Share
## https://sploitus.com/exploit?id=908626C0-6D80-5E68-87BB-0DBA74E97837
# ansible-CVE-2024-3094
Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor). These were developed with guidance from https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/.

## Background
Running the checks to see if your Linux system is vulnerable is simple if it's only one or two systems, but what if you have a fleet of systems to manage? This is my humble attempt to make the automation of this process a little easier.

This has been tested on Ubuntu 22.04.

## Instructions

### Preflight
1) Clone the repo to your Ansible control node.
2) Prepare your hosts file in either INI or YML format.
3) Run the `preflight.sh` file to ensure you have the latest version from JFrog

### CVE-2024-3094 Check
1) Run the playbook with the following command:

`ansible-playbook -i <insert_hosts_file_here> CVE-2024-3094-check.yml`

### CVE-2024-3094 Fix
1) If needed, run the playbook with the following command:

`ansible-playbook -i <insert_hosts_file_here> CVE-2024-3094-fix.yml`

2) For further peace of mind, rerun the Check playbook.

### Results
Each playbook will produce text files in a `results` directory for each host.