There isn't yet a patch for CVE-2024-6387 a.k.a. "regreSSHion" in RHEL9 but Red Hat suggests a mitigation by setting LoginGraceTime to 0 in sshd_config (source: https://access.redhat.com/security/cve/cve-2024-6387)
I wrote a small Ansible playbook to do this on multiple systems in an automated way.
If someone has the same task, feel free to draw inspiration from here:
https://gist.github.com/chofstede/67641b45f7b2379bab5832b70c0b8351
It's tested and idempotent (can run multiple times with the same result) but no warranties. Use at your own risk.
#linux #regresshion #cve20246387 #ansible #rhel #redhat #mitigation #sysadmin #openssh #security
Larvitz :fedora: :redhat: /
npub1fj…jaq90
2024-07-02 18:24:12
Author Public Key
npub1fj6u59lnses9xu6xa6ewugrfg2e639lg32r24383525xq3deyuaspjaq90Published at
2024-07-02 18:24:12Event JSON
{
"id": "6c87e999cc0bfd59612815bc2f461a2c7db683d086aa7254af38e6c46617fec6",
"pubkey": "4cb5ca17f38660537346eeb2ee206942b3a897e88a86aac4f1a2a86045b9273b",
"created_at": 1719944652,
"kind": 1,
"tags": [
[
"t",
"ansible"
],
[
"t",
"rhel"
],
[
"t",
"mitigation"
],
[
"t",
"redhat"
],
[
"t",
"linux"
],
[
"t",
"cve20246387"
],
[
"proxy",
"https://burningboard.net/@Larvitz/112718292746264183",
"web"
],
[
"t",
"sysadmin"
],
[
"t",
"regresshion"
],
[
"t",
"openssh"
],
[
"t",
"security"
],
[
"proxy",
"https://burningboard.net/users/Larvitz/statuses/112718292746264183",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://burningboard.net/users/Larvitz/statuses/112718292746264183",
"pink.momostr"
],
[
"expiration",
"1722536664"
]
],
"content": "There isn't yet a patch for CVE-2024-6387 a.k.a. \"regreSSHion\" in RHEL9 but Red Hat suggests a mitigation by setting LoginGraceTime to 0 in sshd_config (source: https://access.redhat.com/security/cve/cve-2024-6387)\n\nI wrote a small Ansible playbook to do this on multiple systems in an automated way.\n\nIf someone has the same task, feel free to draw inspiration from here:\n\nhttps://gist.github.com/chofstede/67641b45f7b2379bab5832b70c0b8351\n\nIt's tested and idempotent (can run multiple times with the same result) but no warranties. Use at your own risk.\n\n#linux #regresshion #cve20246387 #ansible #rhel #redhat #mitigation #sysadmin #openssh #security",
"sig": "d7de0ee37737be19f879a3b4b3d336ce153dc70c014bbbf049fa2e35f4efb2e8dd65f9a424910f3b7a4cc944171592dc1b9c6d75e5ca5a852f6498fa4dd0ff9c"
}