├── conf └── .gitignore ├── facts └── .gitignore ├── uploaded_files └── .gitignore ├── playbooks ├── linux │ └── security │ │ └── scripts │ │ └── .gitignore ├── common │ └── files │ │ └── etc │ │ └── profile.d │ │ ├── custom.sh │ │ └── custom.csh ├── rhel │ ├── boot │ │ ├── scripts │ │ │ └── mk-rescue-image │ │ └── update-rescue-boot-image.yml │ ├── repo │ │ ├── dnf-repo-install.yml │ │ ├── yum-repo-install.yml │ │ └── install-repo.yml │ ├── common │ │ ├── common_dnf_tasks.yml │ │ ├── common_yum_tasks.yml │ │ ├── common_rpm_fix_vars.yml │ │ └── common_handlers.yml │ ├── rpm │ │ ├── dnf-repolist.yml │ │ ├── yum-repolist.yml │ │ ├── scripts │ │ │ ├── yum_dnf_repo_list │ │ │ └── check_rpm_installed │ │ ├── dnf-update-rpm.yml │ │ ├── yum-update-rpm.yml │ │ ├── dnf-update-rpm-26.yml │ │ ├── dnf-rpm-info.yml │ │ ├── yum-rpm-info.yml │ │ └── yum-update-rpm-26.yml │ ├── shells │ │ ├── dnf-setup-shells.yml │ │ └── yum-setup-shells.yml │ ├── editors │ │ ├── dnf-setup-nano.yml │ │ └── yum-setup-nano.yml │ ├── security │ │ ├── cve-2021-4034.yml │ │ ├── cve-2020-14372.yml │ │ ├── cve-2018-3620.yml │ │ ├── cve-2019-5736.yml │ │ ├── cve-2021-30465.yml │ │ ├── cve-2017-1000366.yml │ │ ├── cve-2017-14491.yml │ │ ├── cve-2018-12207.yml │ │ ├── cve-2020-10713.yml │ │ ├── cve-2021-43527.yml │ │ ├── cve-2021-3156.yml │ │ ├── cve-2022-0847.yml │ │ ├── cve-2019-14835.yml │ │ ├── cve-2017-6074.yml │ │ ├── cve-2017-1000253.yml │ │ ├── cve-2019-11477-8-9.yml │ │ ├── DNSpooq.yml │ │ ├── cve-2017-1000251.yml │ │ ├── cve-2018-3639.yml │ │ ├── cve-2022-3602-3786.yml │ │ ├── spectre-meltdown.yml │ │ ├── cve-2021-33909.yml │ │ └── cve-2018-12130.yml │ ├── scl │ │ └── scl-info.yml │ ├── networking │ │ └── network-list-all-zones-firewalld.yml │ └── find │ │ └── find_rpmnew.yml ├── debian │ ├── common │ │ ├── common_apt_tasks.yml │ │ └── common_apt_fix_vars.yml │ ├── editors │ │ └── apt-setup-nano.yml │ ├── shells │ │ └── apt-setup-shells.yml │ └── deb │ │ ├── apt-deb-info.yml │ │ ├── apt-upgrade-deb.yml │ │ ├── apt-autoremove.yml │ │ ├── apt-update-common.yml │ │ └── scripts │ │ └── check_deb_installed ├── openbsd │ ├── common │ │ └── common_pkg_tasks.yml │ └── pkg │ │ └── pkg-info-list-files.yml ├── security │ └── ssl-tls-common-checks.yml ├── acl │ ├── get-acl.yml │ └── get-xattr.yml └── ubuntu │ └── security │ └── ubuntu-security-status.yml ├── .gitignore ├── LICENCE └── bin ├── ansible_ping-hosts ├── ansible_gather-facts ├── ansible_editors-setup-nano ├── ansible_service-need-restart ├── ansible_user-create-new-user ├── ansible_user-htpasswd-add-user ├── ansible_user-disable-user-login ├── ansible_user-remove-ssh-public-key ├── ansible_user-setup-ssh-public-key ├── ansible_service-rhel-check-status ├── ansible_user-htpasswd-remove-user ├── ansible_user-re-enable-user-login ├── ansible_user-remove-existing-user ├── ansible_service-start-stop-restart ├── ansible_service-enable-disable-at-boot ├── ansible_ubuntu-security-status ├── ansible_scl-info ├── ansible_deb-apt-autoremove ├── ansible_deb-apt-update ├── ansible_security-check-remote-ssl-tls-certificate-expired-https ├── ansible_security-check-ssl-tls-certificate-expired ├── ansible_deb-apt-upgrade-deb ├── ansible_openbsd-pkg-add-update-package ├── ansible_rpm-yum-dnf-repolist ├── ansible_acl-get ├── ansible_acl-set ├── ansible_rpm-is-rpm-installed ├── ansible_rpm-yum-dnf-check-update ├── ansible_acl-remove ├── ansible_deb-is-deb-installed ├── ansible_security-rhel-drown-test ├── ansible_acl-stat-file ├── ansible_acl-xattr-get ├── ansible_boot-rhel-recreate-rescue-boot-image ├── ansible_find-files ├── ansible_security-rhel-cve-2017-6074 ├── ansible_deb-info ├── ansible_net-close-network-port-iptables ├── ansible_net-open-network-port-firewalld ├── ansible_net-open-network-port-iptables ├── ansible_openbsd-pkg-info-list-files ├── ansible_openbsd-pkg-info-list-installed-packages ├── ansible_rpm-info ├── ansible_security-rhel-cve-2017-1000251 ├── ansible_security-rhel-cve-2017-1000253 ├── ansible_security-rhel-cve-2017-1000366 ├── ansible_security-rhel-cve-2017-14491 ├── ansible_net-close-network-port-firewalld ├── ansible_net-list-all-zones-firewalld ├── ansible_security-rhel-DNSpooq ├── ansible_deb-apt-file-search ├── ansible_find-etc-opt-rmpnew-files ├── ansible_rpm-whatprovides ├── ansible_security-rhel-cve-2018-3639 ├── ansible_security-rhel-cve-2019-5736 ├── ansible_security-rhel-cve-2021-3156 ├── ansible_security-rhel-cve-2021-4034 ├── ansible_security-rhel-cve-2022-0847 ├── ansible_security-rhel-cve-2018-12130 ├── ansible_security-rhel-cve-2018-12207 ├── ansible_security-rhel-cve-2018-3620-3645 ├── ansible_security-rhel-cve-2019-14835 ├── ansible_security-rhel-cve-2020-10713 ├── ansible_security-rhel-cve-2020-14372 ├── ansible_security-rhel-cve-2021-30465 ├── ansible_security-rhel-cve-2021-33909 ├── ansible_security-rhel-cve-2021-43527 ├── ansible_security-rhel-cve-2022-3602-3786 ├── ansible_security-rhel-spectre-meltdown ├── ansible_security-rhel-tcp-sack-panic-cve-2019-11477-8-9 ├── ansible_security-cve-2021-42574-42694-find_unicode_control2 ├── ansible_security-linux-bsd-github-speed47-spectre-meltdown-checker ├── ansible_rpm-list-files ├── ansible_rpm-yum-dnf-update-rpm ├── ansible_rpm-setup-shells └── ansible_rpm-install-repo /conf/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything in this directory 2 | * 3 | # Except this file 4 | !.gitignore 5 | !.htaccess 6 | -------------------------------------------------------------------------------- /facts/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything in this directory 2 | * 3 | # Except this file 4 | !.gitignore 5 | !.htaccess 6 | -------------------------------------------------------------------------------- /uploaded_files/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything in this directory 2 | * 3 | # Except this file 4 | !.gitignore 5 | !.htaccess 6 | -------------------------------------------------------------------------------- /playbooks/linux/security/scripts/.gitignore: -------------------------------------------------------------------------------- 1 | # have Git ignore scripts that are dynamically downloaded. 2 | spectre-meltdown-checker.sh 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .includepath 3 | .buildpath 4 | .externalToolBuilders 5 | .project 6 | .settings/ 7 | .settings/**/* 8 | x-code-project/**/* 9 | bin/ansible_config 10 | -------------------------------------------------------------------------------- /playbooks/common/files/etc/profile.d/custom.sh: -------------------------------------------------------------------------------- 1 | 2 | set PATH="$PATH:/usr/sbin:/sbin:$HOME/bin" 3 | 4 | alias cls="tput clear" 5 | alias priv=sudo 6 | alias pico="nano -w" 7 | alias pine=alpine 8 | alias md=mkdir 9 | alias rd=rmdir 10 | alias df="df -k" 11 | alias du="du -k" 12 | 13 | -------------------------------------------------------------------------------- /playbooks/common/files/etc/profile.d/custom.csh: -------------------------------------------------------------------------------- 1 | 2 | alias cls tput clear 3 | alias priv sudo 4 | alias pico nano -w 5 | alias pine alpine 6 | alias md mkdir 7 | alias rd rmdir 8 | alias df df -k 9 | alias du du -k 10 | 11 | set prompt="%m:%~>" 12 | set correct=cmd 13 | set autolist=ambiguous 14 | 15 | setenv PATH $PATH":/usr/sbin:/sbin:$HOME/bin" 16 | 17 | umask 022 18 | -------------------------------------------------------------------------------- /LICENCE: -------------------------------------------------------------------------------- 1 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 2 | # 3 | # Permission to use, copy, modify, and distribute this software for any 4 | # purpose with or without fee is hereby granted, provided that the above 5 | # copyright notice and this permission notice appear in all copies. 6 | # 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | -------------------------------------------------------------------------------- /playbooks/rhel/boot/scripts/mk-rescue-image: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | #rm /boot/*rescue* 22 | 23 | /etc/kernel/postinst.d/51-dracut-rescue-postinst.sh \ 24 | $(uname -r) /boot/vmlinuz-$(uname -r) 25 | -------------------------------------------------------------------------------- /playbooks/rhel/repo/dnf-repo-install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | - name: "DNF Install Repo" 21 | dnf: 22 | name: "{{ repo_url }}" 23 | state: present 24 | when: ((ansible_os_family == 'RedHat') 25 | and 26 | (ansible_lsb.major_release|int >= 8)) 27 | register: dnf_repo 28 | -------------------------------------------------------------------------------- /playbooks/rhel/common/common_dnf_tasks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Common DNF tasks 21 | 22 | - name: "DNF print results" 23 | local_action: command printf "{{ item }}" 24 | when: item | length > 0 25 | with_items: 26 | - "{{ print_dnf_update.results|default('') }}" 27 | changed_when: false 28 | -------------------------------------------------------------------------------- /playbooks/rhel/common/common_yum_tasks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Common Yum tasks 21 | 22 | - name: "Yum print results" 23 | local_action: command printf "{{ item }}" 24 | when: item | length > 0 25 | with_items: 26 | - "{{ print_yum_update.results|default('') }}" 27 | changed_when: false 28 | -------------------------------------------------------------------------------- /playbooks/debian/common/common_apt_tasks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Common APT tasks 21 | 22 | - name: "APT print results" 23 | local_action: 24 | command printf "%s" \ 25 | "{{ item }}" 26 | when: item | length > 0 27 | with_items: 28 | - "{{ print_apt_update.results|default('') }}" 29 | changed_when: false 30 | -------------------------------------------------------------------------------- /playbooks/rhel/rpm/dnf-repolist.