Add playbook to deploy sudo update on all machines #34
1 changed files with 17 additions and 0 deletions
17
sudo_upgrade.yml
Executable file
17
sudo_upgrade.yml
Executable file
|
@ -0,0 +1,17 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# This is a special playbook to upgrade sudo everywhere after the
|
||||
# CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
|
||||
# Please always use with --limit myserver.adm.auro.re
|
||||
# And list updates with --check
|
||||
- hosts: all
|
||||
tasks:
|
||||
- name: Upgrade sudo
|
||||
apt:
|
||||
name: sudo
|
||||
state: latest
|
||||
update_cache: true
|
||||
cache_valid_time: 3600 # one hour
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
Loading…
Reference in a new issue