Closed jason-callaway closed 6 years ago
After applying the Shell Shock vulnerability with the cyber-range-target role, elem assess host misses the open CVE.
elem assess host
[root@cr-target-1 ~]# cat site.yml --- - hosts: localhost connection: local become: true roles: - cyber-range-target vars: cves_to_test: - CVE-2014-6271 [root@cr-target-1 ~]# ansible-playbook site.yml [WARNING]: Could not match supplied host pattern, ignoring: all [WARNING]: provided hosts list is empty, only localhost is available PLAY [localhost] **************************************************************************************** TASK [Gathering Facts] ********************************************************************************** ok: [localhost] TASK [cyber-range-target : Cyber Test Range Target | Install Yum Security Plugin] *********************** skipping: [localhost] TASK [cyber-range-target : Cyber Test Range Target | Ensure Custom Facts Directory Exists] ************** ok: [localhost] TASK [cyber-range-target : Cyber Test Range Target | Install Custom Fact Module for CVE's] ************** ok: [localhost] TASK [cyber-range-target : Cyber Test Range Target | Install Custom Fact Module for CPE] **************** ok: [localhost] TASK [cyber-range-target : Cyber Test Range Target | Install Custom Fact Module for Available Packages] *** ok: [localhost] TASK [cyber-range-target : Cyber Test Range Target | Obtain CVE Information] **************************** ok: [localhost] => (item=CVE-2014-6271) TASK [cyber-range-target : Cyber Test Range Target | Build Package Information] ************************* ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:5) ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:6) ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:7) ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_els:4) ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_eus:5.9) ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_eus:6.4) ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_mission_critical:5.6) ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_mission_critical:6.2) ok: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhel_sjis:5) ok: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhel_sjis:6) ok: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhev_manager:3) TASK [cyber-range-target : Cyber Test Range Target | Set SELinux State] ********************************* ok: [localhost] TASK [cyber-range-target : Cyber Test Range Target | Install Git and Python Virtualenv] ***************** ok: [localhost] TASK [cyber-range-target : Cyber Test Range Target | Install Appropriate Packages Not Kernel] *********** skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:5) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:6) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:7) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_els:4) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_eus:5.9) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_eus:6.4) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_mission_critical:5.6) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_mission_critical:6.2) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhel_sjis:5) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhel_sjis:6) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhev_manager:3) TASK [cyber-range-target : Cyber Test Range Target | Install Different Kernel Version if Necessary] ***** skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:5) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:6) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:7) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_els:4) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_eus:5.9) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_eus:6.4) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_mission_critical:5.6) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_mission_critical:6.2) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhel_sjis:5) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhel_sjis:6) skipping: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhev_manager:3) TASK [cyber-range-target : Cyber Test Range Target | Set Fact for Changed Kernel] *********************** ok: [localhost] TASK [cyber-range-target : Cyber Test Range Target | Add Script to Remove Unecessary Kernels] *********** skipping: [localhost] TASK [cyber-range-target : Cyber Test Range Target | Add One Time Service to Remove Kernels - EL 7] ***** skipping: [localhost] TASK [cyber-range-target : Cyber Test Range Target | Enable One Time Service to Remove Kernels - EL 7] *** skipping: [localhost] TASK [cyber-range-target : Cyber Test Range Target | Restart Host to Effect Kernel Change] ************** skipping: [localhost] PLAY RECAP ********************************************************************************************** localhost : ok=10 changed=0 unreachable=0 failed=0 [root@cr-target-1 ~]# x='() { :;}; echo VULNERABLE' bash -c : VULNERABLE [root@cr-target-1 ~]# yum updateinfo list cves Loaded plugins: product-id, search-disabled-repos, subscription-manager CVE-2014-6271 Critical/Sec. bash-4.2.45-5.el7_0.2.x86_64 CVE-2014-7169 Important/Sec. bash-4.2.45-5.el7_0.4.x86_64 CVE-2014-7186 Important/Sec. bash-4.2.45-5.el7_0.4.x86_64 CVE-2014-7187 Important/Sec. bash-4.2.45-5.el7_0.4.x86_64 CVE-2016-0634 Moderate/Sec. bash-4.2.46-28.el7.x86_64 CVE-2016-7543 Moderate/Sec. bash-4.2.46-28.el7.x86_64 CVE-2016-9401 Moderate/Sec. bash-4.2.46-28.el7.x86_64 updateinfo list done [root@cr-target-1 ~]# elem host assess --curation ./curation INFO - 2018-02-01 09:32:44,963 - [root@cr-target-1 ~]#
Operator error, didn't realize that I have to manually clone elem-curation
After applying the Shell Shock vulnerability with the cyber-range-target role,
elem assess host
misses the open CVE.