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Execute dnf repolist on RHEL/CENTOS >= 8 hosts 21 | 22 | - name: "DNF repolist" 23 | script: scripts/yum_dnf_repo_list dnf "{{ repo_type }}" 24 | when: ((ansible_os_family == 'RedHat') 25 | and 26 | (ansible_lsb.major_release|int >= 8)) 27 | changed_when: false 28 | -------------------------------------------------------------------------------- /playbooks/rhel/repo/yum-repo-install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | - name: "Yum Install Repo" 21 | yum: 22 | name: "{{ repo_url }}" 23 | state: present 24 | when: (ansible_os_family == 'RedHat') 25 | and 26 | (ansible_lsb.major_release|int >= 5 and 27 | ansible_lsb.major_release|int <= 7) 28 | register: yum_repo 29 | -------------------------------------------------------------------------------- /playbooks/debian/editors/apt-setup-nano.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Install nano editor if not present 21 | # Change the /etc/nanorc tabsize from default 8 to 4. 22 | # on Debian hosts 23 | 24 | - name: "APT install nano DEB" 25 | apt: 26 | name: nano 27 | state: latest 28 | when: ansible_os_family == 'RedHat' 29 | register: apt_install 30 | -------------------------------------------------------------------------------- /bin/ansible_ping-hosts: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 22 | 23 | # Include our default settings 24 | . "${SCRIPT_DIR}/ansible_common" 25 | 26 | HOSTS=all 27 | 28 | if [ ! -x ${1} ]; then 29 | 30 | HOSTS="${1}" 31 | fi 32 | 33 | ansible "${HOSTS}" -m ping \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" 35 | -------------------------------------------------------------------------------- /playbooks/debian/shells/apt-setup-shells.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Install shell and setup /etc/profile.d/custom.* files 21 | # on Debian/Ubuntu hosts 22 | 23 | - name: "APT install shell Deb" 24 | apt: 25 | name: "{{ shell_name }}" 26 | state: latest 27 | when: ansible_os_family == 'Debian' 28 | register: apt_install 29 | 30 | - import_tasks: ../common/common_apt_tasks.yml 31 | -------------------------------------------------------------------------------- /playbooks/rhel/rpm/yum-repolist.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Execute yum repolist on RHEL/CENTOS <= 7 hosts 21 | 22 | - name: "Yum repolist" 23 | script: scripts/yum_dnf_repo_list yum "{{ repo_type }}" 24 | when: (ansible_os_family == 'RedHat') 25 | and 26 | (ansible_lsb.major_release|int >= 5 and 27 | ansible_lsb.major_release|int <= 7) 28 | changed_when: false 29 | -------------------------------------------------------------------------------- /playbooks/rhel/shells/dnf-setup-shells.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Install tcsh and setup /etc/profile.d/custom.* files 21 | # on RHEL/CENTOS hosts 22 | 23 | - name: "DNF install shell RPM" 24 | dnf: 25 | pkg: "{{ shell_name }}" 26 | state: latest 27 | when: ((ansible_os_family == 'RedHat') 28 | and 29 | (ansible_lsb.major_release|int >= 8)) 30 | register: dnf_install 31 | -------------------------------------------------------------------------------- /playbooks/rhel/editors/dnf-setup-nano.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Install nano editor if not present 21 | # Change the /etc/nanorc tabsize from default 8 to 4. 22 | # on RHEL/CENTOS hosts 23 | 24 | - name: "DNF install nano RPM" 25 | dnf: 26 | pkg: ['nano'] 27 | state: latest 28 | when: ((ansible_os_family == 'RedHat') 29 | and 30 | (ansible_lsb.major_release|int >= 8)) 31 | register: dnf_install 32 | -------------------------------------------------------------------------------- /bin/ansible_gather-facts: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 22 | 23 | # Include our default settings 24 | . "${SCRIPT_DIR}/ansible_common" 25 | 26 | HOSTS=all 27 | 28 | if [ ! -x ${1} ]; then 29 | 30 | HOSTS="${1}" 31 | fi 32 | 33 | # Gather OS information. 34 | ansible ${HOSTS} -m setup \ 35 | --tree "${ANSIBLE_FACTS_PATH}/server-facts" \ 36 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" 37 | -------------------------------------------------------------------------------- /playbooks/openbsd/common/common_pkg_tasks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Common OpenBSD pkg tasks 21 | 22 | - name: "pkg_add print results" 23 | local_action: 24 | command printf "%s%s\n" \ 25 | "{{ item.name }} {{ item.state }} " \ 26 | "{{ (item.changed == 'true') | ternary('updated', 'installed') }}" 27 | when: item | length > 0 28 | with_items: 29 | - "{{ print_pkg_update.results|default('') }}" 30 | changed_when: false 31 | -------------------------------------------------------------------------------- /playbooks/rhel/shells/yum-setup-shells.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Install tcsh and setup /etc/profile.d/custom.* files 21 | # on RHEL/CENTOS hosts 22 | 23 | - name: "Yum install shell RPM" 24 | yum: 25 | pkg: "{{ shell_name }}" 26 | state: latest 27 | when: (ansible_os_family == 'RedHat') 28 | and 29 | (ansible_lsb.major_release|int >= 5 and 30 | ansible_lsb.major_release|int <= 7) 31 | register: yum_install 32 | -------------------------------------------------------------------------------- /playbooks/rhel/common/common_rpm_fix_vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Common rpm fix variables by running certain filters over them. 21 | 22 | - name: "Fix rpm package variable" 23 | set_fact: 24 | rpm_package: "{{ rpm_package | replace(' ', '') }}" 25 | when: rpm_package is defined 26 | 27 | - name: "Fix other variables" 28 | set_fact: 29 | disable_repo: "{{ disable_repo | replace(' ', '') }}" 30 | enable_repo: "{{ enable_repo | replace(' ', '') }}" 31 | -------------------------------------------------------------------------------- /playbooks/rhel/editors/yum-setup-nano.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Install nano editor if not present 21 | # Change the /etc/nanorc tabsize from default 8 to 4. 22 | # on RHEL/CENTOS hosts 23 | 24 | - name: "Yum install nano RPM" 25 | yum: 26 | pkg: ['nano'] 27 | state: latest 28 | when: (ansible_os_family == 'RedHat') 29 | and 30 | (ansible_lsb.major_release|int >= 5 and 31 | ansible_lsb.major_release|int <= 7) 32 | register: yum_install 33 | -------------------------------------------------------------------------------- /playbooks/debian/common/common_apt_fix_vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Common APT fix variables by running certain filters over them. 21 | 22 | - name: "Fix Deb package variable" 23 | set_fact: 24 | deb_package: "{{ deb_package | replace(' ', '') }}" 25 | when: deb_package is defined 26 | 27 | - name: "Fix other variables" 28 | set_fact: 29 | disable_source: "{{ disable_source | replace(' ', '') }}" 30 | enable_source: "{{ enable_source | replace(' ', '') }}" 31 | -------------------------------------------------------------------------------- /bin/ansible_editors-setup-nano: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/editors/setup-nano.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_service-need-restart: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/service/service-need-restart.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_user-create-new-user: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/user/user-create-new-user.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_user-htpasswd-add-user: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/user/user-htpasswd-add-user.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_user-disable-user-login: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/user/user-disable-user-login.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_user-remove-ssh-public-key: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/user/remove-user-ssh-pub-key.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_user-setup-ssh-public-key: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}"/hosts \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/user/setup-user-ssh-pub-key.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_service-rhel-check-status: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/service/service-check-status.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_user-htpasswd-remove-user: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/user/user-htpasswd-remove-user.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_user-re-enable-user-login: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/user/user-re-enable-user-login.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_user-remove-existing-user: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/user/user-remove-existing-user.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_service-start-stop-restart: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/service/service-start-stop-restart.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_service-enable-disable-at-boot: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/service/service-enable-disable-at-boot.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_ubuntu-security-status: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/ubuntu/security/ubuntu-security-status.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_scl-info: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/scl/scl-info.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_deb-apt-autoremove: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --ask-become-pass \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/debian/deb/apt-autoremove.