Last Updated: February 25, 2016
·
1.669K
· sairez

Fix heartbleed - Update debian openssl version with ansible

#openssl
#debian
#ansible
#heartbleed

This playbook can be used to update Debian Wheezy to the latest openssl version that has patched the heartbleed vulnerability.

As is, this should work with ansible 1.5.x. The tasks that are commented out assume ansible 1.6 for the usage of the debconf module.

ansible-playbook -i inventory openssl.yml -k -K

openssl.yml:

---

- hosts: all
  user: ansible_user
  sudo: yes
  sudo_user: root
  tasks:
    - name: OpenSSL | Get current version
      shell: 'dpkg-query -W openssl'
      register: openssl_version

    - name: OpenSSL | Get current version
      shell: 'dpkg-query -W libssl1.0.0'
      register: libssl_version

    - name: OpenSSL | Confirm new version
      debug: msg="OpenSSL version installed is {{openssl_version.stdout}}, libssl version installed is {{libssl_version.stdout}}"

    - name: OpenSSL | Apt | Install debconf-utils
      apt: pkg='debconf-utils' state='latest'

    - name: OpenSSL | Apt | Prevent restart services dialog
    # debconf: name='libssl1.0.0' question='libssl1.0.0/restart-services' vtype='string' value='ntp'
      shell: 'debconf-set-selections <<< "libssl1.0.0 libssl1.0.0/restart-services string ntp"'

    - name: OpenSSL | Apt | Prevent restart services dialog
    # debconf: name='libssl1.0.0:amd64' question='libssl1.0.0/restart-services' vtype='string' value='ntp'
      shell: 'debconf-set-selections <<< "libssl1.0.0:amd64 libssl1.0.0/restart-services string ntp"'

    - name: OpenSSL | Apt | Upgrade Openssl
      apt: pkg='{{item}}' state='latest' update_cache='yes' install_recommends='yes' force='yes'
      with_items:
        - 'openssl'
        - 'libssl1.0.0'

    - name: OpenSSL | Get new version
      shell: 'dpkg-query -W openssl'
      register: openssl_version

    - name: OpenSSL | Get new version
      shell: 'dpkg-query -W libssl1.0.0'
      register: libssl_version

    - name: OpenSSL | Confirm new version
      debug: msg="OpenSSL version installed is {{openssl_version.stdout}}, libssl version installed is {{libssl_version.stdout}}"
#openssl
#debian
#ansible
#heartbleed

Written by Sarah Zelechoski

Say Thanks
Respond

Related protips

Fix SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

81.8K
6

Checking an SSL certificate for SHA-2 hash algorithm

35.75K
1

Checking if a CSR is signed with SHA-2 hash algorithm

22.34K
1

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Openssl Authors
joshteng
81.79K
#openssl
#JavaScript
#Ruby
weppos
58.08K
#openssl
#Ruby on Rails
#Ruby
aminz
19.07K
#openssl
#mutt
#gnu screen
dfang
9.959K
#openssl
#aws
#devops
purcell
8.252K
#openssl
#Emacs Lisp
#Ruby
Related Tags
#openssl
#debian
#ansible
#heartbleed
Sponsored by
#native_company#
#native_desc#
#native_cta#
Filed Under
Tools
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#