-
Notifications
You must be signed in to change notification settings - Fork 0
/
vstack.yml
35 lines (30 loc) · 1.11 KB
/
vstack.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
---
# https://www.ansible.com/blog/using-ansible-to-mitigate-network-vulnerabilities
- name: CVE example for Cisco router
hosts: cisco
gather_facts: false
tasks:
- name: see if vstack config is available
block:
- name: run show vstack config
ios_command:
commands:
- show vstack config
register: showvstack
- name: Check to make sure Cisco's Smart Install Client Feature is not enabled (1/2)
assert:
that:
- "'SmartInstall enabled' not in showvstack.stdout"
- "'Role' not in showvstack.stdout"
- "'Client' not in showvstack.stdout"
rescue:
- name: print out showvstack variable
debug:
var: showvstack
- name: verify to console that vstack config is not available as a feature
assert:
that:
- "'Invalid input detected' in showvstack.msg"
- name: playbook has completed successfully - no vulnerability found
debug:
msg: "CVE-2018-0171 is not present on device {{ inventory_hostname }}"