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_deb-apt-update: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --ask-become-pass \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/debian/deb/apt-update-common.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_security-check-remote-ssl-tls-certificate-expired-https: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 33 | "${ANSIBLE_PLAYBOOKS_PATH}"/security/check-remote-ssl-tls-certificate_expired.yml 34 | -------------------------------------------------------------------------------- /bin/ansible_security-check-ssl-tls-certificate-expired: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | #ANSIBLE_SSH_PIPELINING=0 30 | 31 | ansible-playbook ${MUNGED_ARGS} \ 32 | --ask-become-pass \ 33 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 34 | "${ANSIBLE_PLAYBOOKS_PATH}"/security/check-ssl-tls-certificate_expired.yml 35 | -------------------------------------------------------------------------------- /bin/ansible_deb-apt-upgrade-deb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --ask-become-pass \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/debian/deb/apt-upgrade-deb-common.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_openbsd-pkg-add-update-package: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --ask-become-pass \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/openbsd/pkg/pkg-update.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_rpm-yum-dnf-repolist: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --ask-become-pass \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/rpm/yum-dnf-repolist-common.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_acl-get: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/acl/get-acl.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_acl-set: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/acl/set-acl.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_rpm-is-rpm-installed: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/rpm/is-rpm-installed.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_rpm-yum-dnf-check-update: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --ask-become-pass \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/rpm/yum-dnf-check-update-common.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_acl-remove: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/acl/remove-acl.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_deb-is-deb-installed: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/debian/deb/is-deb-installed.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-drown-test: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/drown_test.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_acl-stat-file: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/acl/stat-file.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_acl-xattr-get: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/acl/get-xattr.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_boot-rhel-recreate-rescue-boot-image: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --ask-become-pass \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/boot/update-rescue-boot-image.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_find-files: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/find/find_files.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2017-6074: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2017-6074.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_deb-info: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/debian/deb/deb-info-common.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_net-close-network-port-iptables: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --ask-become-pass \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/networking/network-close-port-iptables.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_net-open-network-port-firewalld: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --ask-become-pass \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/networking/network-open-port-firewalld.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_net-open-network-port-iptables: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --ask-become-pass \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/networking/network-open-port-iptables.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_openbsd-pkg-info-list-files: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/openbsd/pkg/pkg-info-list-files.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_openbsd-pkg-info-list-installed-packages: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --ask-become-pass \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/openbsd/pkg/pkg-info-list-installed.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_rpm-info: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/rpm/rpm-info-common.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2017-1000251: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2017-1000251.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2017-1000253: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2017-1000253.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2017-1000366: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2017-1000366.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2017-14491: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2017-14491.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_net-close-network-port-firewalld: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --ask-become-pass \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/networking/network-close-port-firewalld.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_net-list-all-zones-firewalld: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | 32 | ansible-playbook ${MUNGED_ARGS} \ 33 | --ask-become-pass \ 34 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 35 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/networking/network-list-all-zones-firewalld.yml 36 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-DNSpooq: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/DNSpooq.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_deb-apt-file-search: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/debian/deb/apt-file-search.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_find-etc-opt-rmpnew-files: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/find/find_rpmnew.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_rpm-whatprovides: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/rpm/yum-dnf-whatprovides.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2018-3639: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2018-3639.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2019-5736: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2019-5736.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2021-3156: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2021-3156.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2021-4034: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2021-4034.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2022-0847: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}"/hosts \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2022-0847.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2018-12130: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2018-12130.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2018-12207: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2018-12207.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2018-3620-3645: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2018-3620.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2019-14835: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2019-14835.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2020-10713: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2020-10713.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2020-14372: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2020-14372.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2021-30465: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2021-30465.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2021-33909: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2021-33909.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2021-43527: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2021-43527.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-cve-2022-3602-3786: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2022-3602-3786.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-spectre-meltdown: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/spectre-meltdown.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-rhel-tcp-sack-panic-cve-2019-11477-8-9: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/security/cve-2019-11477-8-9.yml 37 | -------------------------------------------------------------------------------- /playbooks/debian/deb/apt-deb-info.