https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2014-0291_Patch_openssl_with_ansible_%E6%BC%8F%E6%B4%9E CVE-2014-0291 Patch openssl with ansible 漏洞 - Revision history 2026-04-26T15:49:37Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=CVE-2014-0291_Patch_openssl_with_ansible_%E6%BC%8F%E6%B4%9E&diff=1065&oldid=prev Pwnwiki: Created page with "==Usage== <pre> pip install ansible ansible-playbook -i your_inventory_file patch-openssl-CVE-2015-0291_CVE-2015-0204 </pre> <pre> 192.168.0.10 webserver1.example.com webserv..." 2021-04-07T02:58:42Z <p>Created page with &quot;==Usage== &lt;pre&gt; pip install ansible ansible-playbook -i your_inventory_file patch-openssl-CVE-2015-0291_CVE-2015-0204 &lt;/pre&gt; &lt;pre&gt; 192.168.0.10 webserver1.example.com webserv...&quot;</p> <p><b>New page</b></p><div>==Usage==<br /> &lt;pre&gt;<br /> pip install ansible<br /> ansible-playbook -i your_inventory_file patch-openssl-CVE-2015-0291_CVE-2015-0204<br /> &lt;/pre&gt;<br /> <br /> &lt;pre&gt;<br /> 192.168.0.10<br /> webserver1.example.com<br /> webserver2.example.com<br /> db1.example.com<br /> &lt;/pre&gt;<br /> <br /> <br /> ==EXP==<br /> &lt;pre&gt;<br /> ---<br /> - hosts: all<br /> vars:<br /> openssl_packages: [&quot;openssl&quot;, &quot;libssl3&quot;]<br /> openssl_impacted_service:<br /> - nginx<br /> - httpd<br /> - postgresql<br /> - php5-fpm<br /> - openvpn<br /> - postfix<br /> - monit<br /> - zabbix-server<br /> - unbound<br /> tasks:<br /> - name: ensure openssl is the last version<br /> yum: name={{item}} state=latest<br /> register: openssl_updated<br /> with_items: openssl_packages<br /> when: ansible_os_family == &quot;RedHat&quot;<br /> <br /> - name: check if service need to be restarted<br /> shell: &quot;lsof -n | grep 'DEL.*libssl3.so'&quot;<br /> register: result_check<br /> failed_when: result_check.stdout.find('unrecognized') != -1 and result_check.rc != 0<br /> changed_when: result_check.stdout.find('unrecognized') == -1 or result_check.rc == 0<br /> always_run: yes<br /> <br /> - name: test running services<br /> command: &quot;service {{item}} status | grep -i running&quot;<br /> register: services_status<br /> with_items: openssl_impacted_service<br /> when: result_check.rc == 0 or openssl_updated.changed<br /> ignore_errors: true<br /> always_run: yes<br /> <br /> - name: restart running service<br /> service: name={{item.item}} state=restarted<br /> with_items: services_status.results<br /> when: (result_check.rc == 0 or openssl_updated.changed ) and item.rc == 0<br /> <br /> - name: ensure no more service need to be restarted<br /> shell: &quot;lsof -n | grep 'DEL.*libssl3.so'&quot;<br /> register: result<br /> failed_when: result.rc == 0<br /> changed_when: result.rc != 1<br /> always_run: yes<br /> <br /> &lt;/pre&gt;</div> Pwnwiki