: apt_result is succeeded