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Find out Deb information installed on Debian/Ubuntu hosts 21 | 22 | - name: "Enable / Disable APT sources" 23 | script: scripts/enable_disable_apt_sources -d="{{ disable_source }}" -e="{{ enable_source }}" 24 | when: ansible_os_family == 'Debian' 25 | register: apt_enable 26 | changed_when: false 27 | failed_when: apt_enable.rc > 0 28 | 29 | - name: "APT find Deb information" 30 | script: scripts/deb_information -d="{{ deb_package }}" -s="{{ directive }}" 31 | register: apt_deb_info 32 | changed_when: false 33 | failed_when: apt_deb_info.rc > 0 34 | -------------------------------------------------------------------------------- /bin/ansible_security-cve-2021-42574-42694-find_unicode_control2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/security/find_unicode_control2.yml 37 | -------------------------------------------------------------------------------- /bin/ansible_security-linux-bsd-github-speed47-spectre-meltdown-checker: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ansible-playbook ${MUNGED_ARGS} \ 34 | --ask-become-pass \ 35 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 36 | "${ANSIBLE_PLAYBOOKS_PATH}"/linux/security/spectre-meltdown-checker.yml 37 | -------------------------------------------------------------------------------- /playbooks/debian/deb/apt-upgrade-deb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Update Deb package to the latest release. 21 | # on Debian/Ubuntu hosts 22 | - name: "Enable / Disable APT sources" 23 | script: scripts/enable_disable_apt_sources -d="{{ disable_source }}" -e="{{ enable_source }}" 24 | when: ansible_os_family == 'Debian' 25 | register: apt_info 26 | changed_when: false 27 | failed_when: apt_info.rc > 0 28 | 29 | - name: "APT upgrade Deb package" 30 | apt: 31 | name: "{{ deb_package.split(',') }}" 32 | state: latest 33 | when: ansible_os_family == 'Debian' 34 | # register: apt_deb_update 35 | 36 | # - name: "debug" 37 | # local_action: command printf "\n\n{{ apt_deb_update }}\n\n" 38 | # changed_when: false 39 | -------------------------------------------------------------------------------- /playbooks/rhel/rpm/scripts/yum_dnf_repo_list: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Ansible script to yum/dnf repolist all. 22 | 23 | PACKAGE_MANAGER=yum 24 | 25 | if [ ! -z ${1} ]; then 26 | if [ X"${1}" = X"dnf" ]; then 27 | PACKAGE_MANAGER=dnf 28 | fi 29 | 30 | shift 31 | fi 32 | 33 | REPO_TYPE="all" 34 | 35 | if [ ! -z ${1} ]; then 36 | REPO_TYPE="${1}" 37 | fi 38 | 39 | TEMP_FILE=$(mktemp --tmpdir ansible_yum_dnf_repo_tmp.XXXXXXXXX) 40 | 41 | # Debug 42 | #printf "Temp Filename = ${TEMP_FILE}\n\n" 43 | 44 | # Grab the Repo list. 45 | ${PACKAGE_MANAGER} repolist ${REPO_TYPE} >& ${TEMP_FILE} 46 | 47 | REPO_LIST=$(cat ${TEMP_FILE}) 48 | 49 | printf "${REPO_LIST}\n" 50 | 51 | # Remove temp file 52 | unlink ${TEMP_FILE} 53 | -------------------------------------------------------------------------------- /playbooks/rhel/rpm/dnf-update-rpm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Update RPM package to the latest release. 21 | # on RHEL/CENTOS hosts >= 8 22 | 23 | - name: "DNF update RPM - ansible >= 2.7" 24 | dnf: 25 | pkg: "{{ rpm_package.split(',') }}" 26 | disablerepo: "{{ disable_repo }}" 27 | enablerepo: "{{ enable_repo }}" 28 | state: latest 29 | when: ((ansible_os_family == 'RedHat') 30 | and 31 | (ansible_lsb.major_release|int >= 8)) 32 | and 33 | (ansible_version.full is version('2.7', '>=')) 34 | # register: dnf_rpm_update 35 | 36 | # - name: "debug" 37 | # local_action: command printf "{{ print_dnf_update }}\n\n" 38 | # local_action: command printf "{{ dnf_rpm_update }}\n\n" 39 | # changed_when: false 40 | -------------------------------------------------------------------------------- /playbooks/security/ssl-tls-common-checks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # SSL /TLS common checks. 21 | 22 | - name: "Invalid Certificate Name" 23 | local_action: 24 | command printf "%s" \ 25 | "Invalid certificate name." 26 | when: 27 | ssl_cert_name | length == 0 28 | changed_when: false 29 | failed_when: true 30 | 31 | - name: "Set SSL / TLS Certificate path" 32 | set_fact: 33 | ssl_cert_path: "/etc/ssl/certs" 34 | when: ssl_cert_path is not defined 35 | or 36 | ssl_cert_path | length == 0 37 | changed_when: false 38 | 39 | # - name: "Debug" 40 | # local_action: command printf "Cert Name - {{ ssl_cert_name }}\n" 41 | # local_action: command printf "Cert Path - {{ ssl_cert_path }}\n" 42 | # changed_when: false 43 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2021-4034.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # RHSB-2022-001 Polkit Privilege Escalation 21 | # CVE-2021-4034 22 | # on RHEL/CENTOS hosts 23 | - hosts: "{{ hosts | default('localhost') }}" 24 | name: "Are we vulnerable to CVE-2021-4034 on RHEL/CENTOS hosts" 25 | become: true 26 | 27 | # vars: 28 | # print_information: true 29 | 30 | tasks: 31 | - import_tasks: ../../common/common_information.yml 32 | 33 | - name: "RHSB-2022-001 Polkit Privilege Escalation - (CVE-2021-4034)" 34 | script: scripts/cve-2021-4034--2022-01-25-0936.sh -n 35 | when: (ansible_os_family == 'RedHat') 36 | and 37 | (ansible_lsb.major_release|int >= 5) 38 | register: vulnerable_info 39 | changed_when: false 40 | failed_when: vulnerable_info.rc > 0 41 | -------------------------------------------------------------------------------- /playbooks/rhel/rpm/yum-update-rpm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Update RPM package to the latest release. 21 | # on RHEL/CENTOS hosts <= 7 22 | 23 | - name: "Yum update RPM - ansible >= 2.7" 24 | yum: 25 | pkg: "{{ rpm_package.split(',') }}" 26 | disablerepo: "{{ disable_repo }}" 27 | enablerepo: "{{ enable_repo }}" 28 | state: latest 29 | when: (ansible_os_family == 'RedHat') 30 | and 31 | (ansible_lsb.major_release|int >= 5 and 32 | ansible_lsb.major_release|int <= 7) 33 | and 34 | (ansible_version.full is version('2.7', '>=')) 35 | # register: yum_rpm_update 36 | 37 | # - name: "debug" 38 | # local_action: command printf "{{ print_yum_update }}\n\n" 39 | # local_action: command printf "\n\n{{ yum_rpm_update }}\n\n" 40 | # changed_when: false 41 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2020-14372.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # ACPI Secure Boot vulnerability - GRUB 2 21 | # CVE-2020-14372 22 | # on RHEL/CENTOS hosts 23 | - hosts: "{{ hosts | default('localhost') }}" 24 | name: "Are we vulnerable to CVE-2020-14372 on RHEL/CENTOS hosts" 25 | become: true 26 | 27 | # vars: 28 | # print_information: true 29 | 30 | tasks: 31 | - import_tasks: ../../common/common_information.yml 32 | 33 | - name: "ACPI Secure Boot vulnerability - GRUB 2 on RHEL/CENTOS hosts" 34 | script: scripts/cve-2020-14372--2021-03-02-1103.sh -n 35 | when: (ansible_os_family == 'RedHat') 36 | and 37 | (ansible_lsb.major_release|int >= 5) 38 | register: vulnerable_info 39 | changed_when: false 40 | failed_when: vulnerable_info.rc > 0 41 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2018-3620.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # L1TF - L1 Terminal Fault Attack - CVE-2018-3620/3645 on RHEL/CENTOS hosts 21 | - hosts: "{{ hosts | default('localhost') }}" 22 | name: "Are we vulnerable to CVE-2018-3620/3645 on RHEL/CENTOS hosts" 23 | become: true 24 | 25 | # vars: 26 | # print_information: true 27 | 28 | tasks: 29 | - import_tasks: ../../common/common_information.yml 30 | 31 | - name: "Check for L1TF - L1 Terminal Fault Attack - CVE-2018-3620/3645 on RHEL/CENTOS hosts" 32 | script: scripts/cve-2018-3620--2019-08-29-1039.sh -n 33 | when: (ansible_os_family == 'RedHat') 34 | and 35 | (ansible_lsb.major_release|int >= 5) 36 | register: vulnerable_info 37 | changed_when: false 38 | failed_when: vulnerable_info.rc > 0 39 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2019-5736.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Check for runc - Malicious container escape 21 | # cve-2019-5736 on RHEL/CENTOS hosts 22 | - hosts: "{{ hosts | default('localhost') }}" 23 | name: "Are we vulnerable to cve-2019-5736 on RHEL/CENTOS hosts" 24 | become: true 25 | 26 | # vars: 27 | # print_information: true 28 | 29 | tasks: 30 | - import_tasks: ../../common/common_information.yml 31 | 32 | - name: "Check for runc - Malicious container escape - cve-2019-5736 on RHEL/CENTOS hosts" 33 | script: scripts/cve-2019-5736--2019-02-13-1024.sh -n 34 | when: (ansible_os_family == 'RedHat') 35 | and 36 | (ansible_lsb.major_release|int >= 5) 37 | register: vulnerable_info 38 | changed_when: false 39 | failed_when: vulnerable_info.rc > 0 40 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2021-30465.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # RHSB-2021-004 Symlink-Exchange attack - runc 21 | # CVE-2021-30465 22 | # on RHEL/CENTOS hosts 23 | - hosts: "{{ hosts | default('localhost') }}" 24 | name: "Are we vulnerable to CVE-2021-30465 on RHEL/CENTOS hosts" 25 | become: true 26 | 27 | # vars: 28 | # print_information: true 29 | 30 | tasks: 31 | - import_tasks: ../../common/common_information.yml 32 | 33 | - name: "RHSB-2021-004 Symlink-Exchange attack - runc on RHEL/CENTOS hosts" 34 | script: scripts/cve-2021-30465--2021-05-19-0759.sh -n 35 | when: (ansible_os_family == 'RedHat') 36 | and 37 | (ansible_lsb.major_release|int >= 5) 38 | register: vulnerable_info 39 | changed_when: false 40 | failed_when: vulnerable_info.rc > 0 41 | -------------------------------------------------------------------------------- /playbooks/debian/deb/apt-autoremove.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Remove unused dependency packages for all module states except build-dep 21 | # on Debian/Ubuntu hosts 22 | - hosts: "{{ hosts | default('localhost') }}" 23 | name: "Remove unused dependency packages for all module states except build-dep" 24 | become: true 25 | 26 | vars: 27 | print_apt_update: "" 28 | # print_information: true 29 | 30 | tasks: 31 | - import_tasks: ../../common/common_information.yml 32 | 33 | - name: "APT remove unused dependency packages" 34 | ansible.builtin.apt: 35 | autoremove: true 36 | when: ansible_os_family == 'Debian' 37 | # register: apt_deb_autoremove 38 | 39 | # - name: "debug" 40 | # local_action: command printf "\n\n{{ apt_deb_autoremove }}\n\n" 41 | # changed_when: false 42 | -------------------------------------------------------------------------------- /playbooks/rhel/common/common_handlers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Common Handlers 21 | 22 | # Backup /etc/sysconfig/iptables to /etc/sysconfig/iptables.{yyyymmdd} 23 | - name: "Backup iptables" 24 | copy: 25 | src: "/etc/sysconfig/{{ iptables_file }}" 26 | dest: "/etc/sysconfig/{{ iptables_file }}.{{ lookup('pipe', 'date +%Y%m%d') }}" 27 | mode: 0600 28 | remote_src: true 29 | when: ansible_system == 'Linux' 30 | 31 | # Save running iptables config to /etc/sysconfig/ [ iptables | ip6tables ] 32 | - name: "Save running iptables" 33 | shell: "iptables-save > /etc/sysconfig/{{ iptables_file }}" 34 | when: ansible_system == 'Linux' 35 | 36 | # Restart IP tables 37 | - name: "Restart iptables" 38 | service: 39 | name: "{{ iptables_service }}" 40 | state: restarted 41 | when: ansible_system == 'Linux' 42 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2017-1000366.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Check for Stack Guard Page Circumvention Affecting Multiple Packages 21 | # CVE-2017-1000366 on RHEL/CENTOS hosts 22 | - hosts: "{{ hosts | default('localhost') }}" 23 | name: "Are we vulnerable to CVE-2017-1000366 on RHEL/CENTOS hosts" 24 | 25 | # vars: 26 | # print_information: true 27 | 28 | tasks: 29 | - import_tasks: ../../common/common_information.yml 30 | 31 | - name: "Check for Stack Guard Page Circumvention Affecting Multiple Packages - CVE-2017-1000366" 32 | script: scripts/cve-2017-1000366_2.sh 33 | when: (ansible_os_family == 'RedHat') 34 | and 35 | (ansible_lsb.major_release|int >= 5) 36 | register: vulnerable_info 37 | changed_when: false 38 | failed_when: vulnerable_info.rc > 0 39 | -------------------------------------------------------------------------------- /bin/ansible_rpm-list-files: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | # Debug 30 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 31 | #printf "ARGS = ${MUNGED_ARGS}\n\n" 32 | 33 | ANSIBLE_PLAYBOOK_FILE=rpm-list-files.yml 34 | 35 | #$(version_compare ${ANSIBLE_PLAYBOOK_VERSION} "2.0.0") 36 | #ANSIBLE_VERSION_COMPARE=$? 37 | 38 | #if [ ${ANSIBLE_VERSION_COMPARE} != 1 ]; then 39 | # >= 40 | # ANSIBLE_PLAYBOOK_FILE=rpm-list-files-v2.yml 41 | #fi 42 | 43 | ansible-playbook ${MUNGED_ARGS} \ 44 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 45 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/rpm/"${ANSIBLE_PLAYBOOK_FILE}" 46 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2017-14491.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Check for dnsmasq: Multiple Critical and Important vulnerabilities - 21 | # CVE-2017-14491 on RHEL/CENTOS hosts 22 | - hosts: "{{ hosts | default('localhost') }}" 23 | name: "Are we vulnerable to CVE-2017-14491 on RHEL/CENTOS hosts" 24 | 25 | # vars: 26 | # print_information: true 27 | 28 | tasks: 29 | - import_tasks: ../../common/common_information.yml 30 | 31 | - name: "Check for dnsmasq: Multiple Critical and Important vulnerabilities - CVE-2017-14491 on RHEL/CENTOS hosts" 32 | script: scripts/cve-2017-14491-2.sh -n 33 | when: (ansible_os_family == 'RedHat') 34 | and 35 | (ansible_lsb.major_release|int >= 5) 36 | register: vulnerable_info 37 | changed_when: false 38 | failed_when: vulnerable_info.rc > 0 39 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2018-12207.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Check for Machine Check Error on Page Size Change 21 | # cve-2018-12207 on RHEL/CENTOS hosts 22 | - hosts: "{{ hosts | default('localhost') }}" 23 | name: "Are we vulnerable to cve-2018-12207 on RHEL/CENTOS hosts" 24 | become: true 25 | 26 | # vars: 27 | # print_information: true 28 | 29 | tasks: 30 | - import_tasks: ../../common/common_information.yml 31 | 32 | - name: "Check for Machine Check Error on Page Size Change - cve-2018-12207 on RHEL/CENTOS hosts" 33 | script: scripts/cve-2018-12207--2020-01-09-1526.sh -n 34 | when: (ansible_os_family == 'RedHat') 35 | and 36 | (ansible_lsb.major_release|int >= 5) 37 | register: vulnerable_info 38 | changed_when: false 39 | failed_when: vulnerable_info.rc > 0 40 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2020-10713.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Check for Boot Hole Vulnerability - GRUB 2 boot loader 21 | # CVE-2020-10713 22 | # on RHEL/CENTOS hosts 23 | - hosts: "{{ hosts | default('localhost') }}" 24 | name: "Are we vulnerable to CVE-2020-10713 on RHEL/CENTOS hosts" 25 | become: true 26 | 27 | # vars: 28 | # print_information: true 29 | 30 | tasks: 31 | - import_tasks: ../../common/common_information.yml 32 | 33 | - name: "Check for Boot Hole Vulnerability - GRUB 2 boot loader on RHEL/CENTOS hosts" 34 | script: scripts/cve-2020-10713--2020-08-01-1153.sh -n 35 | when: (ansible_os_family == 'RedHat') 36 | and 37 | (ansible_lsb.major_release|int >= 5) 38 | register: vulnerable_info 39 | changed_when: false 40 | failed_when: vulnerable_info.rc > 0 41 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2021-43527.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # RHSB-2021-008 NSS Memory corruption when decoding DSA signatures 21 | # CVE-2021-43527 22 | # on RHEL/CENTOS hosts 23 | - hosts: "{{ hosts | default('localhost') }}" 24 | name: "Are we vulnerable to CVE-2021-43527 on RHEL/CENTOS hosts" 25 | become: true 26 | 27 | # vars: 28 | # print_information: true 29 | 30 | tasks: 31 | - import_tasks: ../../common/common_information.yml 32 | 33 | - name: "RHSB-2021-008 NSS Memory corruption when decoding DSA signatures" 34 | script: scripts/cve-2021-43527--2021-12-01-1901.sh -n 35 | when: (ansible_os_family == 'RedHat') 36 | and 37 | (ansible_lsb.major_release|int >= 5) 38 | register: vulnerable_info 39 | changed_when: false 40 | failed_when: vulnerable_info.rc > 0 41 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2021-3156.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Privilege escalation via command line argument parsing - sudo 21 | # CVE-2021-3156 22 | # on RHEL/CENTOS hosts 23 | - hosts: "{{ hosts | default('localhost') }}" 24 | name: "Are we vulnerable to CVE-2021-3156 on RHEL/CENTOS hosts" 25 | become: true 26 | 27 | # vars: 28 | # print_information: true 29 | 30 | tasks: 31 | - import_tasks: ../../common/common_information.yml 32 | 33 | - name: "Privilege escalation via command line argument parsing - sudo on RHEL/CENTOS hosts" 34 | script: scripts/cve-2021-3156--2021-02-01-1206.sh -n 35 | when: (ansible_os_family == 'RedHat') 36 | and 37 | (ansible_lsb.major_release|int >= 5) 38 | register: vulnerable_info 39 | changed_when: false 40 | failed_when: vulnerable_info.rc > 0 41 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2022-0847.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # RHSB-2022-002 Dirty Pipe - kernel arbitrary file manipulation 21 | # CVE-2022-2022-0847 22 | # on RHEL/CENTOS hosts 23 | - hosts: "{{ hosts | default('localhost') }}" 24 | name: "Are we vulnerable to CVE-2022-0847 on RHEL/CENTOS hosts" 25 | become: true 26 | 27 | # vars: 28 | # print_information: true 29 | 30 | tasks: 31 | - import_tasks: ../../common/common_information.yml 32 | 33 | - name: "RHSB-2022-002 Dirty Pipe - kernel arbitrary file manipulation - (CVE-2022-0847)" 34 | script: scripts/cve-2022-0847--2022-03-07-1646.sh -n 35 | when: (ansible_os_family == 'RedHat') 36 | and 37 | (ansible_lsb.major_release|int >= 5) 38 | register: vulnerable_info 39 | changed_when: false 40 | failed_when: vulnerable_info.rc > 0 41 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2019-14835.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Check for VHOST-NET GUEST TO HOST ESCAPE - Kernel vulnerability 21 | # CVE-2019-14835 22 | # on RHEL/CENTOS hosts 23 | - hosts: "{{ hosts | default('localhost') }}" 24 | name: "Are we vulnerable to CVE-2019-14835 on RHEL/CENTOS hosts" 25 | become: true 26 | 27 | # vars: 28 | # print_information: true 29 | 30 | tasks: 31 | - import_tasks: ../../common/common_information.yml 32 | 33 | - name: "Check for VHOST-NET GUEST TO HOST ESCAPE - Kernel vulnerability on RHEL/CENTOS hosts" 34 | script: scripts/cve-2019-14835--2019-09-27-1520.sh -n 35 | when: (ansible_os_family == 'RedHat') 36 | and 37 | (ansible_lsb.major_release|int >= 5) 38 | register: vulnerable_info 39 | changed_when: false 40 | failed_when: vulnerable_info.rc > 0 41 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2017-6074.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Check Use-after-free in the IPv6 implementation of the DCCP protocol in 21 | # the Linux kernel - CVE-2017-6074 on RHEL/CENTOS hosts 22 | - hosts: "{{ hosts | default('localhost') }}" 23 | name: "Is the Kernel vulnerable to CVE-2017-6074 on RHEL/CENTOS hosts" 24 | 25 | # vars: 26 | # print_information: true 27 | 28 | tasks: 29 | - import_tasks: ../../common/common_information.yml 30 | 31 | - name: "Check Use-after-free in the IPv6 implementation of the DCCP protocol in the Linux kernel - CVE-2017-6074" 32 | script: scripts/cve-2017-6074-2.sh 33 | when: (ansible_os_family == 'RedHat') 34 | and 35 | (ansible_lsb.major_release|int >= 5) 36 | register: vulnerable_info 37 | changed_when: false 38 | failed_when: vulnerable_info.rc > 0 39 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2017-1000253.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Check for Linux Kernel load_elf_binary does not allocate 21 | # sufficient space - CVE-2017-1000253 on RHEL/CENTOS hosts 22 | - hosts: "{{ hosts | default('localhost') }}" 23 | name: "Are we vulnerable to CVE-2017-1000253 on RHEL/CENTOS hosts" 24 | 25 | # vars: 26 | # print_information: true 27 | 28 | tasks: 29 | - import_tasks: ../../common/common_information.yml 30 | 31 | - name: "Check for Linux Kernel load_elf_binary does not allocate sufficient space - CVE-2017-1000253 on RHEL/CENTOS hosts" 32 | script: scripts/cve-2017-1000253-1.sh -n 33 | when: (ansible_os_family == 'RedHat') 34 | and 35 | (ansible_lsb.major_release|int >= 5) 36 | register: vulnerable_info 37 | changed_when: false 38 | failed_when: vulnerable_info.rc > 0 39 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2019-11477-8-9.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Check for TCP SACK PANIC - Kernel vulnerabilities 21 | # CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479 22 | # on RHEL/CENTOS hosts 23 | - hosts: "{{ hosts | default('localhost') }}" 24 | name: "Are we vulnerable to CVE-2019-1147[7/8/9] on RHEL/CENTOS hosts" 25 | become: true 26 | 27 | # vars: 28 | # print_information: true 29 | 30 | tasks: 31 | - import_tasks: ../../common/common_information.yml 32 | 33 | - name: "Check for TCP SACK PANIC - Kernel vulnerabilities on RHEL/CENTOS hosts" 34 | script: scripts/cve-2019-11477--2019-06-17-1629.sh -n 35 | when: (ansible_os_family == 'RedHat') 36 | and 37 | (ansible_lsb.major_release|int >= 5) 38 | register: vulnerable_info 39 | changed_when: false 40 | failed_when: vulnerable_info.rc > 0 41 | -------------------------------------------------------------------------------- /playbooks/rhel/security/DNSpooq.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # DNSpooq - Multiple vulnerabilities within dnsmasq 21 | # CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, 22 | # CVE-2020-25685, CVE-2020-25686, CVE-2020-25687 23 | # on RHEL/CENTOS hosts 24 | - hosts: "{{ hosts | default('localhost') }}" 25 | name: "Are we vulnerable to DNSpooq on RHEL/CENTOS hosts" 26 | become: true 27 | 28 | # vars: 29 | # print_information: true 30 | 31 | tasks: 32 | - import_tasks: ../../common/common_information.yml 33 | 34 | - name: "DNSpooq on RHEL/CENTOS hosts" 35 | script: scripts/cve-2020-25681--2021-01-19-0942.sh -n 36 | when: (ansible_os_family == 'RedHat') 37 | and 38 | (ansible_lsb.major_release|int >= 5) 39 | register: vulnerable_info 40 | changed_when: false 41 | failed_when: vulnerable_info.rc > 0 42 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2017-1000251.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Check for Blueborne - Linux Kernel Remote Denial of Service in 21 | # Bluetooth subsystem - CVE-2017-1000251 on RHEL/CENTOS hosts 22 | - hosts: "{{ hosts | default('localhost') }}" 23 | name: "Are we vulnerable to CVE-2017-1000251 on RHEL/CENTOS hosts" 24 | 25 | # vars: 26 | # print_information: true 27 | 28 | tasks: 29 | - import_tasks: ../../common/common_information.yml 30 | 31 | - name: "Check for Blueborne - Linux Kernel Remote Denial of Service in Bluetooth subsystem - CVE-2017-1000251 on RHEL/CENTOS hosts" 32 | script: scripts/cve-2017-1000251-1.sh -n 33 | when: (ansible_os_family == 'RedHat') 34 | and 35 | (ansible_lsb.major_release|int >= 5) 36 | register: vulnerable_info 37 | changed_when: false 38 | failed_when: vulnerable_info.rc > 0 39 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2018-3639.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Check for Kernel Side-Channel Attack using Speculative Store Bypass - 21 | # CVE-2018-3639 on RHEL/CENTOS hosts 22 | - hosts: "{{ hosts | default('localhost') }}" 23 | name: "Are we vulnerable to CVE-2018-3639 on RHEL/CENTOS hosts" 24 | become: true 25 | 26 | # vars: 27 | # print_information: true 28 | 29 | tasks: 30 | - import_tasks: ../../common/common_information.yml 31 | 32 | - name: "Check for Linux Kernel Side-Channel Attack using Speculative Store Bypass - CVE-2018-3639 on RHEL/CENTOS hosts" 33 | script: scripts/cve-2018-3639--2019-06-10-1156.sh -n 34 | when: (ansible_os_family == 'RedHat') 35 | and 36 | (ansible_lsb.major_release|int >= 5) 37 | register: vulnerable_info 38 | changed_when: false 39 | failed_when: vulnerable_info.rc > 0 40 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2022-3602-3786.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # RHSB-2022-004 X.509 Email Address Buffer Overflow - OpenSSL 21 | # cve-2022-3602 and cve-2022-3786 22 | # on RHEL/CENTOS hosts 23 | - hosts: "{{ hosts | default('localhost') }}" 24 | name: "Are we vulnerable to cve-2022-3602 & cve-2022-3786 on RHEL/CENTOS hosts" 25 | become: true 26 | 27 | # vars: 28 | # print_information: true 29 | 30 | tasks: 31 | - import_tasks: ../../common/common_information.yml 32 | 33 | - name: "RHSB-2022-004 X.509 Email Address Buffer Overflow - OpenSSL - (CVE-2022-3602 / cve-2022-3786)" 34 | script: scripts/cve-2022-3602--2022-11-02-1357.sh -n 35 | when: (ansible_os_family == 'RedHat') 36 | and 37 | (ansible_lsb.major_release|int >= 9) 38 | register: vulnerable_info 39 | changed_when: false 40 | failed_when: vulnerable_info.rc > 0 41 | -------------------------------------------------------------------------------- /bin/ansible_rpm-yum-dnf-update-rpm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | # Include our default settings 27 | . "${SCRIPT_DIR}/ansible_common" 28 | 29 | V_PLAYBOOK=yum-dnf-update-rpm-common.yml 30 | 31 | $(version_compare "${ANSIBLE_PLAYBOOK_VERSION}" "2.7.0") 32 | ANSIBLE_VERSION_COMPARE=$? 33 | 34 | # Debug 35 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 36 | #printf "\n\nANSIBLE_VERSION_COMPARE=${ANSIBLE_VERSION_COMPARE}\n\n" 37 | 38 | if [ "${ANSIBLE_VERSION_COMPARE}" -eq 0 ]; then 39 | # < 2.7.0 40 | V_PLAYBOOK=yum-dnf-update-rpm-common-26.yml 41 | fi 42 | 43 | ansible-playbook ${MUNGED_ARGS} \ 44 | --ask-become-pass \ 45 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 46 | "${ANSIBLE_PLAYBOOKS_PATH}/rhel/rpm/${V_PLAYBOOK}" 47 | -------------------------------------------------------------------------------- /playbooks/rhel/security/spectre-meltdown.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Check for Kernel Side-Channel Attacks - 21 | # CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 on RHEL/CENTOS hosts 22 | - hosts: "{{ hosts | default('localhost') }}" 23 | name: "Are we vulnerable to CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 on RHEL/CENTOS hosts" 24 | become: true 25 | 26 | # vars: 27 | # print_information: true 28 | 29 | tasks: 30 | - import_tasks: ../../common/common_information.yml 31 | 32 | - name: "Check for Linux Kernel Side-Channel Attacks - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 on RHEL/CENTOS hosts" 33 | script: scripts/spectre-meltdown--2019-06-10-1156.sh -n 34 | when: (ansible_os_family == 'RedHat') 35 | and 36 | (ansible_lsb.major_release|int >= 5) 37 | register: vulnerable_info 38 | changed_when: false 39 | failed_when: vulnerable_info.rc > 0 40 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2021-33909.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # RHSB-2021-006 Long path name in mountpoint flaws in the kernel 21 | # and systemd 22 | # CVE-2021-33909 23 | # CVE-2021-33910 24 | # on RHEL/CENTOS hosts 25 | - hosts: "{{ hosts | default('localhost') }}" 26 | name: "Are we vulnerable to CVE-2021-33909/33910 on RHEL/CENTOS hosts" 27 | become: true 28 | 29 | # vars: 30 | # print_information: true 31 | 32 | tasks: 33 | - import_tasks: ../../common/common_information.yml 34 | 35 | - name: "RHSB-2021-006 Long path name in mountpoint flaws in the kernel and systemd on RHEL/CENTOS hosts" 36 | script: scripts/cve-2021-33909--2021-07-27-1306.sh -n 37 | when: (ansible_os_family == 'RedHat') 38 | and 39 | (ansible_lsb.major_release|int >= 5) 40 | register: vulnerable_info 41 | changed_when: false 42 | failed_when: vulnerable_info.rc > 0 43 | -------------------------------------------------------------------------------- /playbooks/rhel/security/cve-2018-12130.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Check for MDS - Microarchitectural Store Buffer Data - 21 | # CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091 22 | # on RHEL/CENTOS hosts 23 | - hosts: "{{ hosts | default('localhost') }}" 24 | name: "Are we vulnerable to CVE-2018-[12130/12126/12127], CVE-2019-11091 on RHEL/CENTOS hosts" 25 | become: true 26 | 27 | # vars: 28 | # print_information: true 29 | 30 | tasks: 31 | - import_tasks: ../../common/common_information.yml 32 | 33 | - name: "Check for MDS - Microarchitectural Store Buffer Data on RHEL/CENTOS hosts" 34 | script: scripts/cve-2018-12130--2019-09-27-1628.sh -n 35 | when: (ansible_os_family == 'RedHat') 36 | and 37 | (ansible_lsb.major_release|int >= 5) 38 | register: vulnerable_info 39 | changed_when: false 40 | failed_when: vulnerable_info.rc > 0 41 | -------------------------------------------------------------------------------- /playbooks/rhel/boot/update-rescue-boot-image.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Recreate the Rescue Boot Image on RHEL/CENTOS hosts 21 | - hosts: "{{ hosts | default('localhost') }}" 22 | name: "Recreate the Rescue Boot Image on RHEL/CENTOS hosts" 23 | become: yes 24 | 25 | vars: 26 | #print_information: true 27 | 28 | tasks: 29 | - import_tasks: ../../common/common_information.yml 30 | 31 | - name: "Recreate Rescue Boot Image" 32 | script: scripts/mk-rescue-image 33 | register: rescue_img 34 | failed_when: rescue_img.rc > 0 35 | when: ((ansible_os_family == 'RedHat') 36 | and 37 | (ansible_lsb.major_release|int == 7)) 38 | 39 | - name: "Recreate Grub config" 40 | command: grub2-mkconfig -o /boot/grub2/grub.cfg 41 | register: grub_cfg 42 | failed_when: grub_cfg.rc > 0 43 | when: ((ansible_os_family == 'RedHat') 44 | and 45 | (ansible_lsb.major_release|int == 7)) 46 | 47 | -------------------------------------------------------------------------------- /playbooks/rhel/rpm/dnf-update-rpm-26.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Update RPM package to the latest release. Ansible < 2.7.x 21 | # DNF module changed in ansible 2.7.0 22 | # on RHEL/CENTOS hosts >= 8 23 | 24 | - name: "DNF update RPM - ansible < 2.7" 25 | dnf: 26 | pkg: "{{ item }}" 27 | disablerepo: "{{ disable_repo }}" 28 | enablerepo: "{{ enable_repo }}" 29 | state: latest 30 | when: ((ansible_os_family == 'RedHat') 31 | and 32 | (ansible_lsb.major_release|int >= 8)) 33 | register: dnf_rpm_update 34 | with_items: 35 | - "{{ rpm_package.split(',') }}" 36 | 37 | - name: "Assign variables" 38 | set_fact: 39 | print_dnf_update: "{{ dnf_rpm_update.results[0] }}" 40 | changed_when: false 41 | 42 | - include: ../common/common_dnf_tasks.yml 43 | 44 | # - name: debug 45 | # local_action: command printf "{{ print_dnf_update.results }}\n\n" 46 | # local_action: command printf "{{ dnf_rpm_update['results'] }}\n\n" 47 | # changed_when: false 48 | -------------------------------------------------------------------------------- /playbooks/debian/deb/apt-update-common.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Execute APT update on Debian/Ubuntu hosts 21 | - hosts: "{{ hosts | default('localhost') }}" 22 | name: "Execute APT update on Debian/Ubuntu hosts" 23 | become: true 24 | 25 | vars_prompt: 26 | - name: "disable_source" 27 | prompt: "\nEnter the list of APT Source filename(s) to disable\n(seperated by a comma for multiple, leave blank for none)" 28 | private: false 29 | 30 | - name: "enable_source" 31 | prompt: "\nEnter the list of APT Source filename(s) to enable\n(seperated by a comma for multiple, leave blank for none)" 32 | private: false 33 | 34 | vars: 35 | print_information: true 36 | 37 | tasks: 38 | - import_tasks: ../../common/common_information.yml 39 | 40 | - import_tasks: ../common/common_apt_fix_vars.yml 41 | 42 | - name: "Include APT update" 43 | import_tasks: apt-update.yml 44 | when: ansible_os_family == 'Debian' 45 | changed_when: false 46 | -------------------------------------------------------------------------------- /playbooks/rhel/scl/scl-info.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # List any installed Software Collections using scl -l. 21 | # Usually found on RHEL/CENTOS hosts after yum / dnf updates. 22 | - hosts: "{{ hosts | default('localhost') }}" 23 | name: "List any installed Software Collections using scl -l" 24 | 25 | vars_prompt: 26 | - name: "collection_name" 27 | prompt: "Enter the Collection name to query.\n(Leave Blank to list all installed Collections)" 28 | private: false 29 | 30 | # vars: 31 | # print_information: true 32 | 33 | tasks: 34 | - import_tasks: ../../common/common_information.yml 35 | 36 | - name: "List any installed Software Collections using scl -l" 37 | command: scl -l {{ collection_name }} 38 | when: (ansible_os_family == 'RedHat') 39 | and 40 | (ansible_lsb.major_release|int > 5 and 41 | ansible_lsb.major_release|int <= 7) 42 | register: scl_info 43 | changed_when: false 44 | failed_when: scl_info.rc > 0 45 | -------------------------------------------------------------------------------- /playbooks/openbsd/pkg/pkg-info-list-files.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # List the files of an installed OpenBSD package. 21 | - hosts: "{{ hosts | default('localhost') }}" 22 | name: "List the files of an installed package on OpenBSD hosts" 23 | 24 | vars_prompt: 25 | - name: "package_name" 26 | prompt: "\nEnter the package name" 27 | private: false 28 | 29 | vars: 30 | upload_dest_directory: "../../../uploaded_files" 31 | # print_information: true 32 | 33 | tasks: 34 | - import_tasks: ../../common/common_information.yml 35 | 36 | - name: "Invalid package name" 37 | local_action: command printf "Invalid package name." 38 | when: package_name | length == 0 39 | failed_when: true 40 | 41 | - name: "List files of installed package" 42 | script: scripts/pkg_info_list_files "{{ package_name }}" 43 | register: file_info 44 | changed_when: false 45 | failed_when: file_info.rc > 0 46 | 47 | - import_tasks: ../../common/common_find_files.yml 48 | -------------------------------------------------------------------------------- /playbooks/rhel/repo/install-repo.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Install RPM repositories on RHEL/CENTOS hosts 21 | - hosts: "{{ hosts | default('localhost') }}" 22 | name: "Install RPM repositories on RHEL/CENTOS hosts" 23 | become: true 24 | 25 | vars: 26 | repo_name: "{{ repo | default('') }}" 27 | repo_url: "" 28 | # print_information: true 29 | 30 | tasks: 31 | - import_tasks: ../../common/common_information.yml 32 | 33 | - import_tasks: define-repo.yml 34 | 35 | - name: "Include Yum installer" 36 | import_tasks: yum-repo-install.yml 37 | when: (ansible_os_family == 'RedHat') 38 | and 39 | (ansible_lsb.major_release|int >= 5 and 40 | ansible_lsb.major_release|int <= 7) 41 | changed_when: false 42 | 43 | - name: "Include DNF installer" 44 | import_tasks: dnf-repo-install.yml 45 | when: ((ansible_os_family == 'RedHat') 46 | and 47 | (ansible_lsb.major_release|int >= 8)) 48 | changed_when: false 49 | -------------------------------------------------------------------------------- /playbooks/rhel/networking/network-list-all-zones-firewalld.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # List network zones for firewalld. 21 | - hosts: "{{ hosts | default('localhost') }}" 22 | name: "List network zones for firewalld" 23 | become: true 24 | 25 | vars: 26 | # print_information: true 27 | 28 | tasks: 29 | - import_tasks: ../../common/common_information.yml 30 | 31 | # - import_tasks: network-common-checks.yml 32 | 33 | # List network zones for firewalld. 34 | 35 | - name: "List all firewalld network zone information" 36 | command: firewall-cmd --list-all-zones 37 | when: ( 38 | (ansible_os_family == 'RedHat' 39 | and 40 | ansible_lsb.major_release|int >= 7 41 | ) 42 | or 43 | ( 44 | hostvars[inventory_hostname]['use_iptables'] is defined 45 | and 46 | hostvars[inventory_hostname]['use_iptables'] | bool == False 47 | ) 48 | ) 49 | changed_when: false 50 | -------------------------------------------------------------------------------- /playbooks/rhel/rpm/dnf-rpm-info.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Find out RPM information installed on RHEL/CENTOS hosts 21 | 22 | - name: "DNF find RPM information" 23 | script: scripts/rpm_information dnf -r="{{ rpm_package }}" -s="{{ directive }}" -d="{{ disable_repo }}" -e="{{ enable_repo }}" 24 | register: dnf_rpm_info 25 | changed_when: false 26 | failed_when: dnf_rpm_info.rc > 0 27 | 28 | - name: "DNF print RPM information found" 29 | local_action: 30 | command printf "%s\n\n{{ (dnf_rpm_info.stdout|from_json).rpm_information.replace('%%', '\n').replace('%', '') }}" \ 31 | "{{ rpm_package }} information found" 32 | when: (dnf_rpm_info.stdout|from_json).found 33 | changed_when: false 34 | 35 | - name: "DNF print no RPM information found" 36 | local_action: 37 | command printf "%s\n\n{{ (dnf_rpm_info.stdout|from_json).rpm_information.replace('%%', '\n').replace('%', '') }}" \ 38 | "{{ rpm_package }} information could not be found." 39 | when: not (dnf_rpm_info.stdout|from_json).found 40 | changed_when: false 41 | -------------------------------------------------------------------------------- /playbooks/rhel/rpm/yum-rpm-info.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Find out RPM information installed on RHEL/CENTOS hosts 21 | 22 | - name: "Yum find RPM information" 23 | script: scripts/rpm_information yum -r="{{ rpm_package }}" -s="{{ directive }}" -d="{{ disable_repo }}" -e="{{ enable_repo }}" 24 | register: yum_rpm_info 25 | changed_when: false 26 | failed_when: yum_rpm_info.rc > 0 27 | 28 | - name: "YUM print RPM information found" 29 | local_action: 30 | command printf "%s\n\n{{ (yum_rpm_info.stdout|from_json).rpm_information.replace('%%', '\n').replace('%', '') }}" \ 31 | "{{ rpm_package }} information found" 32 | when: (yum_rpm_info.stdout|from_json).found 33 | changed_when: false 34 | 35 | - name: "YUM print no RPM information found" 36 | local_action: 37 | command printf "%s\n\n{{ (yum_rpm_info.stdout|from_json).rpm_information.replace('%%', '\n').replace('%', '') }}" \ 38 | "{{ rpm_package }} information could not be found." 39 | when: not (yum_rpm_info.stdout|from_json).found 40 | changed_when: false 41 | -------------------------------------------------------------------------------- /playbooks/rhel/rpm/yum-update-rpm-26.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Update RPM package to the latest release. Ansible < 2.7.x 21 | # YUM module changed in ansible 2.7.0 22 | # on RHEL/CENTOS hosts <= 7 23 | 24 | - name: "Yum update RPM - ansible < 2.7" 25 | yum: 26 | pkg: "{{ item }}" 27 | disablerepo: "{{ disable_repo }}" 28 | enablerepo: "{{ enable_repo }}" 29 | state: latest 30 | when: (ansible_os_family == 'RedHat') 31 | and 32 | (ansible_lsb.major_release|int >= 5 and 33 | ansible_lsb.major_release|int <= 7) 34 | register: yum_rpm_update 35 | with_items: 36 | - "{{ rpm_package.split(',') }}" 37 | 38 | - name: "Assign variables" 39 | set_fact: 40 | print_yum_update: "{{ yum_rpm_update.results[0] }}" 41 | changed_when: false 42 | 43 | - include: ../common/common_yum_tasks.yml 44 | 45 | # - name: debug 46 | # local_action: command printf "{{ print_yum_update.results }}\n\n" 47 | # local_action: command printf "\n\n{{ yum_rpm_update['results'] }}\n\n" 48 | # changed_when: false 49 | -------------------------------------------------------------------------------- /bin/ansible_rpm-setup-shells: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | usage() { 27 | printf "%s\n%s\n%s\n" \ 28 | "usage: ${0##*/} shell_name [-e]" \ 29 | " shell_name: name of unix shell to install. eg. tcsh" \ 30 | " -e hosts={comma seperated list of hostnames to override the default}" 31 | exit 1 32 | } 33 | 34 | [ $# -gt 0 ] || usage 35 | 36 | if [[ ${1:0:1} == "-" ]] ; then 37 | 38 | # First arg looks like an option not a shell name. 39 | usage 40 | fi 41 | 42 | SHELL_NAME="${1}" 43 | shift; 44 | 45 | # Debug 46 | #printf "Shell name = ${SHELL_NAME}\n\n" 47 | #exit 48 | 49 | # Include our default settings 50 | . "${SCRIPT_DIR}/ansible_common" 51 | 52 | #ANSIBLE_SSH_PIPELINING=0 53 | 54 | ansible-playbook ${MUNGED_ARGS} \ 55 | --ask-become-pass \ 56 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 57 | --extra-vars="shell=${SHELL_NAME}" \ 58 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/shells/setup-shells.yml 59 | -------------------------------------------------------------------------------- /playbooks/acl/get-acl.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Get the ACL(s) of the file / directory specified. 21 | - hosts: "{{ hosts | default('localhost') }}" 22 | name: "Get the ACL(s) of the file / directory specified" 23 | become: true 24 | 25 | vars_prompt: 26 | - name: "file_directory_name" 27 | prompt: "Enter the file / directory name" 28 | private: false 29 | 30 | # vars: 31 | # print_information: true 32 | 33 | tasks: 34 | - import_tasks: ../common/common_information.yml 35 | 36 | - name: "Invalid file / directory name" 37 | local_action: 38 | command printf "%s" \ 39 | "Invalid file or directory name." 40 | when: file_directory_name | length == 0 41 | failed_when: true 42 | 43 | - name: "Get the ACL" 44 | acl: 45 | name: "{{ file_directory_name }}" 46 | state: query 47 | register: acl_data 48 | # changed_when: false 49 | 50 | - name: "Print ACL data" 51 | local_action: 52 | command printf "%s" \ 53 | "{{ acl_data.acl }}" 54 | changed_when: false 55 | -------------------------------------------------------------------------------- /playbooks/acl/get-xattr.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Get the XATTR(s) Entended Attributes of the file / directory specified. 21 | - hosts: "{{ hosts | default('localhost') }}" 22 | name: "Get the xattr(s) of the file / directory specified" 23 | become: true 24 | 25 | vars_prompt: 26 | - name: "file_directory_name" 27 | prompt: "Enter the file / directory name" 28 | private: false 29 | 30 | # vars: 31 | # print_information: true 32 | 33 | tasks: 34 | - import_tasks: ../common/common_information.yml 35 | 36 | - name: "Invalid file / directory name" 37 | local_action: 38 | command printf "%s" \ 39 | "Invalid file or directory name." 40 | when: file_directory_name | length == 0 41 | failed_when: true 42 | 43 | - name: "Get the xattr(s)" 44 | xattr: 45 | name: "{{ file_directory_name }}" 46 | register: xattr_data 47 | # changed_when: false 48 | 49 | - name: "Print xattr data" 50 | local_action: 51 | command printf "%s" \ 52 | "{{ xattr_data.xattr }}" 53 | changed_when: false 54 | -------------------------------------------------------------------------------- /playbooks/rhel/find/find_rpmnew.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Find any rpmnew | rpmsave files in the /etc/ or /opt/rh directories. 21 | # Usually found on RHEL/CENTOS hosts after yum / dnf updates. 22 | - hosts: "{{ hosts | default('localhost') }}" 23 | name: "Find any rpmnew | rpmsave files in the /etc/ or /opt/rh directories" 24 | become: true 25 | 26 | # vars: 27 | # print_information: true 28 | 29 | tasks: 30 | - import_tasks: ../../common/common_information.yml 31 | 32 | - name: "Find rpmnew | rpmsave files in the /etc/ and /opt/rh/ directories" 33 | find: 34 | paths: "{{ item }}" 35 | patterns: "^.*?.(?:rpmnew|rpmsave)$" 36 | use_regex: true 37 | recurse: true 38 | register: file_info 39 | changed_when: false 40 | with_items: 41 | - "/etc/" 42 | - "/opt/rh/" 43 | 44 | # - debug: var=file_info 45 | 46 | - name: "Files found /etc/ and /opt/rh/ directories" 47 | local_action: command printf "{{ file_info | json_query('results[*].files[*].path') | to_nice_json }}\n" 48 | changed_when: false 49 | -------------------------------------------------------------------------------- /playbooks/ubuntu/security/ubuntu-security-status.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # %BEGIN_COPYRIGHT% 3 | # 4 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 5 | # 6 | # Permission to use, copy, modify, and distribute this software for any 7 | # purpose with or without fee is hereby granted, provided that the above 8 | # copyright notice and this permission notice appear in all copies. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | # 18 | # %END_COPYRIGHT% 19 | 20 | # Execute ubuntu-security-status / ubuntu-support-status 21 | # on Ubuntu hosts. 22 | - hosts: "{{ hosts | default('localhost') }}" 23 | name: "Execute ubuntu-security-status / ubuntu-support-status on Ubuntu hosts" 24 | 25 | vars: 26 | # print_information: true 27 | 28 | tasks: 29 | - import_tasks: ../../common/common_information.yml 30 | 31 | - name: "Run ubuntu-support-status" 32 | shell: "ubuntu-support-status --show-supported --list" 33 | when: ansible_distribution == 'Ubuntu' 34 | and 35 | ansible_distribution_major_version|int < 20 36 | changed_when: false 37 | 38 | - name: "Run ubuntu-security-status" 39 | shell: printf "ubuntu-security-status %s\n" "{{ item }}" && ubuntu-security-status {{ item }} && echo 40 | when: ansible_distribution == 'Ubuntu' 41 | and 42 | ansible_distribution_major_version|int >= 20 43 | with_items: 44 | - "" 45 | - "--thirdparty" 46 | - "--unavailable" 47 | changed_when: false 48 | -------------------------------------------------------------------------------- /playbooks/rhel/rpm/scripts/check_rpm_installed: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Ansible script to query the existance of a RPM package. 22 | # 23 | # Returns: JSON string: 24 | # { 25 | # "found": true/false , 26 | # "rpm_count": "Count of number of RPM packages" , 27 | # "rpm_names": "String of RPM package names" 28 | # } 29 | 30 | RPM_PACKAGE=${1} 31 | RPM_COUNT=0 32 | 33 | if [ ! -z ${RPM_PACKAGE} ]; then 34 | 35 | RPM_COUNT=$(rpm -qa | grep -i ${RPM_PACKAGE} | wc -l) 36 | 37 | RPM_NAMES=$(rpm -qa | grep -i ${RPM_PACKAGE} | sort) 38 | fi 39 | 40 | if [[ ${RPM_COUNT} =~ 0 ]]; then 41 | 42 | printf '{ "found": false , "rpm_count": "0" , "rpm_names": "" }' 43 | 44 | else 45 | 46 | # Remove any newline chars from the name and replace with %%. 47 | # %% will be later substituded in the output display. 48 | RPM_NAMES=${RPM_NAMES//$'\n'/%%} 49 | 50 | # Cut the last char off the end of the string. 51 | #RPM_NAMES=${RPM_NAMES%?} 52 | 53 | # Debug 54 | #printf "${RPM_NAMES}\n" 55 | 56 | printf '{ "found": true , "rpm_count": "%s" , "rpm_names": "%s" }' \ 57 | "${RPM_COUNT}" \ 58 | "${RPM_NAMES}" 59 | 60 | fi 61 | -------------------------------------------------------------------------------- /playbooks/debian/deb/scripts/check_deb_installed: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Ansible script to query the existance of a Deb package. 22 | # 23 | # Returns: JSON string: 24 | # { 25 | # "found": true/false , 26 | # "deb_count": "Count of number of Deb packages" , 27 | # "deb_names": "String of Deb package names" 28 | # } 29 | 30 | DEB_PACKAGE=${1} 31 | DEB_COUNT=0 32 | 33 | if [ ! -z ${DEB_PACKAGE} ]; then 34 | 35 | DEB_COUNT=$(apt list --installed | grep -i ${DEB_PACKAGE} | wc -l) 36 | 37 | DEB_NAMES=$(apt list --installed | grep -i ${DEB_PACKAGE} | sort) 38 | fi 39 | 40 | if [[ ${DEB_COUNT} =~ 0 ]]; then 41 | 42 | printf '{ "found": false , "deb_count": "0" , "deb_names": "" }' 43 | 44 | else 45 | 46 | # Remove any newline chars from the name and replace with %%. 47 | # %% will be later substituded in the output display. 48 | DEB_NAMES=${DEB_NAMES//$'\n'/%%} 49 | 50 | # Cut the last char off the end of the string. 51 | #DEB_NAMES=${DEB_NAMES%?} 52 | 53 | # Debug 54 | #printf "${DEB_NAMES}\n" 55 | 56 | printf '{ "found": true , "deb_count": "%s" , "deb_names": "%s" }' \ 57 | "${DEB_COUNT}" \ 58 | "${DEB_NAMES}" 59 | fi 60 | -------------------------------------------------------------------------------- /bin/ansible_rpm-install-repo: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # %BEGIN_COPYRIGHT% 4 | # 5 | # Copyright 2015-2025 Ian McWilliam (kaosagnt@gmail.com). 6 | # 7 | # Permission to use, copy, modify, and distribute this software for any 8 | # purpose with or without fee is hereby granted, provided that the above 9 | # copyright notice and this permission notice appear in all copies. 10 | # 11 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | # 19 | # %END_COPYRIGHT% 20 | 21 | # Add the command line arg -e hosts=ianm to override the default 22 | # playbook hosts setting 23 | 24 | SCRIPT_DIR="$(dirname "$(readlink -f "${0}")")" 25 | 26 | usage() { 27 | printf "%s\n%s\n%s\n\n%s\n" \ 28 | "usage: ${0##*/} repo_name [-e]" \ 29 | " repo_name: name of repository to install. eg. epel" \ 30 | " -e hosts={comma seperated list of hostnames to override the default}" \ 31 | "Valid repository names: cert epel ius percona remi repoforge" 32 | exit 1 33 | } 34 | 35 | [ $# -gt 0 ] || usage 36 | 37 | if [[ ${1:0:1} == "-" ]] ; then 38 | 39 | # First arg looks like an option not a repo name. 40 | usage 41 | fi 42 | 43 | REPO_NAME="${1}" 44 | shift; 45 | 46 | # Debug 47 | #printf "Repo name = ${REPO_NAME}\n\n" 48 | #exit 49 | 50 | # Include our default settings 51 | . "${SCRIPT_DIR}/ansible_common" 52 | 53 | # Debug 54 | #printf "path = ${ANSIBLE_PLAYBOOKS_PATH}\n\n" 55 | 56 | ansible-playbook ${MUNGED_ARGS} \ 57 | --ask-become-pass \ 58 | --inventory="${ANSIBLE_HOSTS_PATH}/hosts" \ 59 | --extra-vars="repo=${REPO_NAME}" \ 60 | "${ANSIBLE_PLAYBOOKS_PATH}"/rhel/repo/install-repo.yml 61 | --------------------------------------------------------------------------------